#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    47
    Rep Power
    3

    IF Statement PHP form


    I have a webform with a hidden field, and if a bot fills in the field the script quits running. To add to the security of the form, I would like to add a second layer of protection, requiring one of the drop down items to be selected, otherwise stop the script.

    (lastname is not a valid field in my form)

    PHP Code:

    if ( $lastname != ""){echo("SPAM BOT DETECED ON LINE LASTNAME"); exit;} 
    if ( 
    $subject != "Pink"||"Blue"||"Yellow") {echo("SPAM BOT DETECED ON LINE SUBJECT"); exit;} 
    So for the subject field I am trying to say "If the Subject is not Pink, Blue or Yellow stop the script"?

    Subject is a drop down with only these options. if a bot fills anything else in this field, it exits.
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,053
    Rep Power
    9398
    PHP Code:
    $subject != "Pink"||"Blue"||"Yellow" 
    That does not say what you want it to say. It actually says "if the $subject is not Pink OR if Blue OR if Yellow". Since PHP can only deal with conditions when they're boolean, it turns "Blue" and "Yellow" (strings) into booleans. Specifically the value true because the strings are not empty.

    So you've written
    PHP Code:
    $subject != "Pink" || true || true 
    If you want to check "if the $subject is not Pink OR if the subject is not Blue OR if the subject is not Yellow" then you have to say exactly that.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    47
    Rep Power
    3
    So I should use...


    PHP Code:

    if ( 
    $subject != "Pink" || 
    $subject != "Blue" || 
    $subject != "Yellow"
    {echo(
    "SPAM BOT DETECED ON LINE SUBJECT"); 
    exit;} 

    I've tried this way, and it still didn't work?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    47
    Rep Power
    3
    I also tried...

    PHP Code:
    if 

    $subject != "Pink" OR 
    $subject != "Blue" OR 
    $subject != "Yellow"

    {echo(
    "SPAM BOT DETECED ON LINE SUBJECT"); 
    exit;} 
    Still not working.
  8. #5
  9. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,053
    Rep Power
    9398
    Ah, something I didn't realize when I said it. Focused on those ||s too much.

    Read the following very carefully.
    the $subject is not Pink OR if the subject is not Blue OR if the subject is not Yellow
    If the $subject is Blue then is that statement true? Yes, it is. Because the $subject is not Pink.

    It should actually say
    the $subject is not Pink AND if the subject is not Blue AND if the subject is not Yellow

    Comments on this post

    • Smurff289 agrees
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    47
    Rep Power
    3
    It works! Thank you!

    PHP Code:
    if 

    $subject != "Pink" &&
    $subject != "Blue" && 
    $subject != "Yellow"

    {echo(
    "SPAM BOT DETECED ON LINE SUBJECT"); 
    exit;} 
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    I'd rather use an array in this case, it's shorter, more flexible and somewhat more readable:

    PHP Code:
    $valid_subjects = ['Pink''Blue''Yellow'];        // if you don't have PHP 5.4 yet, use the old array(...) syntax
    if (!in_array($subject$valid_subjects)) {
        
    #...

    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo