Anything wrong with this if statement?

1

I’m trying to make a password update script. The SQL works fine, but the validation to make sure that the fields are not left empty and that they both match. Doesn’t seem to work. It just seems to run the first part of the if statement (Password Changed!) bit etc…

Any ideas?



if(isset($_POST['pass_submit']))
					
					{
					
					if(($pass !== "") || ($con_pass !== "") || ($pass == $con_pass))
						
						{	
							$sql = "UPDATE users SET password = PASSWORD('$pass') WHERE id = '$u_id'";
							$result = mysql_query($sql) or die(mysql_error());
							
							$msg = '<p align="center">Password Changed!</p>';
							$_SESSION['msg'] = $msg;
							header("Location: #pref");
								
						}else{
							
							$msg = '<p align="center">Sorry an error occured. Make sure your password entries match up and the fields are not left blank. </p>';
							$_SESSION['msg'] = $msg;
							header("Location: #pref");
							exit;
						
						}
						
					}

Cheers

2 

if(($pass != "") && ($con_pass != "") || ($pass == $con_pass))
3

ooooohhhh :open_mouth: OMG OMG OMG! What simp said is ambiguous. He correct, but the if statement conditions are ambiguous.

You’d want to do


if ( ( ($pass != "") && ($con_pass != "" ) ) || ($pass == $con_pass) )

I don’t know how to explain this very well, but you don’t want to have && and || on the same level.
Like, if ( condition1 && condition2 || condition3 )
It’s confusing, because it may do something different from what you expect it to do. Do you think it’ll do condition1 && condition2 first, and then take that result and do || with condition3 or something else?

(I know there’s operator precedence, but putting ( ) is better). :slight_smile:

4

thanks guys, but neither of them work :’(

5

What part doesn’t work (and you want to make it work)?

6

yes I do want to make it work lol, as in function, operate and perform correctly. It just seems to be doing the same as it did before. it changes the password regardless if the fields are blank and do not match up.

Where as I need it to check first if the correct parameters are in place i.e. both fields match and are not left blank.

any suggestions?

Thank you.

7

Where as I need it to check first if the correct parameters are in place i.e. both fields match and are not left blank.

That would be:

if($pass != "" && $pass == $con_pass)

You don’t need to check if both fields are not blank as long as you are checking that they both match. For example, if $pass is not blank and $pass matches $con_pass, there’s no way that $con_pass would be blank.

I wanted to ask, though, in the snippet of code you provided, it doesn’t look like you are assigning the values to $pass and $con_pass. PHP used to automatically create variables based on the post or get values, but newer versions have disabled that security risk. I like to use extract($_POST); This creates variables from all of the key names in the $_POST superglobal. For example if you have $_POST[‘pass’], extract($_POST); gives you $pass. The same goes for any other $_POST values you have submitted.