1

I'm working in PHP and JSON at API for my mobile application. I tried to write a registration module, but a part of my conditional statements don't work as expected.

If statement 1 :

if(!isset($_GET['username']) || !isset($_GET['password']) || !isset($_GET['imei']) || !isset($_GET['imie']) || !isset($_GET['nazwisko']) || !isset($_GET['email']) || !isset($_GET['zgoda']) || !isset($_GET['telefon']) || !isset($_GET['zgoda2']) || !isset($_GET['kraj']));
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  break;
 }

It should give an error, when there is an argument missing, but it is giving an error always.

My query :

username=konrad12&password=xxx&imei=000000000000000&nazwisko=Potter&imie=Ronald&[email protected]&zgoda=1&telefon=000&zgoda2=1&kraj=Poland

If statement 2 :

 if(strlen($c) != 15 || !validEmail($f) || strlen($g) != 1 || strlen($i) != 1 || wez_id_kraju($j) == 0)
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  break;
 }

It should give an error, when var values are incorrect, but it is giving an error always.

My variables :

 $z = mysql_real_escape_string($_GET['username']);
 $b = mysql_real_escape_string($_GET['password']);
 $c = mysql_real_escape_string($_GET['imei']);
 $d = mysql_real_escape_string($_GET['nazwisko']);
 $e = mysql_real_escape_string($_GET['imie']);
 $f = mysql_real_escape_string($_GET['email']);
 $g = mysql_real_escape_string($_GET['zgoda']);
 $h = mysql_real_escape_string($_GET['telefon']);
 $i = mysql_real_escape_string($_GET['zgoda2']);
 $j = mysql_real_escape_string($_GET['kraj']);

If statement 3 :

 if($g != 0 or 1 || $i != 0 or 1)
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  break;
 }

It should give an error, when value of $g or $i isn't 1 or 0, but it is giving an error always.

Please help me, I tried a lot of things, but I can't find a solution

@Edit :

My valid email function :

    function validEmail($email)
    {
       $isValid = true;
       $atIndex = strrpos($email, "@");
       if (is_bool($atIndex) && !$atIndex)
       {
          $isValid = false;
       }
       else
       {
          $domain = substr($email, $atIndex+1);
          $local = substr($email, 0, $atIndex);
          $localLen = strlen($local);
          $domainLen = strlen($domain);
          if ($localLen < 1 || $localLen > 64)
          {
             // local part length exceeded
             $isValid = false;
          }
          else if ($domainLen < 1 || $domainLen > 255)
          {
             // domain part length exceeded
             $isValid = false;
          }
          else if ($local[0] == '.' || $local[$localLen-1] == '.')
          {
             // local part starts or ends with '.'
             $isValid = false;
          }
          else if (preg_match('/\\.\\./', $local))
          {
             // local part has two consecutive dots
             $isValid = false;
          }
          else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
          {
             // character not valid in domain part
             $isValid = false;
          }
          else if (preg_match('/\\.\\./', $domain))
          {
             // domain part has two consecutive dots
             $isValid = false;
          }
          else if
    (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                     str_replace("\\\\","",$local)))
          {
             // character not valid in local part unless 
             // local part is quoted
             if (!preg_match('/^"(\\\\"|[^"])+"$/',
                 str_replace("\\\\","",$local)))
             {
                $isValid = false;
             }
          }
          if ($isValid && !(checkdnsrr($domain,"MX") || 
     ↪checkdnsrr($domain,"A")))
          {
             // domain not found in DNS
             $isValid = false;
          }
// I add that text ...
      mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
      mysql_select_db(DB_BASE);
      $q = "SELECT * FROM `system_domeny`";
      $a = mysql_query($q);
      while($wynik = mysql_fetch_array($a))
      {
       if($domena == $wynik[1]) $isValid = false;
      }
// ...
       }
       return $isValid;
    }
Improve this question
7
  • 1
    break inside ifs? are those blocks inside any loop/switch? Commented Jul 19, 2013 at 11:55
  • Why not make your first statement more informative by splitting them up and making the error message announce which value it claims isn't set? 'Invalid query' isn't too helpful, I'd far rather have 'No username detected!' etc... Commented Jul 19, 2013 at 11:57
  • The last condition seems to me like if ($g != 0 or true || $i != 0 or true) which is unconditionally true Commented Jul 19, 2013 at 11:57
  • you use isset($_GET['imei']) but send parameter imie=Ronald; spelling error? Commented Jul 19, 2013 at 11:58
  • To make that first query a bit more readable, just create an array of values to check for inside of $_GET and use !in_array() instead of repeating !isset() Commented Jul 19, 2013 at 12:00

4 Answers 4

Reset to default
3

remove the semicolon after the last bracket of the if.

first statement ends

 || !isset($_GET['kraj']));

I think the second statement looks ok, is it an issue with the email validation function or the other function in the last check.

the last statement should be something like

if(($g != 0 && $g != 1) || ($i != 0 && $i != 1))
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Try removing !validEmail($f) then wez_id_kraju($j) in turn to see if either of them is the issue
3

first change first if to:

 $gets = array('username', 'password', 'imei', 'imie', 'nazwisko', 'email', 'zgoda','telefon','zgoda2','kraj');

 $er = 0;
 foreach($gets as $get){
  if(!isset($_GET[$get])){
   $er++;
   $error[] = $get;
  }
 }

 if($er > 0){
  $returning = array('error' => 'Invalid query, please fill these parameters: ['.implode(", ", $error).']');
  echo json_encode($returning);
  //break is not like exit, there is no function of break inside if!
  exit;
 }

if three, as answered by others also, change it to:

 if( ($g != 0 && $g != 1) || ($i != 0 && $i != 1))
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  exit;
 }
Improve this answer

Comments

2

This statement

if($g != 0 or 1 || $i != 0 or 1)

is definitely not when value of $g or $i isn't 1 or 0. There are various solutions, this is what you could do just using logical operators (split out over several lines and decorated with a generous helping of parentheses for readability):

if ( 
     ( ( $g != 0) && ( $g != 1) ) 
     || 
     ( ( $i != 0) && ( $i != 1) ) 
   )

Also note that or and || have different precedence which can lead to quite puzzling situations. For simplicity sake it's better to stick to || (and &&). Read this SO question for more info about the difference between || and or

Improve this answer

Comments

1

make your json array like this:

 $returning=array();
$str = array('error' => 'Invalid query'); 
array_push($returning,$str); 
echo "{\"response\":".json_encode($returning)."}";

and remove terminator(;) after while condition from first statement, and try this for third statement:

if($g != 0 ||$g != 1 || $i != 0 ||$i != 1)
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  break;
 }
Improve this answer

1 Comment

Your third statement is not correct, it will always return true as neither $g nor $i can be 0 or 1 at the same time.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.