+ Post New Thread
Results 1 to 11 of 11
Web Development Thread, Error In If Statement in Coding and Web Development; I've written this if statement but cannot see what is wrong the error is PHP Parse error: syntax error, unexpected ...
  1. #1

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,784
    Thank Post
    272
    Thanked 1,129 Times in 1,025 Posts
    Rep Power
    348

    Error In If Statement

    I've written this if statement but cannot see what is wrong

    the error is
    PHP Parse error: syntax error, unexpected '}'

    PHP Code:
    if ($shirtquanity=='0') {$shirt "";} else {$shirt $shirtquanity." x Playing Shirt Size ".$shirtsize."<br />"
    Any ideas?

  2. #2

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Missing a ; before the last }

  3. Thanks to Hightower from:

    glennda (31st March 2011)

  4. #3

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by glennda View Post
    PHP Code:
    if ($shirtquanity=='0'
    1) You're comparing strings like numbers
    2) what if $shirtquanity (sic) is negative?
    Last edited by powdarrmonkey; 31st March 2011 at 09:57 AM.

  5. Thanks to powdarrmonkey from:

    glennda (31st March 2011)

  6. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,784
    Thank Post
    272
    Thanked 1,129 Times in 1,025 Posts
    Rep Power
    348
    The value is a number an always will be as it gets it from a dropdown menu on previous page (order quantity!)

    Is there another way i should be doing it?

    And @hightower - thanks i've been staring at code for to long and nobody here knows php and i'm no expert!

  7. #5

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Quote Originally Posted by glennda View Post
    Is there another way i should be doing it?
    Yeah, you should perhaps remove the single quotes from the number so

    PHP Code:
    if ($shirtquanity=='0'
    becomes

    PHP Code:
    if ($shirtquanity==0
    That way you are telling PHP to expect a number instead of a string and thus it can better handle it.

    Also, I don't like single line if statements like

    PHP Code:
    if (== y) { //do this } else { //do this } 
    I prefer


    PHP Code:
    if (== y)
    {
        
    //do this
    }
    else
    {
        
    //do this

    Nothing wrong with your way, just personal preference. I find in my second example it's easier to read and find errors in the code, plus if you get paid per line.....
    Last edited by Hightower; 31st March 2011 at 11:01 AM.

  8. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,784
    Thank Post
    272
    Thanked 1,129 Times in 1,025 Posts
    Rep Power
    348
    ah ok i will do that!

  9. #7

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by glennda View Post
    The value is a number an always will be as it gets it from a dropdown menu on previous page (order quantity!)
    I have a funny sense of deja vu...

    String comparison (wrong):
    PHP Code:
    if ($shirtquanity=='0'
    Numerical comparision (improvement):
    PHP Code:
    if ($shirtquanity==0
    Numerical comparison, without trusting the user input (good):
    PHP Code:
    define('MAX_ORDER_QUANTITY'50);
    if ( 
    is_numeric($shirtquanity) && $shirtquanity && $shirtquanity MAX_ORDER_QUANTITY)
    {
       
    // fulfill order
    } else {
       
    // tell the user

    Never, ever ever ever trust user input. Just because you've supplied a dropdown in the user agent, that doesn't me injecting values you weren't expecting (like a negative number, or worse a SQL injection attack). Your form is only a hint to the user agent.

  10. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,784
    Thank Post
    272
    Thanked 1,129 Times in 1,025 Posts
    Rep Power
    348
    Quote Originally Posted by powdarrmonkey View Post
    Never, ever ever ever trust user input. Just because you've supplied a dropdown in the user agent, that doesn't me injecting values you weren't expecting (like a negative number, or worse a SQL injection attack). Your form is only a hint to the user agent.
    I've used
    PHP Code:
    $shirtquantity =  mysql_real_escape_string($_POST['quantityshirt'
    So shouldn't that stop that?

  11. #9

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by glennda View Post
    I've used
    PHP Code:
    $shirtquantity =  mysql_real_escape_string($_POST['quantityshirt'
    So shouldn't that stop that?
    If you were handling a string, yes (the clue is in the name). If you're handling a number, which you are, the value checking I already posted is sufficient. Otherwise, mysql_real_escape_string() casts its return value to a string and you have the same comparison problem.

  12. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by glennda View Post
    PHP Code:
    $shirt $shirtquanity." x Playing Shirt Size ".$shirtsize."<br />" 
    Hum... re-reading this bit, mysql_real_escape_string() also doesn't protect you from the cross-site scripting attack that this line contains.

  13. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,784
    Thank Post
    272
    Thanked 1,129 Times in 1,025 Posts
    Rep Power
    348
    I'll take a look cheers

    Toby

SHARE:
+ Post New Thread

Similar Threads

  1. Route Statement
    By LeonieCol in forum Wireless Networks
    Replies: 4
    Last Post: 20th September 2010, 12:00 PM
  2. CV personal statement section
    By ITWombat in forum Educational IT Jobs
    Replies: 16
    Last Post: 17th June 2008, 06:35 AM
  3. Best Mission Statement Words
    By blackcat in forum General Chat
    Replies: 10
    Last Post: 22nd December 2007, 10:30 AM
  4. Vision Statement
    By paulpmp4 in forum Virtual Learning Platforms
    Replies: 5
    Last Post: 29th October 2007, 10:50 AM
  5. Excel IF statement maybe VB
    By danIT in forum General Chat
    Replies: 1
    Last Post: 5th January 2007, 12:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •