0

I am havin trouble with this code:

if ($_GET['offline']) {$extranet = $_GET['offline'];} else {$extranet = $online;}
$sql = mysqli_query($db,"UPDATE tbl_system SET value = '$extranet' WHERE property = 'extranet'");
echo $_GET['offline'];
echo $extranet;
echo $online;

In the database, the value of the field where the property = extranet is 1. Results of echo:

$_GET['offline'] = 0 
$extranet        = 1
$online          = 1

Now, obviously, something's wrong here.

The URL to give this GET is: ?app=admincp&offline=0, so $_GET['offline'] is not the problem.

The problem must lie in the if statement, but I can't figure it out,

Any ideas?

Improve this question
3
  • Is there code that actually sets the value of extranet? I would rewrite this to be more clear. Make sure you initialize your variables properly, print them out in one nice string before any conditions and a similar string after all is done and update the post. Then we will be more able to help you. Jacob Commented Aug 17, 2009 at 21:44
  • If I am reading this right, offline is set to 0, extranet is set to the value of $online which starts at 1 Commented Aug 17, 2009 at 21:46
  • yep, I add that (sanitation) once i can guarantee that the raw code is working :) ty Koning baard, @ TJT, yep :) Commented Aug 17, 2009 at 21:54

5 Answers 5

Reset to default
2

$_GET['offline'] is 0, and 0 evaluates to false, so the statement goes right. if you want to check whether offline is passed as an argument you have to use isset()

if (!isset($_GET['offline'])) {$extranet = $_GET['offline'];} else {$extranet = $online;}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Yikes! In addition to karim's comment- sanitize your inputs! You're taking a URL parameter and putting it directly into an SQL query. A url of 

?app=admincp&offline=';DROP table tbl_system;--

Would ruin you!

Improve this answer

1 Comment

yep, I add that once i can guarantee that the raw code is working :)
2 
if ($_GET['offline'])

That will return false because the string "0" evaluates to false in PHP, so the if statement's condition can never evaluate to true. Use isset or array_key_exists instead. e.g.:

if (isset($_GET['offline'])) { ... }

or:

if (array_key_exists('offline',$_GET)) { ... }

In your case, you'll want to know whether or not the value is exactly the string zero "0". I would recommend using strcmp:

if (strcmp($_GET['offline'],"0") === 0) {
    $extranet = $_GET['offline'];
} else {
    $extranet = $online;
}
$sql = mysqli_query($db,"UPDATE tbl_system SET value = '$extranet' WHERE property = 'extranet'");
echo $_GET['offline'];
echo $extranet;
echo $online;
Improve this answer

Comments

1

$_GET['offline'] is zero in the URL you provide, so if($_GET['offline']) and everything in that block will never be hit. Use isset() instead.

Improve this answer

Comments

1 
if (strcmp($_GET['offline'],"0") === 0) {
    $extranet = $_GET['offline'];
} else {
    $extranet = $online;
}

This will throw an error in the case that $_GET['offline'] is not set, better to use !isset($_GET['offline'])

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.