Jump to content

Simple Problem Needs New Eyes


chibineku
 Share

Recommended Posts

I had an inefficient piece of code for resetting passwords based on a user entering either their username or their email address. The PHP script branched depending on the identifier used. I collapsed it into one which now works if the user enters their username but not if they enter their email address. Here is the salient code:

$identifier = isset($_POST["username"])?"username":"email";$ident = isset($_POST["username"])?trim(mysqli_real_escape_string($mysqli,(check_chars_username($_POST["username"])))):trim(mysqli_real_escape_string($mysqli, (check_chars_email($_POST["email"]))));	//create and issue the query	$sql = "SELECT * FROM aromaMaster WHERE $identifier = '$ident'";	$sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));		if(mysqli_num_rows($sql_res) == 0) {	  //wrong login info	  header("Location: password_reset_form.html/error=$ident");	  exit();	}	  $info = mysqli_fetch_array($sql_res);		$userid = $info["id"];		$username = stripslashes($info["username"]);		$email = stripslashes($info["email"]);

I have checked and doubled checked that the email form field is called email and it is. It's got me scratching my head. Particularly interesting is the header redirect. When I enter an email address and am redirected, the variable $ident appears empty.

Link to comment
Share on other sites

Hm, swapping isset() for !empty() did the trick!

Link to comment
Share on other sites

As long as the form field exists in the form that is sent, the equivalent superglobal index will be set. It could still be empty, though.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...