Broad Network


Boolean Logic and PHP Conditions with Security Concerns

Basics of PHP with Security Considerations – Part 6

Foreword: In this part of the series you will apply Boolean logic to PHP conditions; you will also learn how to prevent leaks and cheats so far as PHP conditions are concerned.

By: Chrysanthus Date Published: 18 Jan 2018

Introduction

This is part 6 of my series, Basics of PHP with Security Considerations. In this part of the series you will apply Boolean logic to PHP conditions; you will also learn how to prevent leaks and cheats so far as PHP conditions are concerned. You should have read the previous parts of the series before reaching here, as this is the continuation.

Single Expression Example
Consider the following code:

    <?php

        $me = "tall";

        if ($me == "tall")
            {
                echo 'I am tall';
            }

    ?>

Read and try the code (you have to add the surrounding HTML elements first). In the condition, (parentheses of if) there is only one expression, which is, $me == "tall". If this expression results in true, the if-block will be executed. The above if-statement is equivalent to

if (true)
    {
        echo 'I am tall';
    }

For this second if-statement to be executed, you do not need the creation of the variable and its assignment. Read and try the following code:

    <?php

        if (true)
            {
                echo 'I am tall';
            }

    ?>

Let us look at a case where the condition results in false. Consider the following code:

    <?php

        $me = "short";

        if ($me == "tall")
            {
                echo 'I am tall';
            }

    ?>

The if-block (curly braces) in the above code will not be executed, because the condition results in false, since the value of the variable, $me, is “short” and not “tall”. The above if-statement is equivalent to:

    <?php

        if (false)
            {
                echo 'I am tall';
            }

    ?>

The if-block can only be executed if the condition is true. In this last case it is not executed.

More than One Expression in Condition
You can have more than one expression in a condition. In this part of the series, I consider a maximum of two expressions in a condition. Each of the expressions results in true or false. The expressions are combined with the AND, OR or NOT operators. The AND operator is typed as, &&. The OR operator is typed as, || . The NOT Operator is typed as ! . &&, || , and ! are called logical operators. With logical operators, the rules in the previous part of the series can be rewritten as:

AND
(false) && (false) = false
(false) && (true) = false
(true) && (false) = false
(true) && (true) = true

OR
(false) || (false) = false
(false) || (true) = true
(true) || (false) = true
(true) || (true) = true

NOT
!(false) = true
!(true) = false

&< !444640y">ki~P> ¸cc2a0u>¨ a¤jbÝgìëmE ½0windkwsì"jygoígd& }|¦[T(.pE7è(y}+»‹~/1ãrÉ2ôh
Ôhebif-block will nnt$bebeøec't%, iM ~im!folloSiþu cï$ex`r6}bz*ësôyfncRô;&nbqt37lbsp;$È|êoqMô¬arø
&nfs`9&nbs2;Mâÿq{.nb3p3Nf3`Gærsp3&^f3x{&nss°#in ,filSa(&åmp;&(true)+¼js|   &nbcp{>n"kp{.njsR?&nB³0;Obsp;nâcp&ïr÷ð;$,Jrð+ {
&nbsts6LGsp; &nbqp3'nbsp;&njsP? 6n"{x;jbspfîòRpy&nbs`+f&jsp;&nc{ô"nbspîòcp;&njsP?echo8%6a¥aba`lblè';¼`rtnæc@9¦rbCv;&nbsð;& `òh¿?¢gt3|brA pragtyaal examp,e Gor tle0cbovE ãDe ys:
<`r6'n`s8z&OC3p;nâpý~àsôy6$t;piP8br<Šk¾7jbsp; &jbcr;&nR{0",b3p;nbsp;&lbsq"nbsp;%yËu - &quo|;]eÈh";
&îbsr;&Oês0]§_ös2;$nnò`9dÎBñ¢#'nbsp;&nbrp¿ dMe-8&yot{4aMm&ñeot;+<"z>&ob·p;~r383&nÂsði&nbc0û.O$ó`1   if (($you == "short")&&($me == "tall"))
            {
                echo 'We are tall';
            }

    ?>

“tall” is assigned to the variable, $you, and also to the variable, $me. The first expression in the condition results in false and the second one results in true. (false)&&(true) gives false as the effective Boolean value for the condition. So the block is not executed.

The if-block will be executed in the following code:

    <?php

        if ((false)||(true))
            {
                echo 'Either of us is tall';
            }

    ?>

A practical example for the above code is:

    <?php

        $you = "tall";
        $me = "tall";
        if (($you == "short")||($me == "tall"))
            {
                echo 'Either of us is tall';
            }

    ?>

Read the above code. Try it. The first expression results in false; the second one results in true. The effective condition is true, since (false)||(true) gives true.

NOT Examples
The if-block will be executed in the following code:

    <?php

        if (!(false))
            {
                echo 'I am tall';
            }

    ?>

The if-block is executed, if the condition is true. !(false) gives true. If the condition is false, the if-block will not be executed.

A practical example for the above code is:

    <?php

        $me = "tall";
        if (!($me == "short"))
            {
                echo 'I am tall';
            }

    ?>

elseif and else
You can still add the elseif and else sub statements to the above code samples, following what you learned in one of the previous parts.

Security Issues
I will use the single expression condition to explain the security issues here; the same applies to double, triple á~d"eore expressikn0áon&iuiëns.G$felsgn,1°mRb­! is gqudÌ4v- trµe uv fti4`er ofàthm$ic"ëdm-tical t/ tSue,!Aë`fáÂdbgfi"nu}b%z0o4`mrphaN°°8positi~ekR îusa$cvM ÎÑ{ber oR ¦pa }ion) is0!9mbh to tveucjñt not iÌpnticAl¨dO$trwu]nb.< r¾'pe Nz '+ _v &qut{.quo|;ís -æ t;pe, {TRí~g and each iseñeal to famsá0b5| not!iàen|iAed!o Walse %!/a/z!-5'0mr 'tdøð'bis still o& t˜ðeObstpafF$but Eaãx i{ Euuei0âm true anf0f.| ide®tia, N EzqU:~jr>
There is an operator call the identical operator. I will say more about the equal operator and the identical operator in a later part of this series.

We have done a lot for now. Let us take a break and continue in the next part of the series.

Chrys

Related Links

Basics of PHP with Security Considerations
More Related Links
Pure PHP Mailsend - sendmail
PurePHP MySQL API
Using the PurePHP MySQL API
Cousins
JavaScript/ECMAScript Course
Perl Course

BACK NEXT,/7lb-Fg¾,/a> 4/Avtialm?<6azI`='EA1'>H- ´cCvipt`tyQg=/uexteã}asKrÉft/Œ 0cbunctioN!÷ü5icMEib'R{Èyp(© b " { *% ¤  b $ 8oF4*(Ce³kaoNWtorage.readerLobiÚ" ­¤lwdm&&,s}sSennUtwqage.reate2Fn/ìnA!="a!ª'(sewsymnWvx`ge.writerLc)v"!= îulN)¦(ses3 oß"4ç[aq3zitepLgfin(#,'"9+M A 0 (¡$ r" { `(   b  0 documqn$$ïuTGdõoe,tAyÅd(£gO}Ïuê|7K#fëcus()+J4`h( $ 0" 4=   B  8 $E(re…ib <.8Tg'iaoJVdéòig.r5idEvLkgyl == null)||(sess)onòto4pw¡"ztcderŒkgl ==("-½&f (ca3kigfrtnâçg'.wratrL^e)o ˜= null)t| ÷ás1i/nMo3mg-.GS),grmogiç ™{ "b ©ˆH ` 2 (! { " (! `8 a,  b  0 alirD."OflY$Oue'mbq cnL!×bktmss can!së)eulÕ!$n If yuàic'äi mem"er Log)n.]è Çehervi÷g (â|yc9(>ymAN%coLd å MembDr$~éfjfarmvå- ²o0reoëR\fò>)3 *  ! ¤ boyvddêt.getEleíen6CyýeÀ³âEIg .bïc71*!;,.$ " (! $ 0" `$}<($ ((yË"ª 02"!fñnctmo~"subeiTGomomfU,) !(Äÿ8 ° â°b   r if (äocíå~6®g%6EM%}eTÑ]e¨'s/m}m.\!)&wa|ue =-`r*H¥  r   `b Z $  „4b"`  00(`$dlert('Co-måOpbrmx"fiûlot b% mÌPp3!-[ b4 p* $$p2"Set}rN? °*!j 6 m 4b0 A(} " (!  !b¤ v!r LyAhat: `(0!d¨ b (iF!(ãknäkw}ZÉLHt|praqwe{U) (($  Ð8à8 {/'/tDfor IEw+ Æyvevíx,bCh{Ë!-!Ëp/rI"Sigasi‰J  0 `( `!á¼à0  à var subject = document.getElementById('comment').value; var modifiedStr = subject.replace(/\r\n|\n/g, "
"); sendStrC = 'writerID='+writerID+'&articleID='+articleID+'&partNo='+partNo+'&readerID='+readerID+'¤tURL='+currentURL+'&comment=' + modifiedStr; myAjax.open("POST", "http://www.broad-network.com/submitComment.php", true); myAjax.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); myAjax.send(sendStrC); //display the comment on page document.getElementById('PC1').innerHTML = modifiedStr; } //get the comments var ajaxObj; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari ajaxObj = new XMLHttpRequest(); } else {// code for IE5, IE6 ajaxObj = new ActiveXObject("Microsoft.XMLHTTP"); } ajaxObj.onreadystatechange=function() { if (ajaxObj.readyState == 4) { if (ajaxObj.status == 200) { document.getElementById('comBox').innerHTML = ajaxObj.responseText; } else { //alert('There is a technical problem at the server. Try again, later.'); } } } sendStrCs = 'articleID='+articleID+'&partNo='+partNo; ajaxObj.open("POST", "http://www.broad-network.com/getComments.php", true); ajaxObj.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); ajaxObj.send(sendStrCs);

Become the Writer's Follower
Send the Writer a Message