How is this happening?

influx

I have the following code in profile_add.php.

$code=$_GET['c'];

//check and see if propagated code is between 1-7 to prevent anything fishy
if($code && ($code!=1 || $code!=2 || $code!=3 || $code!=4 || $code!=5 || $code!=6 || $code!=7))
{
   die('Invalid code. Please contact us if this problem persists.');
}

When I access this page as "profile_add.php?c=7" it is constantly executing the die() function!

How come?

toplay

It's because you're using 'OR' (||) instead of 'AND' (&&). But it can be shortened to this:

$code = isSet($_GET['c']) ? intval($_GET['c']) : 0;

if ($code < 1 || $code > 7)
    die('Invalid code. Please contact us if this problem persists.');

// Good - It's between 1 and 7!

🙂

influx

Could you explain the code at the top that you inserted:

$code = isSet($_GET['c']) ? intval($_GET['c']) : 0;

What's it for and what does it do differently than what I had?

toplay

The statement uses the ternary comparison operator.

Never assume that an index value exists in an array. This goes for $GET, $POST, $_COOKIE, etc. too! So, I used the isSet() function to check if the index exists. This also prevents PHP notices of "undefined index".

All values passed from a form or in the URL to PHP are strings (even if they contain numbers or look numeric). I used intval() to convert the contents into an integer. If the 'c' index doesn't exist, then I assigned a default value of zero (0). I assigned it zero so it would fail the 'if' statement test. This could be anything you want. If you want it to default to one so it passes the 'if' statement, then change it.

if someone was to enter a 'c' value like this:

profile_add.php?c=7something

or this

profile_add.php?c=bad4

intval() would return a numeric 7 for the first and it would ignore 'something', and for the second example it would return zero (0) since the value starts with letters ('bad').

hth.