0

Possible Duplicate:
Compare multiple values in PHP

Will someone help me to find a better way of writing this, please. I feel as if there has to be something better than nested ifs. I have tried searching, but I don't know what I am looking for.

The code says that if the session variable "auth" is not exactly equal to 0, 1, 2, or 3 then redirect to the login page.

if($_SESSION['auth']!=0){
   if($_SESSION['auth']!=1){
      if($_SESSION['auth']!=2){
         if($_SESSION['auth']!=3){
            header("location:login.php");
         }
      }
   }
}

My initial thought was to do something like this.

if($_SESSION['auth']<=0 || $_SESSION['auth']>=3){
   header("location:login.php");
}

But that doesn't account for fractions of the integer value. Which I only want to allow integer values. My next thought was this.

if($_SESSION['auth']!=0 && $_SESSION['auth']!=1 && $_SESSION['auth']!=2 && $_SESSION['auth']!=3){
   header("location:login.php")
}

But this way is not much different than all the nested ifs. Let me know if I am just attempting to fix something that isn't broken. Thank you in advance. A link to the relevant topic (PHP manual preferably) is all I'm looking for, not the solution.

Community
  • 1
  • 1
Jeremy
  • 587
  • 1
  • 7
  • 20
  • 1
    The actualy question here is, how might floats end up in the variable? Is this some fuzzy authorization scheme? ("Error: you are only somewhat allowed to edit this page.") – mario Oct 20 '12 at 20:15
  • You control the session. If you don't put fractional values in there, there won't be fractional values. It is safe to assume that you'll only get integers back out if that's all you put in. – user229044 Oct 20 '12 at 20:16
  • Floats are not allowed. But I want to attempt to be precise. – Jeremy Oct 20 '12 at 20:18
  • Now, looking at the answers, I am ashamed of myself for not thinking of using an array. – Jeremy Oct 20 '12 at 20:20
  • @Jeremy That's seriously wrong headed thinking. Trying to be "precise", by testing for values that have no business being in there, is actively hurting you. You should `assert` that the value in the session is an integer. If it's not, your program should die messily so you *find the source of the error*. You have full control over the session. If a value somehow gets in there that you don't expect to be in there, it is because of a bug in your code, and you need to track it down and fix it, not deal with the consequences each time you access the session. – user229044 Oct 20 '12 at 20:24
  • What I meant by "precise" was, I want my code to do exactly what I want it to do. – Jeremy Oct 20 '12 at 21:00

4 Answers4

3

Yes, you are. A simpler approach could be inarray().

$values = array('0','1','2','3');
if(!in_array($_SESSION['auth'], $values, true)
//do something

or even shorter

if(!in_array($_SESSION['auth'], array('0','1','2','3'), true)
//do something

It is probably best to go with the first option, just in case you may want to compare it against more values in the future.

flavian
  • 28,161
  • 11
  • 65
  • 105
2

You could keep an array of values to check against:

$auth_array = array('0', '1', '2', '3');
if(!in_array($_SESSION['auth'], $auth_array)){
    header("location:login.php");
}
HellaMad
  • 5,294
  • 6
  • 31
  • 53
1

You could use in_array to easily check whether $_SESSION['auth'] is equal to one of the values you are looking for.

if (in_array ($_SESSION['auth'], array (0,1,2,3)) == false)
  header ("Location: ...");
Filip Roséen - refp
  • 62,493
  • 20
  • 150
  • 196
0

Your own solution is fine:

if($_SESSION['auth']<=0 || $_SESSION['auth']>=3){
   header("location:login.php");
}

If you're worried about decimal values, don't be -- if your code only ever sets it to an integer, then that's all it will ever be. However, if you are worried about this, simply force the value to be an integer by type casting it:

$_SESSION['auth'] = (int)$_SESSION['auth'];

No more worries about fractions.

Spudley
  • 166,037
  • 39
  • 233
  • 307