2
if ($fname <> "" and $lname <> "" and $theemail <> "" and $empid <> "" and $doh <> "" and $ydept <> "#") {
    if ($percentage >= 85) {
        mail ($myEmail, $mailSubject, $msgBody, $header);
        mail ($userEmail, $sentMailSubject, $sentMailBody, $sentHeader);
        $filename = "output_annualexam.txt"; #Must CHMOD to 666, set folder to 777
        $text = "\n" . str_pad($fname, 25) . "" . str_pad($lname, 25) . "" . str_pad($empID, 15) . "" . str_pad($doh, 15) . "" . str_pad($tdate, 20) . "" . str_pad($ydept, 44) . "" . str_pad($percentage, 0) . "%";

        $fp = fopen ($filename, "a"); # a = append to the file. w = write to the file (create new if doesn't exist)
        if ($fp) {
            fwrite ($fp, $text);
            fclose ($fp);
            #echo ("File written");
        }
        else {
            #echo ("File was not written");
        }
        header ("Location: congrats.php?fname=$fname&type=$type");
    }
    else {
        header ("Location: nopass.php?percent=$percentage&type=$type");
    }
}
else {
    header ("Location: tryagain.php?type=$type");
}

When $ydept=="#" it means the user did not select any department from the SELECT options which will make the IF statement fail, which should automatically take the user to the tryagain.php page but instead it's taking them to the nopass.php page. So somewhere it's failing.

Should I try && instead of AND? But I don't think it should make a difference.

Si8
  • 9,141
  • 22
  • 109
  • 221
  • 5
    It could make a difference because of [operator precedence](http://www.php.net/manual/en/language.operators.precedence.php), where `&&` has a higher precedence than `and`. – ajp15243 Jun 12 '13 at 14:52
  • 1
    But shouldn't it check for ALL condition? – Si8 Jun 12 '13 at 14:53
  • 1
    Try `var_dump($ydept)` and see what happens. – Ry- Jun 12 '13 at 15:07
  • I think it might have to do with the $ydept <> "#" (because when i left $fname blank, tryagain.php kicked in correctly) – Si8 Jun 12 '13 at 15:10
  • Since it's a SELECT, do I have to use "$ydept = trim(strip_tags(stripslashes($_POST['yDept'])));" to prevent any XSS attack? Or is it safe to say $ydept = $_POST['yDept']; (Maybe that's why it's not working?) – Si8 Jun 12 '13 at 15:13

1 Answers1

4

Yes, you should use && not AND.

Since I am not eloquent enough to explain it, here's a good post about it, thanks to the commentator ;)

'AND' vs '&&' as operator

Community
  • 1
  • 1
Jessica
  • 7,075
  • 28
  • 39
  • 4
    It does matter in PHP. When you use && it evaluates the entire expression. When you use AND it stops at the variable. See the answer that one links TO: http://stackoverflow.com/a/2803576/2360157 - My team just removed AND from our application and it solved several logic errors the previous programmer was not aware of because they didn't know && vs AND – Jessica Jun 12 '13 at 14:53
  • I will change and test it now... Thanks! – Si8 Jun 12 '13 at 14:55
  • I changed to && and it's still going to NOPASS.php – Si8 Jun 12 '13 at 15:01
  • 2
    Why would it make a difference in this case, where `and` only appears parenthesized, and it *should* have a lower precedence than `<>`? You need to be able to explain why it should work. -1 – Ry- Jun 12 '13 at 15:02
  • I think it might have to do with the $ydept <> "#" (because when i left $fname blank, tryagain.php kicked in correctly) (What I am trying to do is, if $ydept anything other then "#" let the user continue.) – Si8 Jun 12 '13 at 15:06
  • @minitech fair enough *shrug* – Jessica Jun 12 '13 at 15:12
  • (!empty($ydept) && $ydept <> "#") solved the problem. – Si8 Jun 12 '13 at 16:08