elseif ($var = '0') not working

Question

I'm trying to implement a bank system on a game project of mine. I'm having a problem with elseif.

I have this code:

<?php
session_start();
include ('include/dbconnect.php');
$res = mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow = mysql_fetch_array($res);    
$in = $_POST['entrar'];
$pocketremain = ($userRow['money'] - $in);
$bankremain = ($userRow['bank'] + $in);

if ($in < $userRow['money']) {
    // QUERIES
    mysql_query("UPDATE users SET money ='".$pocketremain."'     WHERE user_id ='".$_SESSION['user']."'");
    mysql_query("UPDATE users SET bank ='".$bankremain."' WHERE     user_id ='".$_SESSION['user']."'");
    $string = "<br><font size='2'><font color='green'>SUCCESS !!    </font><br>You deposited $in$.<br>You now have $bankremain$ in the Bank<br>and     $pocketremain$ in your Pocket.</font>";
} elseif ($in <= '0') { // FIM DE QUERIES
    $string = "<br><font size='2'><font color='red'>FAIL !!</font>     <br>You cant deposit imaginary money!</font>";
} else {
    $string = "<br><font size='2'><font color='red'>FAIL !!</font>     <br>Your values are Wrong!</font>";
}   
?>

I still can depoisit Zero money in the bank. elseif should be stating that $string if 0 was set as value. If you could kill this for me I would appreciate, i have been trying to work around this for hours now.

`elseif ($var = '0')` sounds not correct since `$var = '0'` assignment. what you want probably is `$var == '0' ` — pavlovich, Dec 05 '15 at 07:24
Are we presuming first that `$_SESSION['user']` is an integer and has already been ecaped? — chris85, Dec 05 '15 at 07:29
I think you should test `$in <= 0` before `$in < $userRow['money']`. Both can be true at the same time. — VolkerK, Dec 05 '15 at 07:30
[You're vulnerable to SQL injection when you use $_POST in that way](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). [You should stop using the mysql_* library of functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — , Dec 05 '15 at 07:44

score 1 · Answer 1 · edited Dec 05 '15 at 08:52

1

Use elseif ($in <= '0') instead of elseif ($in == '0')

You are getting an error because you are assigning a value (0 in this case) to in $in when you use ($in = '0'). To compare you should use a double ==.

== Will check to see if $val is equal to 0

<= Will check to see if $val is equal to, or less than 0

= Will assign 0 to val

edited Dec 05 '15 at 08:52

BenOfTheNorth

2,904
1
20
46

answered Dec 05 '15 at 07:35

Avid Technosys

11
3

score 0 · Answer 2 · answered Dec 05 '15 at 07:33

You need to add one condition in your if statement. Your code should be

if ($in < $userRow['money'] && $in > 0) {
// QUERIES
                mysql_query("UPDATE users SET money ='".$pocketremain."'     WHERE user_id ='".$_SESSION['user']."'");
                mysql_query("UPDATE users SET bank ='".$bankremain."' WHERE     user_id ='".$_SESSION['user']."'");
                $string = "<br><font size='2'><font color='green'>SUCCESS !!    </font><br>You deposited $in$.<br>You now have $bankremain$ in the Bank<br>and     $pocketremain$ in your Pocket.</font>";
}
// FIM DE QUERIES
    elseif ($in <= '0') {
        $string = "<br><font size='2'><font color='red'>FAIL !!</font>     <br>You cant deposit imaginary money!</font>";
    }
    else {
        $string = "<br><font size='2'><font color='red'>FAIL !!</font>     <br>Your values are Wrong!</font>";
    }

Because when your $in is 0 or less than 0 then your first if statement is true, So It didn't go in to your second elseif statement.

elseif ($var = '0') not working

2 Answers2