-1

Here is my code below...

$song_genre = $_GET['song_genre'];
if($song_genre=='bangla'||$song_genre=='hindi'||$song_genre=='english'){ 
    $query = "SELECT `id` FROM `table` WHERE `song_genre` = '$song_genre'";
    mysqli_query($db_connection, $query);
}
GYaN
  • 2,327
  • 4
  • 19
  • 39
Rangan Roy
  • 1
  • 2

2 Answers2

0

I want to know how this if condition can be true if $_GET['song_genre'] is not equal to bangla or, hindi, or, english.

Since you are using loose comparison (==) instead of strict comparison (===) the values will type juggle, so a 0 would be true:

var_dump(0 == "bangla"); // bool(true)

But since anything in $_GET will always be a string or an array, there should be no practical way to get the if clause to evaluate to true with anything but the three strings. Nevertheless, use strict comparison.

On a side note: please use prepared statements to guard against sql injection.

Gordon
  • 312,688
  • 75
  • 539
  • 559
  • Why zero is equal to any string value?? – Rangan Roy Nov 09 '17 at 08:21
  • @Rangan because you are using loose comparison and the value will type juggle. Please follow the provided links in my answer to understand this concept if it's unclear to you. – Gordon Nov 09 '17 at 08:37
0

if the $_GET['song_genre'] becomes 0 (intvalue) this if statement will be broken . 

$song_genre = 0 ; // will break the statement

better check for 

if(!empty($song_genre)){
//your code
}
User123456
  • 2,492
  • 3
  • 30
  • 44