>What is the "and" "or" statement in php?
>I need this to see if the first statement is whatever, and or the second
>statement is whatever...
>if (!isset($PHP_AUTH_USER) "and or" blah($blah)) {}

"and" and "or" mean pretty much what they would in English:

The expression "x AND y" only returns "true" if both x and y are "true"
The expression "x OR y" returns "true" if either one of x or y are "true"

One nifty thing, though, is that if PHP *knows* the whole statement will
come out "true" (or "false") it won't bother with the rest of it.  This is
known as a short-circuit.

For example, consider this:

$x = TRUE;
if ($x or really_slow_complicated_function()){

As soon as PHP figures out the $x part (very quickly) it won't even *BOTHER*
to call that really complicated function because it doesn't *need* to call
it in order to complete the expression.  PHP *KNOWS* that it's all gonna
come out "true" anyway.

So the program just skips all the complicated crap in
really_slow_complicated_function() and goes on with life.  And that's good. 
Well, it's "good" more often than it's "bad"... Sometimes you end up wanting
that function called no matter what.  No problem:

$x = TRUE;
$y = really_slow_complicated_function();
if ($x or $y){

The most common example of the "or" situation is:

$result = mysql_query($query) or die(mysql_error());

In this case, if mysql_query() "works" then PHP "knows" not to dink around
with the die() stuff because there's no point -- The mysql_query() part will
guarantee the whole thing to come out "true" anyway.  *IF* the mysql_query()
part works, of course -- If it breaks, you get your death and the error

It's not a Good Idea to leave die(mysql_error()) in your code on a real
server, though.  It's too easy for a hacker to break your SQL, force the
error message to come out, and that error message could reveal *WAY* too
much about how your site it built and give them "insider" knowledge of the
layout of your site/server to break in.

A *much* better usage would be:

$result = mysql_query($query) or error_log(mysql_error());

Your error messages will be in your Apache error logs (assuming a default
php.ini) and while that's a bit more work to dig out, it's also not likely
to expose your inner workings to hackers.

One of the things I hate the most about VBScripts is boolean expressions
don't short-circuit, so you end up having to nest if/else statements like
crazy to write decent error-checking code.  Ugh!

The same sort of thing happens with "and" when PHP *knows* it's going to
turn out FALSE anyway:

$x = FALSE;
if ($x and really_complicated_function()){

Here, PHP can just skip the complicated crap, because $x if FALSE, so the $x
and ??? *must* be FALSE.

PHP also has && as well as || which are *exactly* like "and" and "or"
*EXCEPT* for the order of precedence.

If precedence isn't real clear, though, here's a rule of thumb that will
probably serve you well:

Inside of if() while() for() and such-like, stick with && and ||

Only use "or" for the " or die(...)" clause.

In the unlikely event that you ever really *NEED* "and" or "or" in an if()
while() for() part, you'll figure it out when the need arises.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to