<?php
if($_GET['token'] or $_POST['token2'] == $_SESSION['token'] or $_SESSION['token2']) {
echo 'not allowed';
} else {
echo "";
?>
// other codes
<? }; unset($_SESSION['token1'] or $_SESSION['token2']); ?> --> Line:112
I'm using the code above and I am getting the following combination error:
Parse error: syntax error, unexpected T_LOGICAL_OR, expecting ',' or ')' in ... line 112
Where the error am I doing?
unset() can only be used with variables. The expression $_SESSION['token1'] or $_SESSION['token2'] is invalid parameter.
If you want to unset those two variables, use:
unset($_SESSION['token1'], $_SESSION['token2']);
You also don't need to use ; after }.
Also, although your if statement is not syntactically invalid, it is giving the impression you want to test if $_GET['token'] or $_POST['token2'] are equal to $_SESSION['token'] or $_SESSION['token2'], and if thats what you want to test here, you got it all wrong. You cannot test those things like that. You have to test all cases individually.
The logical approach would be:
if (
$_GET['token'] == $_SESSION['token'] OR
$_GET['token'] == $_SESSION['token2'] OR
$_POST['token2'] == $_SESSION['token2'] OR
$_POST['token2'] == $_SESSION['token2']
) {
Optionally, you have this resource too:
if (array_intersect(
[$_GET['token'], $_POST['token2']],
[$_SESSION['token'], $_SESSION['token2']]
)) {
Although this is not the usual way of doing it.
You can only pass variables to unset(), not statements. Always read the manual to understand how to use functions properly.
unset($_SESSION['token1'], $_SESSION['token2'])
FYI, our IF statement is invalid. You can only make one comparison at a time in PHP:
if($_GET['token'] == $_SESSION['token']
or $_POST['token2'] == $_SESSION['token']
$_GET['token'] == $_SESSION['token2']
or $_POST['token2'] == $_SESSION['token2']
) {
You can also simplify this by using $_REQUEST which contains both POST and GET variables:
if($_REQUEST['token'] == $_SESSION['token']
or $_REQUEST['token2'] == $_SESSION['token2']
) {
The unset keyword only works on variables, or array entries. In your code, the expression $_SESSION['token1'] or $_SESSION['token2'] is resolved as a boolean (because of the or keyword), which cannot be unset. Therefore, the syntax for unset requires only a variable or an array entry, which explains that PHP chokes on the keyword or.
Also, your initial test is likely not what you meant, it will be evaluated as:
if(($_GET['token'] or $_POST['token2']) == ($_SESSION['token'] or $_SESSION['token2'])
(note the parentheses for precedence), because == is non associative. Just like the unset expression, both sides of the equation will be evaluated as booleans, wihch means that if either array entry is simply set on each side, the if test will be taken as true.
Try this instead:
if($_GET['token'] == $_SESSION['token'] or $_POST['token2'] == $_SESSION['token'] or $_GET['token'] == $_SESSION['token2'] or $_POST['token2'] == $_SESSION['token2']){
// ...
<?php }; unset($_SESSION['token1'],$_SESSION['token2']); ?>