Problem in a php if condition

Question

I have a small problem. I access the site thru foro.php?id=74&mode=add or foro.php?id=74&mode=edit it works fine.. But when I add a colon, semicolon (; or :) to foro.php?id=74&mode=add it goes to the edit option

foro.php?id=74&mode=add;
foro.php?id=74&mode=add:
foro.php?id=74&mode=add’

Below is my code

<?php 
$numb=mysql_real_escape_string($_GET['id']);

  if ($_GET['mode']=='add') {

    $sql1="select * from cello where number='".mysql_real_escape_string($numb)."' LIMIT 1";
    $result1=mysql_query($sql1) or die(mysql_error());
    while ($row=mysql_fetch_array($result1)) {

        $name=$row['name'];
        echo $name;
    }
  }


elseif ($_GET['mode']='edit') {

$sql="select * from cello account_number='".mysql_real_escape_string($numb)."' limit 1";
$result=mysql_query($sql) or die(mysql_error());

    while ($row=mysql_fetch_array($result)) {

 $acnumb=$row['number'];
$name=$row['name'];
$address=$row['address'];

echo $acnumb;
echo $name;
echo $address;

     }
     }
 else {echo "error!!";}
     ?>

Any way how to prevent it?

Answer 1

You have used the assignment operator = instead of the equality operator ==.

Try changing this:

elseif ($_GET['mode']='edit') {

to this:

elseif ($_GET['mode']=='edit') {

Answer 2

The problem is that in the following lines, in the if statement, you are not comparing, but assigning a value to the mode element in the GET array:

...
elseif ($_GET['mode']='edit') {

$sql="select * from cello account_number='".mysql_real_escape_string($numb)."' limit 1";
$result=mysql_query($sql) or die(mysql_error());
...

That operation returns true, the first comparison is false, and that is why it goes in the edit section.

Answer 3

Solution:

The problem definitely lies with the elseif ($_GET['mode']='edit') { line; the = operator there sets $_GET['mode'] to 'edit' (which always evaluates to true). A good but lexically-confusing practice to get into is writing conditionals like so:

if (5 == $some_var)

Which will immediately give an error if the second = was not included.

Suggestion:

You may want to implement a switch control to organize your code:

<?php
switch ($_GET['mode']) {
    case 'add':

        $sql1="select * from cello where number='".mysql_real_escape_string($numb)."' LIMIT 1";
        $result1=mysql_query($sql1) or die(mysql_error());
        while ($row=mysql_fetch_array($result1)) {

            $name=$row['name'];
            echo $name;
        }

        break;

    case 'edit':
        $sql="select * from cello account_number='".mysql_real_escape_string($numb)."' limit 1";
        $result=mysql_query($sql) or die(mysql_error());

        while ($row=mysql_fetch_array($result)) {

            $acnumb=$row['number'];
            $name=$row['name'];
            $address=$row['address'];

            echo $acnumb;
            echo $name;
            echo $address;

        }

        break;

    default:
        echo "error!!";
}