Using isset to check form fields

[rael556]

I've been having some trouble using isset to determine whether any value has been entered into a form field. I'm learning Php using Welling & Thomson's "Php and MySQL Web Development". According to their definition of isset and some code examples, I should be able to do this. I've even seen similar examples in the W3 Php tutorial. For some reason my code never detects the error (I never enter anything in the address field). At the moment I'm only checking the email field, but I want this as atest of all entry fields. Here's the code

<?php			$date = date("m/d/y");			$db_ptr = fopen("guestlog.txt",'a');			$firstname = $_POST['firstname'];			$lastname = $_POST['lastname'];			$address = ($_POST['address']);			if(isset($_REQUEST['address'])) {						$guest_entry_str = $lastname."\t".$firstname."\t".$address."\t".$date."\n";				fwrite($db_ptr,$guest_entry_str);				echo "Your name is " .$firstname. " " .$lastname;				echo "<br />Your email is " .$address;				echo '<br />The date is ' .date("m/d/y");}			else {				echo "No value entered has been entered. Please return to entry page";			}					?>

The HTML form declares "address" to be a text field 30 chars wide. I've also tried using trim() on the address field. According to everything I've see this should work. Any ideas? Thanks

[Ingolme]

If the value exists and is an empty string, then isset() will return true. Try testing to see that it's not empty:

if(!empty($_POST['address']) {

Don't use $_REQUEST, use $_POST so that people can't sneak data in through other means,

[JamesB]

dont forget to validate the address string length server side (and other fields), html maxlength can be bypassed in seconds.

if (strlen($_POST['address']) > 30) { }

[rael556]

If the value exists and is an empty string, then isset() will return true. Try testing to see that it's not empty:

if(!empty($_POST['address']) {

Don't use $_REQUEST, use $_POST so that people can't sneak data in through other means,

Thanks for the tip. Tried it. While you're probably right, that didn't help my current issue. Thanks anyway.

[rael556]

dont forget to validate the address string length server side (and other fields), html maxlength can be bypassed in seconds.

if (strlen($_POST['address']) > 30) { }

Also a useful tip, thank you. I've been wrapping my head around error-checking, but am still new to this idea.

[JamesB]

you can combine your if check with Ingolme's, which should work:

if(isset($_POST['address']) && !empty($_POST['address'])) {}

[jeffman]

How do you know the code is not working?What does the HTML for the input look lie?Have you tried var_dump($_POST) just to see what's really being sent?

[jeffman]

FWIW, these assignments should be made AFTER you've tested that the post variables are set, not before:

$firstname = $_POST['firstname'];$lastname = $_POST['lastname'];$address = $_POST['address'];

If they're not set, you'll throw warnings. You won't know about the warnings if error reporting is switched off, but it's still best practice to avoid warnings when you can.

[rael556]

How do you know the code is not working?What does the HTML for the input look lie?Have you tried var_dump($_POST) just to see what's really being sent?

Here's the var_dump result:array(3) { ["firstname"]=> string(4) "mark" ["lastname"]=> string(6) "Stones" ["address"]=> string(0) "" }It seems to be an empty string - am I mis-using isset?

[jeffman]

isset will return true in that case. Something's up with that input. That's why I suggested posting its html.

[rael556]

isset will return true in that case. Something's up with that input. That's why I suggested posting its html.

Isset is returning true, every time for the address field. I thought it would kick out of the control for an empty string.

[jeffman]

No, that's actually the point of isset. A POST element is "set" even if the string is empty. That's why !empty is the better test for this kind of thing.

[rael556]

isset will return true in that case. Something's up with that input. That's why I suggested posting its html.

Here's the form HTML code:

<form action="new_confirmation.php" method="post">			<table align="center" width="20%">				<tr>					<td width="40%">First Name</td>					<td width="60%"><input name="firstname" type="text" size="10" maxlength="25"></td>				</tr>				<tr>					<td>Last Name</td>					<td><input name="lastname" type="text" size="10" maxlength="25"></td>				</tr>				<tr>					<td>Email</td>					<td><input name="address" type="text" size="10" maxlength="30"></td>				</tr>				<tr>					<td align="right"> <input type="submit" value="Enter"></td>					<td align ="left"> <input type="reset" value="Clear"></td>				</tr>			</table>		</form>

[jeffman]

You said you did try using !empty? Same results?I still don't understand why your form is even posting the address field if it contains no data. You're not using AJAX, by any chance?

[rael556]

No, that's actually the point of isset. A POST element is "set" even if the string is empty. That's why !empty is the better test for this kind of thing.

Okay - thank you. I'll try that alternative. Funny - there's an example almost exactly like that in the W3C tutorial where thay check an email address.

[rael556]

You said you did try using !empty? Same results?I still don't understand why your form is even posting the address field if it contains no data. You're not using AJAX, by any chance?

Nope. completely clueless about AJAX.

[rael556]

Okay - thank you. I'll try that alternative. Funny - there's an example almost exactly like that in the W3C tutorial where thay check an email address.

That did it! I had tried empty() before, but god alone knows what other things might have affected the outcome. Thank you! This isn't a topic that gets covered very thoroughly.

[jeffman]

I was incorrect too, BTW. Empty text fields do apparently get set. I guess I've used empty for so long that I forget why. I also do a lot of AJAX, which means I almost never send empty fields without knowing it in advance.

[rael556]

I was incorrect too, BTW. Empty text fields do apparently get set. I guess I've used empty for so long that I forget why. I also do a lot of AJAX, which means I almost never send empty fields without knowing it in advance.

I've added logical operators to test all fields and it all works fine. Also made changes according to everybody's suggestions. Thanks.