Announcement

Collapse
No announcement yet.

Simple Function To Check Any and All User Input

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    That's really great information. So even if you set something to false it is still set when checking with isset. I hate to drag this on but since we are having a good discussion here about it let me throw this question out there. So is there really any good reason to check a variable with isset() as opposed to just doing the following:

    PHP Code:
    if($somevar) {
    echo 
    "Somevar is set";

    My code doesn't execute unless submit has been pressed. So when I do the secure funtion above I can not longer use isset() as I posted above. I don't see any problems with this but I'm curious if you guys do?

    Comment


    • #17
      yes, now we see a problem with softly typed language!

      PHP Code:
      //first we do this
      if($varString)
      {
          
      //this isn't reached
      }

      if(
      $varBool)
      {
          
      //this isn't reached
      }

      //But we now define our variables (well we create an instance then define a value to be correct)
      $varString "hello"
      $varBool false

      if($varString)
      {
          
      //this is reached because $varString exists
      }

      if(
      $varBool//this doesn't perform a "psuedo-isset()" function but instead evaluates the bool.
      {
          
      //this isn't reached because if(false) always fails.

      And thus we see a problem! You have to know what variable type you are placing inside the if() statement. Now this kind of defies the point of soft typing, so really you should be using the Isset() function.

      If you want to be super correct its quite useful to use if($varBool == true) as then you only get true if its value is true and boolean! (i think).

      Hope that helps

      Oh and interestingly enough if you have a function that either sets a var to a string value or boolean false then it will work as you wanted because if it sets it to a string value then if($var) returns true as $var has a value, but on the other hand if its the boolean false then if($var) returns false as $var has the boolean value of false.

      Comment


      • #18
        If you want to be super correct its quite useful to use if($varBool == true)
        PHP Code:
        if ($varBool === true// actually :D
        // if $varBool is equal to value and equal to type (===) 
        Paul, I highly suggest you stick this at the top of all of your scripts during any development:
        PHP Code:
        error_reporting(E_ALL); 
        It will clearly show why
        PHP Code:
        if ($foo
        is stupid. It doesn't run isset(), instead it tries to make a boolean decision. false, null, 0, empty string, or an empty array will all return false. I am not sure if it is only with empty() but a string containing only containing the digit zero may return false as well. Everything else will return true. However, take this complete script into consideration.
        PHP Code:
        <?php
        if ($foo) echo 'Foo evaluated to true!';
        ?>
        ERROR! $foo has not been set! This is something many people do not see because they have no idea about errors that go as notices (strict errors are some of them). This is why I suggested the error reporting change. You cannot reference a variable that does not exist. So how do you test if the variable exists yet? Ah ha! isset()!
        PHP Code:
        <?php
        if (isset($foo)) echo 'Foo was set, and if it is not, I do not get an error message!';
        ?>
        isset() does not check if a value is set, it rather checks if the variable is set.

        Another misconception is forms. If someone does not fill out a field, the variable is still set.. however, the value is an empty string. See that word "empty"? empty is another language construct (like isset) that will return true or false. When does it return false? When the variable is not set (like isset), when the variable is one of; null, false, 0, empty string, empty array, or a string with the digit 0, and everything else returns true.
        PHP Code:
        <?php
        if (isset($_POST['name'])) {
            
        // If the form was submitted this is ALWAYS reached
        }
        if (!empty(
        $_POST['name'])) {
            
        // If the form was submitted but the "name" field was empty, this will be reached
        }
        ?>
        Keep in mind that using empty() and isset() on unset variables (like my if($foo) test) will not produce any errors. Why? Because these are not functions, they are language constructs, and they can be special in that way.

        So the difference between
        PHP Code:
         if ($foo)
        // and
        if (!empty($foo)) 
        is simply that one could produce an error if $foo does not exist while the other will not.

        I hope this clears some things up...

        Comment

        Working...
        X