ISSET() question

28/02/2008, 07h51

The following code processes a blank field as though it has some value
and proceeds as though it was set to some value.

Apparently isset() is not working, because it thinks that a blank text
field is set to something.

Please let me know how to use isset() correctly.

Thanks ahead.

<?php
if(!isset($_POST['varA'])||!isset($_POST['varB'])){
?>
<form action="isset.php" method="POST">
<table><tr>
<td>Value 1:</td><td><input type="text" name="varA" value=""></td></
tr>
<tr><td>Value 2:</td><td><input type="text" name="varB" value=""></
td></tr>
<tr><td colspan="2"><input type="submit" value="submit"></td></tr>
</table>
</form>
<?php
}

else {
$x=$_POST['varA'];
$y=$_POST['varB'];

if($x>$y){
echo "Value 1:".$x." is larger";
}else

echo "Value 2:".$y." is larger";
}

?>

28/02/2008, 08h48

major a écrit :
> Apparently isset() is not working, because it thinks that a blank text
> field is set to something.

Exactly, "blank" is still a value. isset just verify that the variable
*is set*, whatever its content.

Regards,
--
Guillaume

28/02/2008, 12h54

On 28 fév, 08:51, major <extreme...@gmail.com> wrote:
> The following code processes a blank field as though it has some value
> and proceeds as though it was set to some value.
>
> Apparently isset() is not working, because it thinks that a blank text
> field is set to something.
>
> Please let me know how to use isset() correctly.
>
> Thanks ahead.
>
> <?php
> if(!isset($_POST['varA'])||!isset($_POST['varB'])){
> ?>
> <form action="isset.php" method="POST">
> <table><tr>
> <td>Value 1:</td><td><input type="text" name="varA" value=""></td></
> tr>
> <tr><td>Value 2:</td><td><input type="text" name="varB" value=""></
> td></tr>
> <tr><td colspan="2"><input type="submit" value="submit"></td></tr>
> </table>
> </form>
> <?php
>
> }
>
> else {
> $x=$_POST['varA'];
> $y=$_POST['varB'];
>
> if($x>$y){
> echo "Value 1:".$x." is larger";
>
> }else
>
> echo "Value 2:".$y." is larger";
>
> }
>
> ?>

use empty() :

if ( ( isset($_POST['varA'] && !empty($_POST['varA']) ) || ...

ichevc

28/02/2008, 15h01

"major" <extremerep@gmail.com> wrote in message
news:b2bd51d2-34e5-472a-868b-55681f053d7b@p43g2000hsc.googlegroups.com...
> The following code processes a blank field as though it has some value
> and proceeds as though it was set to some value.
>
> Apparently isset() is not working, because it thinks that a blank text
> field is set to something.
>
> Please let me know how to use isset() correctly.

This one, I actually can with

This page will save you a lot of grief if you take a few minutes to read and
understand it:
http://us3.php.net/manual/en/types.comparisons.php

29/02/2008, 01h23

major wrote:
> The following code processes a blank field as though it has some value
> and proceeds as though it was set to some value.
>
> Apparently isset() is not working, because it thinks that a blank text
> field is set to something.

Yes, if the value of a field is "", then it is still set. You would want
to test for both:

if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...

Or, if you want to count " " as blank:

if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...

There may be a more efficient way to do this - anyone know of one?

29/02/2008, 03h31

Tony wrote:
> major wrote:
>> The following code processes a blank field as though it has some value
>> and proceeds as though it was set to some value.
>>
>> Apparently isset() is not working, because it thinks that a blank text
>> field is set to something.
>
> Yes, if the value of a field is "", then it is still set. You would want
> to test for both:
>
> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>
> Or, if you want to count " " as blank:
>
>
> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>
> There may be a more efficient way to do this - anyone know of one?

Yes, validate it with a regex also:

$name = (isset($_POST['name']) &&
eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;

if (!$name)
{
....
}

would check to see if the post variable has been set and if it matches a
string of alpha a-z (upper & lower case), and is at least 2 characters
but not more than 25 characters in length. If not it's set to false and
you take appropriate action.

--
Norman
Registered Linux user #461062

01/03/2008, 02h49

Tony wrote:
> Norman Peelman wrote:
>> Tony wrote:
>>> major wrote:
>>>> The following code processes a blank field as though it has some value
>>>> and proceeds as though it was set to some value.
>>>>
>>>> Apparently isset() is not working, because it thinks that a blank text
>>>> field is set to something.
>>>
>>> Yes, if the value of a field is "", then it is still set. You would
>>> want to test for both:
>>>
>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>>>
>>> Or, if you want to count " " as blank:
>>>
>>>
>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>>>
>>> There may be a more efficient way to do this - anyone know of one?
>>
>> Yes, validate it with a regex also:
>>
>> $name = (isset($_POST['name']) &&
>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;
>>
>> if (!$name)
>> {
>> ....
>> }
>>
>> would check to see if the post variable has been set and if it matches
>> a string of alpha a-z (upper & lower case), and is at least 2
>> characters but not more than 25 characters in length. If not it's set
>> to false and you take appropriate action.
>>
>
> But what if I don't want to validate according to those rules?
>

Then make up your own rules. And accept that if you don't do it right,
someone can delete your entire database - or at least an entire table.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

01/03/2008, 03h12

Norman Peelman wrote:
> Tony wrote:
>> major wrote:
>>> The following code processes a blank field as though it has some value
>>> and proceeds as though it was set to some value.
>>>
>>> Apparently isset() is not working, because it thinks that a blank text
>>> field is set to something.
>>
>> Yes, if the value of a field is "", then it is still set. You would
>> want to test for both:
>>
>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>>
>> Or, if you want to count " " as blank:
>>
>>
>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>>
>> There may be a more efficient way to do this - anyone know of one?
>
> Yes, validate it with a regex also:
>
> $name = (isset($_POST['name']) &&
> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;
>
> if (!$name)
> {
> ....
> }
>
> would check to see if the post variable has been set and if it matches a
> string of alpha a-z (upper & lower case), and is at least 2 characters
> but not more than 25 characters in length. If not it's set to false and
> you take appropriate action.
>

But what if I don't want to validate according to those rules?

01/03/2008, 03h47

Tony wrote:
> Norman Peelman wrote:
>> Tony wrote:
>>> major wrote:
>>>> The following code processes a blank field as though it has some value
>>>> and proceeds as though it was set to some value.
>>>>
>>>> Apparently isset() is not working, because it thinks that a blank text
>>>> field is set to something.
>>>
>>> Yes, if the value of a field is "", then it is still set. You would
>>> want to test for both:
>>>
>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>>>
>>> Or, if you want to count " " as blank:
>>>
>>>
>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>>>
>>> There may be a more efficient way to do this - anyone know of one?
>>
>> Yes, validate it with a regex also:
>>
>> $name = (isset($_POST['name']) &&
>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;
>>
>> if (!$name)
>> {
>> ....
>> }
>>
>> would check to see if the post variable has been set and if it matches
>> a string of alpha a-z (upper & lower case), and is at least 2
>> characters but not more than 25 characters in length. If not it's set
>> to false and you take appropriate action.
>>
>
> But what if I don't want to validate according to those rules?

What rules do you want to validate by?

--
Norman
Registered Linux user #461062

01/03/2008, 11h25

just do as you already did

if ( isset($_POST['name']) && ($_POST['name'] != "") )

its perfectly reliable and totally effecient in the context you are using
it, unless of course you're embedding it in some sort of loop with multi-
million executions that must (for example) recurse and spit out a result
inside a millisecond. If you really do need to worry that much you dont
need to be using PHP in the first place. Change to C or assembler.

Otherwise - just how "efficient" do you need a $_POST test to be?
Stop worrying - do it and move on. That what script languages like PHP
are for.

If regex is troubling you or you want to do more validation I'd take a
look at www.streamforensics.com to automate your forms validations.
Their system makes life a whole lot easier in so many ways.

You probably have more pressing problems than the one you are worrying
about?

01/03/2008, 13h57

Tony wrote:
> Norman Peelman wrote:
>> Tony wrote:
>>> major wrote:
>>>> The following code processes a blank field as though it has some value
>>>> and proceeds as though it was set to some value.
>>>>
>>>> Apparently isset() is not working, because it thinks that a blank text
>>>> field is set to something.
>>>
>>> Yes, if the value of a field is "", then it is still set. You would
>>> want to test for both:
>>>
>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>>>
>>> Or, if you want to count " " as blank:
>>>
>>>
>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>>>
>>> There may be a more efficient way to do this - anyone know of one?
>>
>> Yes, validate it with a regex also:
>>
>> $name = (isset($_POST['name']) &&
>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;
>>
>> if (!$name)
>> {
>> ....
>> }
>>
>> would check to see if the post variable has been set and if it matches
>> a string of alpha a-z (upper & lower case), and is at least 2
>> characters but not more than 25 characters in length. If not it's set
>> to false and you take appropriate action.
>>
>
> But what if I don't want to validate according to those rules?

Tony,

Are you serious? You asked for a more efficient way, and I provided
it. As long as the variable is set the regex will make sure it meets
your criteria. The question posed was for a name so that's the solution
I provided. The regex will not let any characters through that could
cause injection (if it's not a letter it's not passing the test).

since all data is passed as strings:

go check out http://www.regular-expressions.info

--
Norman
Registered Linux user #461062

01/03/2008, 18h15

<good@respnse.sic.com> wrote in message
news:MPG.22334db3f99bf136989a1e@news-text.blueyonder.co.uk...
>
> just do as you already did
>
> if ( isset($_POST['name']) && ($_POST['name'] != "") )
>
> its perfectly reliable and totally effecient in the context you are using
> it, unless of course you're embedding it in some sort of loop with multi-
> million executions that must (for example) recurse and spit out a result
> inside a millisecond. If you really do need to worry that much you dont
> need to be using PHP in the first place. Change to C or assembler.
>
> Otherwise - just how "efficient" do you need a $_POST test to be?
> Stop worrying - do it and move on. That what script languages like PHP
> are for.
>

Certainly true. On the other hand, it will really him in the long run
to learn the difference between if(isset()) and if(!). Dealing with nulls
and booleans is a constant pain in the neck unless you take a few minutes to
understand them.

01/03/2008, 21h35

good@respnse.sic.com wrote:
> just do as you already did
>
> if ( isset($_POST['name']) && ($_POST['name'] != "") )
>
> its perfectly reliable and totally effecient in the context you are using
> it, unless of course you're embedding it in some sort of loop with multi-
> million executions that must (for example) recurse and spit out a result
> inside a millisecond. If you really do need to worry that much you dont
> need to be using PHP in the first place. Change to C or assembler.
>
> Otherwise - just how "efficient" do you need a $_POST test to be?
> Stop worrying - do it and move on. That what script languages like PHP
> are for.
>
> If regex is troubling you or you want to do more validation I'd take a
> look at www.streamforensics.com to automate your forms validations.
> Their system makes life a whole lot easier in so many ways.
>
> You probably have more pressing problems than the one you are worrying
> about?
>

Jeez, people - I was just asking. I don't know everything about PHP, and
was simply admitting there might be a better way than mine.

Is the moon full or something? People seem to be awfully touchy lately.

01/03/2008, 21h45

Norman Peelman wrote:
> Tony wrote:
>> Norman Peelman wrote:
>>> Tony wrote:
>>>> major wrote:
>>>>> The following code processes a blank field as though it has some value
>>>>> and proceeds as though it was set to some value.
>>>>>
>>>>> Apparently isset() is not working, because it thinks that a blank text
>>>>> field is set to something.
>>>>
>>>> Yes, if the value of a field is "", then it is still set. You would
>>>> want to test for both:
>>>>
>>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>>>>
>>>> Or, if you want to count " " as blank:
>>>>
>>>>
>>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>>>>
>>>> There may be a more efficient way to do this - anyone know of one?
>>>
>>> Yes, validate it with a regex also:
>>>
>>> $name = (isset($_POST['name']) &&
>>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;
>>>
>>> if (!$name)
>>> {
>>> ....
>>> }
>>>
>>> would check to see if the post variable has been set and if it
>>> matches a string of alpha a-z (upper & lower case), and is at least 2
>>> characters but not more than 25 characters in length. If not it's set
>>> to false and you take appropriate action.
>>>
>>
>> But what if I don't want to validate according to those rules?
>
> Tony,
>
> Are you serious?

Yes.

> You asked for a more efficient way, and I provided
> it.

You provided a different test.

> As long as the variable is set the regex will make sure it meets
> your criteria.

My criteria was non-blank.

> The question posed was for a name so that's the solution
> I provided. The regex will not let any characters through that could
> cause injection (if it's not a letter it's not passing the test).

I can conceive of many cases in which you would want to permit
non-letters through, even for names. You don't have anything against the
Irish, do you? "Conan O'Brien", for example, would fail your test. So
would "St. Elmo" - which was the proper legal first name of a man I used
to work with (including the period). Those are just two - I'm sure we
could come up with dozens of legitimate names that use non-alpha characters.

There are other ways to guard against injection.

01/03/2008, 21h55

Tony wrote:
> good@respnse.sic.com wrote:
>> just do as you already did
>>
>> if ( isset($_POST['name']) && ($_POST['name'] != "") )
>> its perfectly reliable and totally effecient in the context you are
>> using it, unless of course you're embedding it in some sort of loop
>> with multi-
>> million executions that must (for example) recurse and spit out a
>> result inside a millisecond. If you really do need to worry that much
>> you dont need to be using PHP in the first place. Change to C or
>> assembler.
>>
>> Otherwise - just how "efficient" do you need a $_POST test to be?
>> Stop worrying - do it and move on. That what script languages like PHP
>> are for.
>>
>> If regex is troubling you or you want to do more validation I'd take a
>> look at www.streamforensics.com to automate your forms validations.
>> Their system makes life a whole lot easier in so many ways.
>> You probably have more pressing problems than the one you are worrying
>> about?
>>
>
> Jeez, people - I was just asking. I don't know everything about PHP, and
> was simply admitting there might be a better way than mine.
>
> Is the moon full or something? People seem to be awfully touchy lately.
>

No, it's just that you keep asking questions then arguing with the answers.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

02/03/2008, 00h50

Tony wrote:
> Norman Peelman wrote:
>> Tony wrote:
>>> Norman Peelman wrote:
>>>> Tony wrote:
>>>>> major wrote:
>>>>>> The following code processes a blank field as though it has some
>>>>>> value
>>>>>> and proceeds as though it was set to some value.
>>>>>>
>>>>>> Apparently isset() is not working, because it thinks that a blank
>>>>>> text
>>>>>> field is set to something.
>>>>>
>>>>> Yes, if the value of a field is "", then it is still set. You would
>>>>> want to test for both:
>>>>>
>>>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>>>>>
>>>>> Or, if you want to count " " as blank:
>>>>>
>>>>>
>>>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>>>>>
>>>>> There may be a more efficient way to do this - anyone know of one?
>>>>
>>>> Yes, validate it with a regex also:
>>>>
>>>> $name = (isset($_POST['name']) &&
>>>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false;
>>>>
>>>> if (!$name)
>>>> {
>>>> ....
>>>> }
>>>>
>>>> would check to see if the post variable has been set and if it
>>>> matches a string of alpha a-z (upper & lower case), and is at least
>>>> 2 characters but not more than 25 characters in length. If not it's
>>>> set to false and you take appropriate action.
>>>>
>>>
>>> But what if I don't want to validate according to those rules?
>>
>> Tony,
>>
>> Are you serious?
>
> Yes.
>
>> You asked for a more efficient way, and I provided it.
>
> You provided a different test.

same test, different method providing extra checks with one command.

>
>> As long as the variable is set the regex will make sure it meets your
>> criteria.
>
> My criteria was non-blank.
>

The original 'criteria' was that isset wasn't working. You asked for a
'better' way to do it.

My test provided two things:

1) the variable was set (yes or no) and,
2) it contained useful information - unless you know someone with a
'blank' name

....you should validate fields whether they are mandatory or not.

>> The question posed was for a name so that's the solution I provided.
>> The regex will not let any characters through that could
>> cause injection (if it's not a letter it's not passing the test).
>
> I can conceive of many cases in which you would want to permit
> non-letters through, even for names. You don't have anything against the
> Irish, do you? "Conan O'Brien", for example, would fail your test. So
> would "St. Elmo" - which was the proper legal first name of a man I used
> to work with (including the period). Those are just two - I'm sure we
> could come up with dozens of legitimate names that use non-alpha
> characters.

....so change the regex to meet your needs, it was a simple example after
all. I was simply trying to show how a regex can do a lot of the work
for you. I'll let you figure out how to add those characters to the
pattern. Or, you can nest as many if/then/else blocks as you like to get
what you're after.

>
> There are other ways to guard against injection.

Then why did you ask?

--
Norman
Registered Linux user #461062

02/03/2008, 02h02

Tony wrote:
<snipped>
> I can conceive of many cases in which you would want to permit
> non-letters through, even for names. You don't have anything against the
> Irish, do you? "Conan O'Brien", for example, would fail your test. So
> would "St. Elmo" - which was the proper legal first name of a man I used
> to work with (including the period). Those are just two - I'm sure we
> could come up with dozens of legitimate names that use non-alpha
> characters.

$pattern = "^[A-Za-z ]['.]?";
$passed = ereg($pattern,$var) ? 'YES' : 'NO';

will match both your examples.

--
Norman
Registered Linux user #461062

03/03/2008, 16h06

"Tony" <nospam@example.com> wrote in message
news:13senkbp2896814@corp.supernews.com...
> major wrote:
>> The following code processes a blank field as though it has some value
>> and proceeds as though it was set to some value.
>>
>> Apparently isset() is not working, because it thinks that a blank text
>> field is set to something.
>
> Yes, if the value of a field is "", then it is still set. You would want
> to test for both:
>
> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ...
>
> Or, if you want to count " " as blank:
>
>
> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ...
>
> There may be a more efficient way to do this - anyone know of one?

if($_POST['name']) {

This will, however, evaluate 0 and "0" to false. It will also throw a
warning. !empty() is exactly the same thing, but does not throw a warning.

03/03/2008, 16h47

In article <13sjj08ge122icf@corp.supernews.com>, nospam@example.com
says...

> >
> > Otherwise - just how "efficient" do you need a $_POST test to be?
> > Stop worrying - do it and move on. That what script languages like PHP
> > are for.
> >
> > If regex is troubling you or you want to do more validation I'd take a
> > look at www.streamforensics.com to automate your forms validations.
> > Their system makes life a whole lot easier in so many ways.
> >
> > You probably have more pressing problems than the one you are worrying
> > about?
> >
>
> Jeez, people - I was just asking. I don't know everything about PHP, and
> was simply admitting there might be a better way than mine.
>
> Is the moon full or something? People seem to be awfully touchy lately.
>

Tony - I wasn't having a go I was just trying to explain why I didn't
think it worth worrying about instead of just saying so.

Sorry if it read bad to you.

28/02/2008, 07h51	#1
major Messages: n/a Hébergeur:	ISSET() question The following code processes a blank field as though it has some value and proceeds as though it was set to some value. Apparently isset() is not working, because it thinks that a blank text field is set to something. Please let me know how to use isset() correctly. Thanks ahead. <?php if(!isset($_POST['varA'])\|\|!isset($_POST['varB'])){ ?> <form action="isset.php" method="POST"> <table><tr> <td>Value 1:</td><td><input type="text" name="varA" value=""></td></ tr> <tr><td>Value 2:</td><td><input type="text" name="varB" value=""></ td></tr> <tr><td colspan="2"><input type="submit" value="submit"></td></tr> </table> </form> <?php } else { $x=$_POST['varA']; $y=$_POST['varB']; if($x>$y){ echo "Value 1:".$x." is larger"; }else echo "Value 2:".$y." is larger"; } ?>

28/02/2008, 08h48	#2
Guillaume Messages: n/a Hébergeur:	Re: ISSET() question major a écrit : > Apparently isset() is not working, because it thinks that a blank text > field is set to something. Exactly, "blank" is still a value. isset just verify that the variable is set, whatever its content. Regards, -- Guillaume

28/02/2008, 12h54	#3
mail.cedric.chevalier@gmail.com Messages: n/a Hébergeur:	Re: ISSET() question On 28 fév, 08:51, major <extreme...@gmail.com> wrote: > The following code processes a blank field as though it has some value > and proceeds as though it was set to some value. > > Apparently isset() is not working, because it thinks that a blank text > field is set to something. > > Please let me know how to use isset() correctly. > > Thanks ahead. > > <?php > if(!isset($_POST['varA'])\|\|!isset($_POST['varB'])){ > ?> > <form action="isset.php" method="POST"> > <table><tr> > <td>Value 1:</td><td><input type="text" name="varA" value=""></td></ > tr> > <tr><td>Value 2:</td><td><input type="text" name="varB" value=""></ > td></tr> > <tr><td colspan="2"><input type="submit" value="submit"></td></tr> > </table> > </form> > <?php > > } > > else { > $x=$_POST['varA']; > $y=$_POST['varB']; > > if($x>$y){ > echo "Value 1:".$x." is larger"; > > }else > > echo "Value 2:".$y." is larger"; > > } > > ?> use empty() : if ( ( isset($_POST['varA'] && !empty($_POST['varA']) ) \|\| ... ichevc

29/02/2008, 01h23	#5
Tony Messages: n/a Hébergeur:	Re: ISSET() question major wrote: > The following code processes a blank field as though it has some value > and proceeds as though it was set to some value. > > Apparently isset() is not working, because it thinks that a blank text > field is set to something. Yes, if the value of a field is "", then it is still set. You would want to test for both: if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... Or, if you want to count " " as blank: if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... There may be a more efficient way to do this - anyone know of one?

29/02/2008, 03h31	#6
Norman Peelman Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: > major wrote: >> The following code processes a blank field as though it has some value >> and proceeds as though it was set to some value. >> >> Apparently isset() is not working, because it thinks that a blank text >> field is set to something. > > Yes, if the value of a field is "", then it is still set. You would want > to test for both: > > if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... > > Or, if you want to count " " as blank: > > > if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... > > There may be a more efficient way to do this - anyone know of one? Yes, validate it with a regex also: $name = (isset($_POST['name']) && eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; if (!$name) { .... } would check to see if the post variable has been set and if it matches a string of alpha a-z (upper & lower case), and is at least 2 characters but not more than 25 characters in length. If not it's set to false and you take appropriate action. -- Norman Registered Linux user #461062

28/02/2008, 15h01	#4
Mason Barge Messages: n/a Hébergeur:	Re: ISSET() question "major" <extremerep@gmail.com> wrote in message news:b2bd51d2-34e5-472a-868b-55681f053d7b@p43g2000hsc.googlegroups.com... > The following code processes a blank field as though it has some value > and proceeds as though it was set to some value. > > Apparently isset() is not working, because it thinks that a blank text > field is set to something. > > Please let me know how to use isset() correctly. This one, I actually can with This page will save you a lot of grief if you take a few minutes to read and understand it: http://us3.php.net/manual/en/types.comparisons.php

01/03/2008, 02h49	#7
Jerry Stuckle Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: > Norman Peelman wrote: >> Tony wrote: >>> major wrote: >>>> The following code processes a blank field as though it has some value >>>> and proceeds as though it was set to some value. >>>> >>>> Apparently isset() is not working, because it thinks that a blank text >>>> field is set to something. >>> >>> Yes, if the value of a field is "", then it is still set. You would >>> want to test for both: >>> >>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... >>> >>> Or, if you want to count " " as blank: >>> >>> >>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... >>> >>> There may be a more efficient way to do this - anyone know of one? >> >> Yes, validate it with a regex also: >> >> $name = (isset($_POST['name']) && >> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; >> >> if (!$name) >> { >> .... >> } >> >> would check to see if the post variable has been set and if it matches >> a string of alpha a-z (upper & lower case), and is at least 2 >> characters but not more than 25 characters in length. If not it's set >> to false and you take appropriate action. >> > > But what if I don't want to validate according to those rules? > Then make up your own rules. And accept that if you don't do it right, someone can delete your entire database - or at least an entire table. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

01/03/2008, 03h12	#8
Tony Messages: n/a Hébergeur:	Re: ISSET() question Norman Peelman wrote: > Tony wrote: >> major wrote: >>> The following code processes a blank field as though it has some value >>> and proceeds as though it was set to some value. >>> >>> Apparently isset() is not working, because it thinks that a blank text >>> field is set to something. >> >> Yes, if the value of a field is "", then it is still set. You would >> want to test for both: >> >> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... >> >> Or, if you want to count " " as blank: >> >> >> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... >> >> There may be a more efficient way to do this - anyone know of one? > > Yes, validate it with a regex also: > > $name = (isset($_POST['name']) && > eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; > > if (!$name) > { > .... > } > > would check to see if the post variable has been set and if it matches a > string of alpha a-z (upper & lower case), and is at least 2 characters > but not more than 25 characters in length. If not it's set to false and > you take appropriate action. > But what if I don't want to validate according to those rules?

01/03/2008, 03h47	#9
Norman Peelman Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: > Norman Peelman wrote: >> Tony wrote: >>> major wrote: >>>> The following code processes a blank field as though it has some value >>>> and proceeds as though it was set to some value. >>>> >>>> Apparently isset() is not working, because it thinks that a blank text >>>> field is set to something. >>> >>> Yes, if the value of a field is "", then it is still set. You would >>> want to test for both: >>> >>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... >>> >>> Or, if you want to count " " as blank: >>> >>> >>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... >>> >>> There may be a more efficient way to do this - anyone know of one? >> >> Yes, validate it with a regex also: >> >> $name = (isset($_POST['name']) && >> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; >> >> if (!$name) >> { >> .... >> } >> >> would check to see if the post variable has been set and if it matches >> a string of alpha a-z (upper & lower case), and is at least 2 >> characters but not more than 25 characters in length. If not it's set >> to false and you take appropriate action. >> > > But what if I don't want to validate according to those rules? What rules do you want to validate by? -- Norman Registered Linux user #461062

01/03/2008, 11h25	#10
good@respnse.sic.com Messages: n/a Hébergeur:	Re: ISSET() question just do as you already did if ( isset($_POST['name']) && ($_POST['name'] != "") ) its perfectly reliable and totally effecient in the context you are using it, unless of course you're embedding it in some sort of loop with multi- million executions that must (for example) recurse and spit out a result inside a millisecond. If you really do need to worry that much you dont need to be using PHP in the first place. Change to C or assembler. Otherwise - just how "efficient" do you need a $_POST test to be? Stop worrying - do it and move on. That what script languages like PHP are for. If regex is troubling you or you want to do more validation I'd take a look at www.streamforensics.com to automate your forms validations. Their system makes life a whole lot easier in so many ways. You probably have more pressing problems than the one you are worrying about?

01/03/2008, 13h57	#11
Norman Peelman Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: > Norman Peelman wrote: >> Tony wrote: >>> major wrote: >>>> The following code processes a blank field as though it has some value >>>> and proceeds as though it was set to some value. >>>> >>>> Apparently isset() is not working, because it thinks that a blank text >>>> field is set to something. >>> >>> Yes, if the value of a field is "", then it is still set. You would >>> want to test for both: >>> >>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... >>> >>> Or, if you want to count " " as blank: >>> >>> >>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... >>> >>> There may be a more efficient way to do this - anyone know of one? >> >> Yes, validate it with a regex also: >> >> $name = (isset($_POST['name']) && >> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; >> >> if (!$name) >> { >> .... >> } >> >> would check to see if the post variable has been set and if it matches >> a string of alpha a-z (upper & lower case), and is at least 2 >> characters but not more than 25 characters in length. If not it's set >> to false and you take appropriate action. >> > > But what if I don't want to validate according to those rules? Tony, Are you serious? You asked for a more efficient way, and I provided it. As long as the variable is set the regex will make sure it meets your criteria. The question posed was for a name so that's the solution I provided. The regex will not let any characters through that could cause injection (if it's not a letter it's not passing the test). since all data is passed as strings: go check out http://www.regular-expressions.info -- Norman Registered Linux user #461062

01/03/2008, 18h15	#12
Mason Barge Messages: n/a Hébergeur:	Re: ISSET() question <good@respnse.sic.com> wrote in message news:MPG.22334db3f99bf136989a1e@news-text.blueyonder.co.uk... > > just do as you already did > > if ( isset($_POST['name']) && ($_POST['name'] != "") ) > > its perfectly reliable and totally effecient in the context you are using > it, unless of course you're embedding it in some sort of loop with multi- > million executions that must (for example) recurse and spit out a result > inside a millisecond. If you really do need to worry that much you dont > need to be using PHP in the first place. Change to C or assembler. > > Otherwise - just how "efficient" do you need a $_POST test to be? > Stop worrying - do it and move on. That what script languages like PHP > are for. > Certainly true. On the other hand, it will really him in the long run to learn the difference between if(isset()) and if(!). Dealing with nulls and booleans is a constant pain in the neck unless you take a few minutes to understand them.

01/03/2008, 21h35	#13
Tony Messages: n/a Hébergeur:	Re: ISSET() question good@respnse.sic.com wrote: > just do as you already did > > if ( isset($_POST['name']) && ($_POST['name'] != "") ) > > its perfectly reliable and totally effecient in the context you are using > it, unless of course you're embedding it in some sort of loop with multi- > million executions that must (for example) recurse and spit out a result > inside a millisecond. If you really do need to worry that much you dont > need to be using PHP in the first place. Change to C or assembler. > > Otherwise - just how "efficient" do you need a $_POST test to be? > Stop worrying - do it and move on. That what script languages like PHP > are for. > > If regex is troubling you or you want to do more validation I'd take a > look at www.streamforensics.com to automate your forms validations. > Their system makes life a whole lot easier in so many ways. > > You probably have more pressing problems than the one you are worrying > about? > Jeez, people - I was just asking. I don't know everything about PHP, and was simply admitting there might be a better way than mine. Is the moon full or something? People seem to be awfully touchy lately.

01/03/2008, 21h45	#14
Tony Messages: n/a Hébergeur:	Re: ISSET() question Norman Peelman wrote: > Tony wrote: >> Norman Peelman wrote: >>> Tony wrote: >>>> major wrote: >>>>> The following code processes a blank field as though it has some value >>>>> and proceeds as though it was set to some value. >>>>> >>>>> Apparently isset() is not working, because it thinks that a blank text >>>>> field is set to something. >>>> >>>> Yes, if the value of a field is "", then it is still set. You would >>>> want to test for both: >>>> >>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... >>>> >>>> Or, if you want to count " " as blank: >>>> >>>> >>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... >>>> >>>> There may be a more efficient way to do this - anyone know of one? >>> >>> Yes, validate it with a regex also: >>> >>> $name = (isset($_POST['name']) && >>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; >>> >>> if (!$name) >>> { >>> .... >>> } >>> >>> would check to see if the post variable has been set and if it >>> matches a string of alpha a-z (upper & lower case), and is at least 2 >>> characters but not more than 25 characters in length. If not it's set >>> to false and you take appropriate action. >>> >> >> But what if I don't want to validate according to those rules? > > Tony, > > Are you serious? Yes. > You asked for a more efficient way, and I provided > it. You provided a different test. > As long as the variable is set the regex will make sure it meets > your criteria. My criteria was non-blank. > The question posed was for a name so that's the solution > I provided. The regex will not let any characters through that could > cause injection (if it's not a letter it's not passing the test). I can conceive of many cases in which you would want to permit non-letters through, even for names. You don't have anything against the Irish, do you? "Conan O'Brien", for example, would fail your test. So would "St. Elmo" - which was the proper legal first name of a man I used to work with (including the period). Those are just two - I'm sure we could come up with dozens of legitimate names that use non-alpha characters. There are other ways to guard against injection.

01/03/2008, 21h55	#15
Jerry Stuckle Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: > good@respnse.sic.com wrote: >> just do as you already did >> >> if ( isset($_POST['name']) && ($_POST['name'] != "") ) >> its perfectly reliable and totally effecient in the context you are >> using it, unless of course you're embedding it in some sort of loop >> with multi- >> million executions that must (for example) recurse and spit out a >> result inside a millisecond. If you really do need to worry that much >> you dont need to be using PHP in the first place. Change to C or >> assembler. >> >> Otherwise - just how "efficient" do you need a $_POST test to be? >> Stop worrying - do it and move on. That what script languages like PHP >> are for. >> >> If regex is troubling you or you want to do more validation I'd take a >> look at www.streamforensics.com to automate your forms validations. >> Their system makes life a whole lot easier in so many ways. >> You probably have more pressing problems than the one you are worrying >> about? >> > > Jeez, people - I was just asking. I don't know everything about PHP, and > was simply admitting there might be a better way than mine. > > Is the moon full or something? People seem to be awfully touchy lately. > No, it's just that you keep asking questions then arguing with the answers. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

02/03/2008, 00h50	#16
Norman Peelman Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: > Norman Peelman wrote: >> Tony wrote: >>> Norman Peelman wrote: >>>> Tony wrote: >>>>> major wrote: >>>>>> The following code processes a blank field as though it has some >>>>>> value >>>>>> and proceeds as though it was set to some value. >>>>>> >>>>>> Apparently isset() is not working, because it thinks that a blank >>>>>> text >>>>>> field is set to something. >>>>> >>>>> Yes, if the value of a field is "", then it is still set. You would >>>>> want to test for both: >>>>> >>>>> if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... >>>>> >>>>> Or, if you want to count " " as blank: >>>>> >>>>> >>>>> if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... >>>>> >>>>> There may be a more efficient way to do this - anyone know of one? >>>> >>>> Yes, validate it with a regex also: >>>> >>>> $name = (isset($_POST['name']) && >>>> eregi('^[a-zA-Z]${2,25}',$_POST['name'])) ? $_POST['name'] : false; >>>> >>>> if (!$name) >>>> { >>>> .... >>>> } >>>> >>>> would check to see if the post variable has been set and if it >>>> matches a string of alpha a-z (upper & lower case), and is at least >>>> 2 characters but not more than 25 characters in length. If not it's >>>> set to false and you take appropriate action. >>>> >>> >>> But what if I don't want to validate according to those rules? >> >> Tony, >> >> Are you serious? > > Yes. > >> You asked for a more efficient way, and I provided it. > > You provided a different test. same test, different method providing extra checks with one command. > >> As long as the variable is set the regex will make sure it meets your >> criteria. > > My criteria was non-blank. > The original 'criteria' was that isset wasn't working. You asked for a 'better' way to do it. My test provided two things: 1) the variable was set (yes or no) and, 2) it contained useful information - unless you know someone with a 'blank' name ....you should validate fields whether they are mandatory or not. >> The question posed was for a name so that's the solution I provided. >> The regex will not let any characters through that could >> cause injection (if it's not a letter it's not passing the test). > > I can conceive of many cases in which you would want to permit > non-letters through, even for names. You don't have anything against the > Irish, do you? "Conan O'Brien", for example, would fail your test. So > would "St. Elmo" - which was the proper legal first name of a man I used > to work with (including the period). Those are just two - I'm sure we > could come up with dozens of legitimate names that use non-alpha > characters. ....so change the regex to meet your needs, it was a simple example after all. I was simply trying to show how a regex can do a lot of the work for you. I'll let you figure out how to add those characters to the pattern. Or, you can nest as many if/then/else blocks as you like to get what you're after. > > There are other ways to guard against injection. Then why did you ask? -- Norman Registered Linux user #461062

02/03/2008, 02h02	#17
Norman Peelman Messages: n/a Hébergeur:	Re: ISSET() question Tony wrote: <snipped> > I can conceive of many cases in which you would want to permit > non-letters through, even for names. You don't have anything against the > Irish, do you? "Conan O'Brien", for example, would fail your test. So > would "St. Elmo" - which was the proper legal first name of a man I used > to work with (including the period). Those are just two - I'm sure we > could come up with dozens of legitimate names that use non-alpha > characters. $pattern = "^[A-Za-z ]['.]?"; $passed = ereg($pattern,$var) ? 'YES' : 'NO'; will match both your examples. -- Norman Registered Linux user #461062

03/03/2008, 16h06	#18
Mason Barge Messages: n/a Hébergeur:	Re: ISSET() question "Tony" <nospam@example.com> wrote in message news:13senkbp2896814@corp.supernews.com... > major wrote: >> The following code processes a blank field as though it has some value >> and proceeds as though it was set to some value. >> >> Apparently isset() is not working, because it thinks that a blank text >> field is set to something. > > Yes, if the value of a field is "", then it is still set. You would want > to test for both: > > if ( isset($_POST['name']) && ($_POST['name'] != "") ) ... > > Or, if you want to count " " as blank: > > > if ( isset($_POST['name']) && (trim($_POST['name']) != "") ) ... > > There may be a more efficient way to do this - anyone know of one? if($_POST['name']) { This will, however, evaluate 0 and "0" to false. It will also throw a warning. !empty() is exactly the same thing, but does not throw a warning.

03/03/2008, 16h47	#19
good@respnse.sic.com Messages: n/a Hébergeur:	Re: ISSET() question In article <13sjj08ge122icf@corp.supernews.com>, nospam@example.com says... > > > > Otherwise - just how "efficient" do you need a $_POST test to be? > > Stop worrying - do it and move on. That what script languages like PHP > > are for. > > > > If regex is troubling you or you want to do more validation I'd take a > > look at www.streamforensics.com to automate your forms validations. > > Their system makes life a whole lot easier in so many ways. > > > > You probably have more pressing problems than the one you are worrying > > about? > > > > Jeez, people - I was just asking. I don't know everything about PHP, and > was simply admitting there might be a better way than mine. > > Is the moon full or something? People seem to be awfully touchy lately. > Tony - I wasn't having a go I was just trying to explain why I didn't think it worth worrying about instead of just saying so. Sorry if it read bad to you.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email