-1

Possible Duplicate:
Check if multiple strings are empty

today i got this answer here on stackoverflow:

<input type="text" name="required[first_name]" />
<input type="text" name="required[last_name]" />
...

$required = $_POST['required'];
foreach ($required as $req) {
     $req = trim($req);
     if (empty($req))
     echo 'gotcha!';
 }

This is ok, but what if someone change 

 name="required[first_name]"

To

  name=""

Then i will have some data missing in further code (i use form to send submited data to email). How to fix this?

Community
  • 1
  • 1
SomeoneS
  • 1,207
  • 2
  • 19
  • 34
  • I've posted an answer that will hopefully solve your issue in a better way: http://stackoverflow.com/a/10962542/1338292 – Ja͢ck Jun 09 '12 at 16:20

3 Answers3

1

Yes, someone can change the html that submits to your code. So you have to check for the existence of everything you want to have in the code that handles the form. Lots of beginners want to automate that away by looping through $_POST or $_GET. And they almost always miss something or end up with code just as complicated, but harder to read, than just checking each input you want.

Scott Saunders
  • 29,840
  • 14
  • 57
  • 64
  • Are you calling me a beginner? – Steve Jun 08 '12 at 20:18
  • 1
    HA! No, I'm being cranky. One of the most horrible pieces of code I ever wrote came from the idea that "all form submissions are pretty much the same" so I should be able to write a function that could handle them all. I'm particularly sensitive now to attempts to code away drudge work that isn't really "the same" enough to generalize into something better than the drudge. – Scott Saunders Jun 08 '12 at 20:22
  • 1
    @ScottSaunders: Take a look at the original question (linked). You then realize that this is exactly the point. The question you tried to answer here is just the product of the deficiencies of the TS as well as those of the guy who "offered" that code. – hakre Jun 09 '12 at 15:34
  • Thank you. The original question is very depressing. – Scott Saunders Jun 09 '12 at 17:47
0

Loop through the $_GET array and check if any variables are "" or start with something other than required, and then just error out.

Steve
  • 632
  • 4
  • 16
0

You should always validate data on the server side (i.e. in PHP).

You should list the required field in PHP and check them in PHP.

Never trust user data.

Matthieu Napoli
  • 48,448
  • 45
  • 173
  • 261