isset() not working properly on form

Question

I have a registration form that user submits, data is sent using isset($_POST) to see if there is anything that was put into form input boxes. If not it is sent to an else which then sends it to a function that returns the user back to registration form to complete some missing forms. For some reason it is not working properly.

Here is my checking code -------

function returnBack(){

    header("Location:register.php");
    exit;

}

if(isset($_POST['myusername']))
{
    $myusername = $_POST['myusername'];
}
else
{
    returnBack();   
}
if(isset($_POST['mypassword']))  {
    $mypassword=$_POST['mypassword'];

}
else{   

    returnBack();
}
if(isset($_POST['myemail']))  {

    $myemail=$_POST['myemail'];
}
else{

    returnBack();
}
if(isset($_POST['myname']))  {

    $myname=$_POST['myname'];
}
else{

    returnBack();
}
if(isset($_POST['mylastname'])){

    $mylastname=$_POST['mylastname'];

}
else{

    returnBack();
}
/////////////////////////////////////////////////////////////*******CONNECT TO SERVER ******************************************************************/
try {  
  # MySQL with PDO_MYSQL  
  $DBH = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);  
  $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

}  
catch(PDOException $e) { 
    echo "I'm sorry, I'm afraid I can't do that.";  
    file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);   
}
////////////////////////////////////////////////////////////***********INSERT REGISTER DATA INTO DB ***************************************************************/
//$encrypt_password = md5($mypassword);

$insertdata = $DBH->prepare("INSERT INTO members (username, password, email, firstname, lastname ) VALUES ('$myusername','$mypassword','$myemail','$myname','$mylastname')");
$insertdata->execute();
echo "success";

$DBH = null;

Here is the form section ------------------------------

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="register" method="post" action="insertnewmem.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Registration Form </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername" ></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="myemail" type="text" id="myemail"></td>
</tr>
<tr>
<td>First Name</td>
<td>:</td>
<td><input name="myname" type="text" id="myname"></td>
</tr>
<tr>
<td>Last Name</td>
<td>:</td>
<td><input name="mylastname" type="text" id="mylastname"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Register"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

UPDATED ----------------------------------------------

Sorry it skips the function returnBack() and just inserts it into db even if form not properly filled.

What does "not working properly" mean? Does it error out? Give you a blank page? Do nothing? Do something, but not what you expect? — andrewsi, Aug 15 '12 at 21:15
What's not working properly? Is it just not redirecting, or is it not getting the POST data...? — Chris Clower, Aug 15 '12 at 21:17
I find it a bit weird you are using PDO, and yet not using placeholders and ->bindParam() or ->bindValue(). Are you sure that is protecting your db from sql injection? — Cups, Aug 15 '12 at 21:20

score 13 · Accepted Answer · answered Aug 15 '12 at 21:16

13

Try !empty() instead of isset(). This will evaluate to true only if there is something other than null, false, 0, or empty string ''. You probably have empty strings being submitted.

answered Aug 15 '12 at 21:16

Ray

40,256
21
101
138

@DavidBiga No problem. Please mark the answer as correct if the solution worked for you. – Ray Aug 15 '12 at 21:24

score 7 · Answer 2 · answered Aug 15 '12 at 21:19

7

Others have posted answer, but let me explain why.

isset() checks to see if the value was set, not what the value is, but simply if it has a value. When you submit your form, you are passing an empty string as the value for each of the inputs.

Normally I check this using:

if(isset($_POST['variable']) && $_POST['variable'] !== "")

The first part makes sure the variable exists ( so that the second condition will not throw an error ) and the second condition makes sure that the string is not empty.

answered Aug 15 '12 at 21:19

trevorkavanaugh

340
1
8

Oh thanks a lot! I understand it now @Ray's worked and less code :) – David Biga Aug 15 '12 at 21:23
Yah of course.. I dont know how @Ray's function would work if the variable did not exist ($_POST['variable'] was never set), which is why I normally check isset() before checking the variables value, but it could have this already built in? – trevorkavanaugh Aug 15 '12 at 21:28
@trevorkavanaugh empty() first checks if he variable is set. – Ray Aug 16 '12 at 03:52

isset() not working properly on form

2 Answers2

Linked