PHP Form Validation with isset() function

Question

Code from Robin Nixon book:

<?php
if (isset($_POST['name'])) $name = $_POST['name'];
else $name = '(enter your name)';
echo <<<_END
<html>
    <head>
        <title>Test</title>
    </head>
    <body>
    Your name is $name<br />
    <form method = 'post' action = 'count.php'>
        What's your name?
        <input type='text' name='name' />
        <input type='submit' />
    </form>
    </body>
</html>
_END
?>

In the second line we check is variable set or not with isset(). In the third line we have a condition: if it's not set, the script prints 'enter your name'. That's what I do not understand: I open this page - it prints:

Your name (Enter your name) What is your name? (and the submission form)

Did not enter nothing at all, then hit "send" - it prints:

Your name is (and does NOT print "Enter your name") What's your name? (and the submission form)

I didn't enter anything but the function said that the variable was set to a value other than NULL. Why? If it passes an empty value, then why use it? Why just not use empty? But in all programs I see solution like this. Why do we have to use isset() function there? What don't I understand?

Answer 1

The isset function is used to check if the text-field <input type='text' name='name' /> has any data submitted via POST which is captured in $_POST['name'].

When you submit the form, the $_POST['name'] is blank, or an empty string. Hence, you see Your name is What's your name? (and the submission form), as isset evaluated to true for an empty string.

If you want to check for the emptiness of the text-field, you should use empty() function, which checks for both isset and well as if the field is blank/empty.

  if (!empty($_POST['name'])) $name = $_POST['name'];
  else $name = '(enter your name)';

Answer 2

change isset to !empty. You are retrieving an empty string from the post variable.

if (!empty($_POST['name'])) $name = $_POST['name'];
else $name = '(enter your name)';

OR to be more concise:

$name=empty($_POST['name'])?'(enter your name)':$_POST['name'];

Answer 3

That's because an empty string (which is sent by the browser to the server) is considered a valid value to cause a variable to be "set", so isset() returns true for it.

You want to check for empty() instead, if you want to make sure anything was entered.

Answer 4

As everyone else has said, empty() could work, but your question is why isset instead of empty.

Empty will return TRUE for anything that evaluates as FALSE, such as 0, 0.0, "0", so could lead to unintended consequences.

For completeness, you should probably check first if it's set, and then if it's empty, and handle accordingly.

I think lots of PHP coders also get in the habit of using isset() to check if the key exists in an array, so using isset comes naturally.

You'll note that in another example in that chapter, Nixon has special cases to handle the empty strings.

Answer 5

Make sure the form is already submitted by adding a name to the submit button and testing it first. Like this:

<input type='submit' name="submit" />

<?php
if (isset($_POST['submit'])) {
if (isset($_POST['name']))  $name = $_POST['name'];
....
}
?>