1

Sometime ago, I was in a internship, and I was working as a junior web-developer. While working and learning, I noticed that when changing pages, instead of using isset($_POST/GET/REQUEST["var"]) they just used $_POST/GET/REQUEST["var"].

So, later I came home, and tried the same thing. What happens ? Every-time I come across a if() to verify that, I have to use isset(), otherwhise it gives me an error. But notice one thing, my url is this:

?p=sub_artigo&id=2

So, when I do the if() condition:

if(isset($_REQUEST["p"])=="procurar" && $_REQUEST['cont']){

It doesn't show errors, but if I take of the isset(), it gives the usual error that I see in the forums and here.

So my question is, why doesn't show the error for the second variable ?

Note: p->string;id->int

Rob W
  • 341,306
  • 83
  • 791
  • 678
calexandru
  • 307
  • 1
  • 3
  • 16
  • 1
    [Welcome to stackoverflow, please consider reading **the SO Tour**. it will guide you on how to best use this site](http://stackoverflow.com/about) – Prix Jul 03 '13 at 17:28
  • possible duplicate of [PHP Short-Circuit Evaluation](http://stackoverflow.com/questions/5694733/php-short-circuit-evaluation) – lonesomeday Jul 03 '13 at 17:29

3 Answers3

7

They have error_reporting turned down, which is nice because it means you can do things like

if ($_POST['whatever']) { ... }

instead of 

if (isset($_POST['whatever'])) { ... }

but it also stops you from seeing other possibly pertinent errors.

this setting is found in the php.ini file under the variable error_reporting.

More information on the ini file can be found here: http://php.net/manual/en/ini.php

also, isset($_REQUEST["p"])=="procurar" while sytactically correct, is never going to return true, because isset() returns a boolean value.

what you want is isset($_REQUEST['p']) && $_REQUEST['p'] == 'procurar'

castis
  • 8,154
  • 4
  • 41
  • 63
  • Yeah, lack of attention on that isset() from my behalf, darn it. So it's the error_reporting..interesting. So in your opinion, which is more practical and secure ? $_POST["var"] or isset($_POST["var"]) ? – calexandru Jul 03 '13 at 17:41
  • using `isset()` is definitely the way to go. also check out `empty()` it checks the opposite. – castis Jul 03 '13 at 17:42
  • 1
    Ok, thank you very much castits, much appreciated. Have a good day :) – calexandru Jul 03 '13 at 17:49
6

RTM: http://php.net/isset

isset() returns a boolean TRUE/FALSE. It will NEVER return a string, so this statement

if(isset($_REQUEST["p"])=="procurar" && $_REQUEST['cont']){

can NEVER succeed, because isset() will never EVER be equal to procurar, so the ['cont'] check will never be evaluated.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Marc B
  • 356,200
  • 43
  • 426
  • 500
0

When the first statement is false, PHP does not bother triyng the rest of the if statement.

I always use the following check on every $_REQUEST, $_POST or $_GET key:

function ifSet($key) {   
    return (isset($_REQUEST[$key]) && $_REQUEST[$key])?$_REQUEST[$key]:'';
}

This will never give you any warnings, even if error_reporting is set to E_ALL.

The 'isset' checks if the $key is set and after that it checks if $key has a value.

IT-Smart
  • 33
  • 5
  • You can extend this function with clean($_REQUEST[$key]) as output, where clean is your personal function for filtering input data. The combination of this I always use on every input variable. – IT-Smart Jul 03 '13 at 18:16