13

I need to check if php://input exists/isset. Does it work with PHP isset() ? What is the proper way to check it?

Syscall
  • 19,327
  • 10
  • 37
  • 52
Renato Probst
  • 5,914
  • 2
  • 42
  • 45
  • 2
    Look it's Schrodinger's Cat! You can't know it until you *f*open it! :) – Prasanth Sep 25 '13 at 18:20
  • If it's std web request, you can check for $_SERVER['CONTENT_LENGTH'], apart of that there's no other way. Functions like fstat or stream_get_meta_data doesn't work in this case. :( – xpuu Dec 13 '17 at 23:46

4 Answers4

18

Try to test it with file_get_contents() (for reading) + empty() or boolean conversion (for testing):

<?php
$input = file_get_contents('php://input');

if ($input) {
   // exists
} else {
   // not exists
}

From php.net:

Note: Prior to PHP 5.6, a stream opened with php://input could only be read once; the stream did not support seek operations. However, depending on the SAPI implementation, it may be possible to open another php://input stream and restart reading. This is only possible if the request body data has been saved. Typically, this is the case for POST requests, but not other request methods, such as PUT or PROPFIND.

BlitZ
  • 12,038
  • 3
  • 49
  • 68
  • In this case i`m reading base64 data from a file upload, file_get_contents only return something if it reads a true file? (i mean, if the user send a fake base64, just text, but pre formated to look like base 64, but not a true file, what would result from $input?) – Renato Probst Sep 25 '13 at 18:03
  • @sagits yes. `file_get_contents()`, when using this URL-wrapper, reads any content, if it is there. No matter of content structure. – BlitZ Sep 25 '13 at 18:06
  • Thank your @CORRUPT, i got a little confused about your answer, you mean that it can read the fake base 64, but will return false, or it would return true? I read on the function manual that it returns false if it can`t read the content. Can you explain me that? Thank you for your time – Renato Probst Sep 25 '13 at 18:13
  • @sagits it will return any content, except empty string (`''`), that was posted to `php://input`. I mean, if even fake base64 string would be there, it will return it as string. – BlitZ Sep 25 '13 at 18:26
  • Thank you, i`m going to use [base64_decode](http://php.net/manual/pt_BR/function.base64-decode.php) to check for error`s in this case. – Renato Probst Sep 25 '13 at 18:37
2

You can get the contents of php://input using file_get_contents and check the return value to see if it's actually set:

$input = file_get_contents("php://input");
if ($input) {    
    // set     
}
else {
   // not set
}
Amal Murali
  • 75,622
  • 18
  • 128
  • 150
1

it returns true if variable exist and its not null

$foo = 'bar';
var_dump(isset($foo));        -> true

$baz = null;
var_dump(isset($baz));        -> false

var_dump(isset($undefined));  -> false
-2

Suppose you are getting user input from a POST request you can check if it's a set like this

 if(isset($_POST['var_name']))
 {
      //for additional checking  like if  it's not  empty do this
      if(!empty($_POST['var_name']))
      {
           //Do whatever you want here
      }
 }
user2801966
  • 418
  • 3
  • 11
  • 2
    `php://input` is where `POST` or `PUT` data is located, not `GET` parameters. – Barmar Sep 25 '13 at 17:52
  • Better, although it will only work if the data is formatted properly as form data. Usually the reason to use `php://input` is because you need to access the raw data. – Barmar Sep 25 '13 at 17:56
  • agreed but i guess i just wanted to give an example of how to use iseet function – user2801966 Sep 25 '13 at 17:57