1

I want to check many values if are set at the same time. I read from the isset documentation that says If multiple parameters are supplied then isset() will return TRUE only if all of the parameters are set. Evaluation goes from left to right and stops as soon as an unset variable is encountered.

So why does my code always print the values sent and never prints 'no'?

PHP

if ( isset( $_POST['thread'],
        $_POST['winkey'],
        $_POST['dkey'],
        $_POST['winrew'],
        $_POST['drew'] )===true ) {
    echo $_POST['thread'];
    echo $_POST['winkey'];
    echo $_POST['dkey'];
    echo $_POST['winrew'];
    echo $_POST['drew'];
}
else echo 'no';

HTML

<form action="class.php" method="POST">
thread link:<br>
<input type="text" name="thread" >
<br>
win key:<br>
<input type="text" name="winkey" >
<br>
double key:<br>
<input type="text" name="dkey" >
<br>
winrew:<br>
<input type="text" name="winrew" >
<br>
double rew:<br>
<input type="text" name="drew" >
<br>
<input type="checkbox" name="banlist" value="ban">Include banlist<br>
<br>
<input type="submit" value="Submit">
</form>
George Irimiciuc
  • 4,573
  • 8
  • 44
  • 88
  • You don't really need to test them all. In fact in most cases just checking one or two of them from the mix is fine. – Spencer Wieczorek Jan 14 '15 at 19:45
  • 1
    I do, my program requires all of them to be set. – George Irimiciuc Jan 14 '15 at 19:54
  • @SpencerWieczorek The principle of never trusting user input - since these are attack vectors for bots - should also require you to test them all. Anything short of that is a security vulnerability, and your website will get hacked at some later date. – Jake Feb 10 '23 at 02:23
  • [Another similar question has better answers](https://stackoverflow.com/questions/17187066) that will also address the question here. It was also asked before this one. If I were to provide an answer here, I'd just link to some of the answers there. So I would vote this as a duplicate. – Jake Feb 10 '23 at 02:29
  • Does this answer your question? [how to check multiple $\_POST variable for existence using isset()?](https://stackoverflow.com/questions/17187066/how-to-check-multiple-post-variable-for-existence-using-isset) – Jake Feb 10 '23 at 02:32

3 Answers3

4

As soon as you submit your form, all the variables in $_POST that you mention, will be set. If a POST request is not made, none of them will be set.

I think you are looking for empty() instead to test if any of the variables is empty.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • The problem is empty doesn't support multiple parameters, so if I have a big form I have to write for each of them. – George Irimiciuc Jan 14 '15 at 19:28
  • @GeorgeIrimiciuc Yes, but I would guess you are doing some validation any way. You could also put the names of the required fields in an array and loop over that. – jeroen Jan 14 '15 at 19:30
2

Probably because when you POST the form, the values ARE set, even if you didn't put anything in the input fields. For those keys you would get an empty string (which would return TRUE for isset()).

You probably should be checking using !empty().

An even better approach might be to use filter_input_array(). That could look something like this.

//define callback function to be used to check if value is empty
function empty_filter($var) {
    if(!empty($var)) return $var;
}

$filter_definitions = array(
    'thread' => array('filter'    => FILTER_CALLBACK,
                      'options'   => 'empty_filter',
                      'error_message'    => 'This field cannot be empty.'), // filter_var_array will ignore this, but you can specify messaging here.
    'winkey' => array('filter'    => FILTER_CALLBACK,
                      'options'   => 'empty_filter',
                      'error_message'    => 'This field cannot be empty.'),
    'dkey' => array('filter'    => FILTER_CALLBACK,
                      'options'   => 'empty_filter',
                      'error_message'    => 'This field cannot be empty.'),
    'winrew' => array('filter'    => FILTER_CALLBACK,
                      'options'   => 'empty_filter',
                      'error_message'    => 'This field cannot be empty.'),
    'drew' => array('filter'    => FILTER_CALLBACK,
                      'options'   => 'empty_filter',
                      'error_message'    => 'This field cannot be empty.')
);

$filtered_post = filter_input_array(INPUT_POST, $filter_definitions, true);

// items not passing filter will show as NULL, so we check for NULL
if(in_array(NULL, $filtered_post)) {
    // you can walk through the filtered array an echo out error messages
    foreach($filtered_post as $key => $value) {
        if(is_null($value)) {
            echo $key . ': ' . $filter_definitions[$key]['error_message'] . '<br>';
        }
    }
} else {
   // validation passed
   // do whatever comes next
}

Note here that you can define a different filtering condition for each key in the input array, so for example you want to validate one field as email address, one as an IP address, one as a regular expression, or even your own custom validation, you can specify the validation criteria and do it all in one pass.

Mike Brant
  • 70,514
  • 10
  • 99
  • 103
0

when you submit form than values on action page gone. that's mean something is going from input it could be empty strings but you can consider this empty strings like zero in number which has not value but have number. same in your case, values are going on action page that is why every time values print.

you can check now by opening action page in new tab when form will not submitted. no will be print that's mean values are not going on action page. your code should be as below.

if ( isset( $_POST['thread'],
    $_POST['winkey'],
    $_POST['dkey'],
    $_POST['winrew'],
    $_POST['drew'] )===true ) {
    if ($_POST['thread'] == "" and $_POST['winkey'] == "" and $_POST['dkey'] == "" and $_POST['winrew'] == "" and $_POST['drew'] == ""){
        echo "no";
    } 
    else{
            echo $_POST['thread'];
            echo $_POST['winkey'];
            echo $_POST['dkey'];
            echo $_POST['winrew'];
            echo $_POST['drew'];
    }

}
else echo 'no';
M Razwan
  • 257
  • 3
  • 12