1

I'm calling PHP function from html and I want to make sure that one thing happens when the corresponding input box is empty and other thing when not. for some reason PHP recognises it always as not empty. can't figure out why.

html snippet:

<input type="button" 
value="checkout"
onClick="self.location='testphp.php?checkout=true&folderName=\'' +  document.folderForm.folderLocation.value + '\''">

</button> 
<form enctype="multipart/form-data" method="post" name="folderForm">
<input type=file name="myfile">
<input type=text name="folderLocation" id="folderLocation">
<input type=hidden name="folderName">
<input type=button value="Get Folder" onclick="javascript:GetFolder();">
<input type=hidden name=submitted value=1> 
<input type="submit" value="Create Repository" />
</form>

php snippet:

if($_GET['checkout']){
    if( isset( $_GET['folderName'] ) && !empty( $_GET['folderName'] ) ) {
        echo $_GET["folderName"];
        echo exec("/var/www/html/checkout.sh ".$_GET["folderName"]);
    } else {
        echo "<script type='text/javascript'>alert('Please choose repository from the list first');</script>";  
    }
}

any ideas?

Daniel Waghorn
  • 2,997
  • 2
  • 20
  • 33
user2880391
  • 2,683
  • 7
  • 38
  • 77

1 Answers1

0

Try changing !isempty( $_GET['folderName'] ) to strlen( $_GET['folderName'] ) > 0.

EDIT In this case the problem was caused by the ' in the folderName parameter where when the folderName was blank the resulting $_GET still contained two quotes.

Daniel Waghorn
  • 2,997
  • 2
  • 20
  • 33
  • thanks, but it didn't help. it always get to the 'true' part. – user2880391 Jul 11 '15 at 19:42
  • You don't need to escape the URL or place it into quotes when you add it to the `folderName` parameter in your query string. Instead you should encode it into HTML entities via JavaScript using a method similar to the one detailed [here](http://stackoverflow.com/questions/18749591/encode-html-entities-in-javascript). – Daniel Waghorn Jul 11 '15 at 19:56
  • the escape removing solved it. I guess that '' was always sent. not sure about the HTML encoding. thanks! and BTW I'm still using the '!empty'. – user2880391 Jul 11 '15 at 20:27
  • No problem, it's a good idea to encode if there's a chance of special characters. The reason that it wouldn't have worked was even when there was no `folderName` it would have still set `$_GET['folderName'] = ''` so not empty. – Daniel Waghorn Jul 11 '15 at 20:31