-4

Obviously I know that array_key_exists is not giving a false positive. I'm doing something wrong. I just wanted to grab your attention. :)

Seriously though. I am doing this as an exercise.

Here is my code:

<?php
$error = "";
if($_POST) 
{   
    if (!array_key_exists('email',$_POST)) {
        $error .= "<p>You did not submit an e-mail address. Please try again.</p>";
    }
    if (!array_key_exists('password',$_POST)) {
        $error .= "<p>You did not submit a password. Please try again.</p>";
    }
    echo $error;

    print_r($_POST);
}
?>

When I don't submit either email or password, echo $error outputs nothing. print_r($_POST) outputs whatever I sent.

What am I missing here?

Pradeep
  • 9,667
  • 13
  • 27
  • 34
user339519
  • 13
  • 4
  • Please change your title to appropriately reflect your question. Click baiting is just wrong. "Obviously I know that array_key_exists is not giving a false positive." – kchason Oct 17 '17 at 14:55
  • I don't know how else to phrase it. – user339519 Oct 17 '17 at 14:56
  • 1
    *"What am I missing here?"* - The html for this. – Funk Forty Niner Oct 17 '17 at 14:56
  • `if($_POST)` is bad practice btw. – Funk Forty Niner Oct 17 '17 at 14:56
  • 5
    *"When I don't submit either email or password"* – you mean when you submit the keys `email` and `password`, **but without any value**, meaning an empty string?! `array_key_exists` doesn't care about the value. – deceze Oct 17 '17 at 14:58
  • Suggest you to use isset example if(isset($_POST['email']))$error .= "

    You did not submit an e-mail address. Please try again.

    ";     – Sivaraj S Oct 17 '17 at 14:58
  • 2
    @Sivaraj What does that change? – deceze Oct 17 '17 at 15:00
  • Try with [empty()](http://php.net/manual/en/function.empty.php) rather than `!array_key_exists()` you're really more interested in whether that value has data rather than whether it exists in the request. – CD001 Oct 17 '17 at 15:01
  • 1
    @CD001 Note that `"0"` is "`empty`" as well; `strlen` is usually the test you're interested in. – deceze Oct 17 '17 at 15:02
  • @deceze - won't strlen throw a warning on an non-set index though (e.g. a `textarea` with no content doesn't get passed through with the request) - so perhaps both? – CD001 Oct 17 '17 at 15:03
  • array_key_exists will definitely tell you if a key exists in an array, whereas isset will only return true if the key/variable exists and is not null https://stackoverflow.com/questions/3210935/difference-between-isset-and-array-key-exists – Sivaraj S Oct 17 '17 at 15:04
  • 1
    @CD001 Yes, you want to precede the `strlen` with an `array_key_exists` or `isset` test. – deceze Oct 17 '17 at 15:05

4 Answers4

1

$_POST['email'] and ['password'] exist but are empty you should see it with your print_r($_POST);

You should check the value instead of the key.

Pradeep
  • 9,667
  • 13
  • 27
  • 34
Romain B.
  • 656
  • 6
  • 15
0

I think that you should use

empty($_POST['email'])

instead of array_key_exists.

TTT
  • 1,848
  • 2
  • 30
  • 60
0

Why not just check empty($_POST['email']) instead of !array_key_exists?

Both will check if the key exists and also will check if they are not NULL.

empty will additionally check if it's no empty array, 0(as int and as string), empty string, etc.

EDIT

I was late

Pradeep
  • 9,667
  • 13
  • 27
  • 34
S-C
  • 24
  • 5
  • Since POST values can never be `null`, `isset` won't do anything over `array_key_exists` here. – deceze Oct 17 '17 at 15:08
  • Correct if they are from html form. Here is considered just POST data forwarding so for example also rest client requests when someone did not added form field – S-C Oct 17 '17 at 15:10
  • 1
    HTTP does not have a `null` type. It's all just strings. No HTTP POST value can ever be `null`. – deceze Oct 17 '17 at 15:13
  • Yeah you are right. You can pass NULL with json data but then it's not in $_POST variable. edit – S-C Oct 17 '17 at 15:23
-1

I would add a hidden input to your form 

<input type="hidden" name="formSubmitted" value="1" />

Then you can check for the form having been submitted, rather than checking for the existence of your $_POST array. Also, in case both of your fields are empty when they are submitted, this provides a separate mechanism for identifying that, rather than assuming both of your fields will be valid.

<?php
$error = "";

if(isset($_POST['formSubmitted']) && $_POST['formSubmitted'] == 1) {    
    if (!array_key_exists('email',$_POST)) {
        $error .= "<p>You did not submit an e-mail address. Please try again.</p>";
    }

    if (!array_key_exists('password',$_POST)) {
        $error .= "<p>You did not submit a password. Please try again.</p>";
    }

    echo $error;

    print_r($_POST);
}
?>

I'm also assuming you (will) have some other forms of validation to ensure that the email address and password meet some basic requirements that are not shown here.

kchason
  • 2,836
  • 19
  • 25