Check if array elements are empty

Question

I have a simple PHP form that I'd like to improve validation to help fight empty form submissions from bots.

I have the following array that houses input names from another page.

$expected = array('Project-Inquiry','Name','Company-Name','Phone-Number','Email');

I'd like to verify that these elements, in fact, do contain content, as they're already verified with JS on the previous page. JS is only good when it's enabled, so I'd like to add an extra layer of validation here for when it's disabled.

I tried the following:

$expected = array_filter($expected);

if (!empty($expected)) {
// Do Something
}

And I have also tried the following:

$error = false;
foreach($expected as $field) {
    if (empty($_POST[$field])) {
        $error = true;
    }
}
if ($error) {
    // Do Something
}

I seem to be falling short. Any suggestions?

First try can't work since you check if your previously defined array is empty. Second example looks good, what's the problem with that? — clemens321, Oct 18 '17 at 20:09
Perhaps in the second example, you're expecting behavior for `if ($error === false)`? — RToyo, Oct 18 '17 at 20:39

score 0 · Answer 1 · answered Oct 18 '17 at 20:46

If you want to fight against bots

Create a hidden input that human doesn't see and bots will fill it. You need to check that input before doing anything. If that input filled, it means that form sent by bot not human.
Create a session with current time when you are showing form, when post happening check the time difference. if it is less than 3 sec it's a bot.
use captcha system.

If you want to validate inputs

Don't do validation like what you did on your question. You should try to validate each one of them with proper validation method. for example how you should validate email is completely different from name.

for example do this for email:

$email = (isset($_POST['email']) && is_string($_POST['email']))? trim($_POST['email']) : '';
$email_error = (filter_var($email,FILTER_VALIDATE_EMAIL))? true : false;

for name is different:

$name = (isset($_POST['name']) && is_string($_POST['name']))? trim($_POST['name']) : '';
$name_error = (strlen($name)>20 || strlen($name)<3)? true : false;

You can add more filter to my examples.

jvk · Answer 2 · 2017-10-18T21:48:10.870

0

Let your expected data be array be

$expected = ['name', 'email', 'mobile'];

let form post values be $_POST

foreach($_POST as $key => $value) {
     if (empty($value) && in_array($key, $expected)) {
        if ($value=='') {
            echo $key. ' is should not be empty'."<br/>";
           }   
    }
}

you can get result as expected

HTML FORM

<form action="" method="post">
Name    <input type="text" name="name"><br>
email   <input type="text" name="email"><br>
mobile<input type="text" name="mobile">
    <input type="submit" value="Submit">
</form>

edited Oct 18 '17 at 21:48

answered Oct 18 '17 at 21:37

jvk

2,133
3
19
28

Never do something like this. Just get $_POST based on keys that you want. – ICE Oct 18 '17 at 22:26

score 0 · Answer 3 · answered Oct 18 '17 at 21:41

0

Have you considered about using a library to validate?

I recommend you to use https://laravel.com/docs/5.5/validation, so you can validate more complex rules also, and it is very clear.

answered Oct 18 '17 at 21:41

Nielsen Martins Gonçalves

342
6
12

Check if array elements are empty

3 Answers3