1

I'm confused how to use isset and empty, I'm trying to write a simple api, there should be error saying which param is missing and return error too if the param is null.

What's wrong my statement below?

$email= isset($_POST['email']) ? mysqli_real_escape_string($mysqli, $_POST['email']) : '';
if(empty($email)) {
    echo 'email cannot be empty!'
}
fellecia Wen
  • 23
  • 4

5 Answers5

1

You don't actually need to use both isset and empty, because empty already does it.

No warning is generated if the variable does not exist. That means empty() is essentially the concise equivalent to !isset($var) || $var == false.

More details are here: http://php.net/manual/en/function.empty.php

So your code could look this way, for example:

if (empty(trim($_POST['email']))) {
    echo "Email cannot be empty!\n";
    // you should add return or raise exception here
    // or even exit
    exit;
}

$email = trim($_POST['email']);

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Your email {$email} is invalid\n";
    // you should add return or raise exception here
    // or even exit
    exit;
}

$email = mysqli_real_escape_string($email);
Axalix
  • 2,831
  • 1
  • 20
  • 37
  • so I have to echo twice, what if it is not email? it's fname or lname? – fellecia Wen Dec 30 '17 at 04:32
  • @felleciaWen you can isolate this logic in a method and just pass there which fields and how should be validated (a set of rules), bit if your are looking for something really simple, then yes: each field should be validated separately. On the other hand, you can validate if some variables are set or not in a loop. – Axalix Dec 30 '17 at 04:39
  • can't I combine is set and is empty and return the same error msg? they are basically the same thing, is empty is to prompt to the user, is set is to prompt to the front end developer. Hope you get the point. – fellecia Wen Dec 30 '17 at 04:40
  • @felleciaWen I understand what you mean: it's possible frontend won't pass email at all OR will pass an empty string as email. My code will work for both cases and return the same error echo "Email cannot be empty!" You can surely change the text if you want. I made a few changes in my code and added trim to prevent an issue when users just enter spaces in a field (what should be treated as an empty email as well). – Axalix Dec 30 '17 at 04:52
0

I think you are trying to check $email value which is null. You should check $fname in if statement instead.

Amit Gupta
  • 2,771
  • 2
  • 17
  • 31
Akbar Soft
  • 1,028
  • 10
  • 19
0

Change $email to : 

$email= isset($_POST['email']) && !empty($_POST['email']) ? mysqli_real_escape_string($mysqli, $_POST['email']) : '';

So the $_POST['email'] is not containing empty value.

Hasta Dhana
  • 4,699
  • 7
  • 17
  • 26
0

Try to use next code snippet

if( false === input_filter(INPUT_POST, FILTER_VALIDATE_EMAIL) ) {
    echo "error message";
}

$email = input_filter(INPUT_POST, FILTER_SANITIZE_EMAIL );
// to do somethink with email...
Kudryavtsev Maxim
  • 310
  • 1
  • 10
0

try this to check for all missing fields:

 $required_fields = array('email', 'name', 'password');
$err_msgs=array();
foreach($required_fields as $field) { 
  if(empty( $_POST[$field]) ){
  err_msgs[]= $field . ' cannot be empty!';
    }
  }

  if (!empty($err_msgs)) {
  echo json_decode($err_msgs);
  }

Edit: removed isset() after reading Axalix's answer.

USER249
  • 1,080
  • 7
  • 14