Unchecked checkbox sending value as true

Question

Why is the server getting bool true when the checkbox isn't checked? I did a variable dump because it was sending email to all the emails when the checkbox was not even checked. Below is my PHP and below that one is the html form

    <?php
    $fname = htmlspecialchars($_POST['fname']);
 $lname = htmlspecialchars($_POST['lname']);
 $email = htmlspecialchars($_POST['email']);
 $cell = htmlspecialchars($_POST['cell']);
 

//Form Items
$ferventfoodies = htmlspecialchars($_POST['ferventfoodies']);
$whatsnext = htmlspecialchars($_POST['whatsnext']);
$youngcouplesmentorship = htmlspecialchars($_POST['youngcouplesmentorship']);
$itsnotaboutme = htmlspecialchars($_POST['itsnotaboutme']);
$wedensdaynightbiblestudy = htmlspecialchars($_POST['wedensdaynightbiblestudy']);
$theconversation = htmlspecialchars($_POST['theconversation']);
    

var_dump(isset($ferventfoodies));
var_dump(isset($whatsnext));
var_dump(isset($youngcouplesmentorship));
var_dump(isset($itsnotaboutme));
var_dump(isset($wedensdaynightbiblestudy));
var_dump(isset($theconversation));
    ?>

Form

<form action="https://1moment.today/gg-submission.php" method="post">

 <input type="checkbox" id="ferventfoodies" name="ferventfoodies">
<label for="ferventfoodies"></label>

 <input type="checkbox" id="whatsnext" name="whatsnext" >
<label for="whatsnext"></label>
                    
<input type="checkbox" id="youngcouplesmentorship" name="youngcouplesmentorship"> 
<label for="youngcouplesmentorship"></label>

 <input type="checkbox" id="theconversation" name="theconversation">
<label for="theconversation"></label>

<input type="checkbox" id="itsnotaboutme" name="itsnotaboutme">
<label for="itsnotaboutme"></label>


<input type="checkbox" id="wedensdaynightbiblestudy" name="wedensdaynightbiblestudy">
<label class="overflow" for="wedensdaynightbiblestudy">
        </label>

  <input type="submit" value="Submit">
</form>

hi, links that you have given are generating 404 error... moreover paste your code here directly in question... — Anant V, Mar 28 '23 at 02:38
Post your (**minimal**) code here, not on an external site. https://stackoverflow.com/questions/how-to-ask, https://stackoverflow.com/help/mcve — Don't Panic, Mar 28 '23 at 04:51

Quentin · Answer 1 · 2023-03-28T11:46:26.713

You've misdiagnosed the problem.

The checkbox will either send On or nothing depending of it is checked or not. For the rest of this question I will assume it is unchecked and sending nothing.

$ferventfoodies = htmlspecialchars($_POST['ferventfoodies']);

This will output two warnings:

PHP Warning: Undefined array key "ferventfoodies"

and

Deprecated: htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated

It will then assign "" to $ferventfoodies.

Make sure you have PHP configured, in your development environment, to show you all your warnings because they are telling you what your real problem is.

 var_dump(isset($ferventfoodies));

Now this will output true because you set $ferventfoodies to an empty string.

To fix this:

Refactor your code to apply the isset check directly to $_POST['ferventfoodies']
Only use htmlspecialchars:
- on strings (i.e. not on null)
- on data you are outputting to HTML (i.e. not on data you are testing for specific values / inserting into a database / anything except being inserted into HTML).

Unchecked checkbox sending value as true

1 Answers1