PHP Make a simple if-isset-empty function

Asked 11/4, 2011 at 15:2 Answered 23/9, 2015 at 22:21

I'm coding a worksheet app for a printer company. I'm getting flood of forms. For every single input field I have to check if the $_POST variables are set, and if, so echo back the value. (In case of some error, for example after a validation error, the user shouldn't retype the whole form)

Sample code:

if(isset($_POST['time'])&&!empty($_POST['time'])){echo $_POST['time'];}

I had to implement this about a hundred times. So I tried to figure out some kind of function to make this simple and readable.

Something like this:

function if_post_echo($key, $default = "") {
    if(isset($_POST[$key])&&!empty($_POST[$key])){
    echo $_POST[$key];   
    }else{
    echo $default;   
    }
}

But this wont work. I have tried to pass in the $_POST for the $key variable like this:

if_post_echo($_POST['time'])

function if_request_echo($key, $default = "") {
        if(isset($key)&&!empty($key)){
        echo $key;   
        }else{
        echo $default;   
        }
    }

And I also tried this:

function if_request_echo($key, $default = null) {
    return isset($_REQUEST[$key])&&!empty($_REQUEST[$key]) ? $_REQUEST[$key] : $default;
}

Without any reasonable outcome.

The question:

How can I forge a function that looks for the necessary $_POST variable and returns it or if its unset then returns an empty string. And is there a way to do this for $_GET and $_REQUEST, too? (Or simply duplicate?)

Euphuism answered 11/4, 2011 at 15:2 Comment(9)

Most of the time, you should avoid $_REQUEST, security matter. Go with $_GET and $_POST depending on the sent data. – Vert 11/4, 2011 at 15:7

Thank you for your comments! @David: I know about the $_REQUEST issue, but this time we are behind protection, the app un availabe from the net. @netcoder: I cant remember why I set this up like this, but I know I used to try the !empty alone without the isset and that dropped some problems. – Euphuism 11/4, 2011 at 15:13

@Vert how is $_REQUEST any less secure than $_GET or $_POST? They can all be modified by the user to produce values your application might not expect. As can $_COOKIE for that matter, which $_REQUEST also gets its value from. – Catastrophe 11/4, 2011 at 15:18

Have a look at Chris Shiflet Cross-Site Forgeries – Vert 11/4, 2011 at 15:21

Well, it's not actually a security but essential difference between POST and GET methods. – Musketry 11/4, 2011 at 15:26

@David: CSRF is a bit of a separate issue. You'll need authorization tokens in any case. Just depending on POST requests is insufficient to prevent exposure of write APIs. -- The $_REQUEST problematic is often blown out of proportion. It's really about cookie fixation rather. Using it allows macious users to cause usability defects rather than security exploits (in the majority of cases). – Damnedest 11/4, 2011 at 15:28

@Vert I don't see anything in Chris' article that describes how merely using $_REQUEST opens your PHP scripts up to anything security related. All external data (including headers!) supplied to your application should be mistrusted and validated as a matter of course anyway. – Catastrophe 11/4, 2011 at 15:29

Maybe you guys are right and I misunderstood the point, but why would you use $_REQUEST when you know these variable will be in the $_POST and $_GET arrays. Is there something in $_REQUEST you won't find in the two others? – Vert 11/4, 2011 at 15:43

@Vert see php.net/manual/en/reserved.variables.request.php for what is and is not in $_REQUEST – Catastrophe 11/4, 2011 at 15:49

Your PHP testing function:

<?php
function test_req($key, $default = '') {
    if(isset($_REQUEST[$key]) and
       !empty($_REQUEST[$key])) {
        return $_REQUEST[$key];
    } else {
        return $default;
    }
}
?>

Then in your form HTML:

<input name="my_field" value="<?php echo htmlentities(test_req('my_field')); ?>" />

$_REQUEST (linked) is a PHP super global that contains both POST ($_POST) and GET ($_GET) request parameters.

If you only want to capture POST request parameters then it would be:

<?php
function test_req($key, $default = '') {
    if(isset($_POST[$key]) and
       !empty($_POST[$key])) {
        return $_POST[$key];
    } else {
        return $default;
    }
}
?>

For example.

Catastrophe answered 11/4, 2011 at 15:9 Comment(0)

If you have a large amount of fields, I would propose that you also use an array of defaults:

$defaults = array(
    "time" => "default",
    "name" => "enter name here",
    "text..." => "...",
);

$fields = array_filter($_POST) + $defaults;

$fields will then contain a list of form values with either the POST data or a preset default. No isset, see?

array_filter man page particularly: If no callback is supplied, all entries of input equal to FALSE will be removed. Goes some way to explaining the working behind this solution.

Damnedest answered 11/4, 2011 at 15:15 Comment(2)

I like the simplicity of this approach. – Catastrophe 11/4, 2011 at 15:21

Thanks; also for adding the link! (It indeed works similar to empty() in this case.) – Damnedest 11/4, 2011 at 15:24

This should work:

function if_post_echo($key, $default = ''){
    if(isset($_POST[$key]) AND !empty($_POST[$key]){
        echo $_POST[$key];
    }

    echo $default;
}

If you're having problems I recommend that you try var_dump($_POST) or print_r($_POST) to see if everything has been properly posted.

Pollinosis answered 11/4, 2011 at 15:11 Comment(0)

Just to note, this is redundant:

isset($_POST[$key]) && !empty($_POST[$key])

An unset variable is going to always be "empty", so isset() is implied in your empty() call.

For your logic you can achieve the same result with just:

!empty($_POST[$key])

Jairia answered 17/6, 2013 at 23:46 Comment(0)

Your first function works perfectly to me.

Why do you think it doesn't work?

However, a better variant would be

function _post($key, $default = "") {
    if(isset($_POST[$key])){
        return $_POST[$key];
    }else{
        return $default;
    }
}

To use it :

echo $_post($key); // You could define the message as a second parameter.

Musketry answered 11/4, 2011 at 15:4 Comment(3)

I'm really messed up. With exactly this code you used i paste this: value="<?php _post(time); ?>" and returns nothing. – Euphuism 11/4, 2011 at 15:30

value="<?php echo htmlentities(_post(time)); ?> – Catastrophe 11/4, 2011 at 15:31

This does not check if the variable is empty, which is fine if $default is always an empty string. If not then it doesn't function as asked for. – Catastrophe 11/4, 2011 at 15:37

function requireArray( $array, $required ) {
    foreach( $required as $k=>$v ) {
        if ( !isset($array[$k]) || empty($array[$k]) )
            return false;
    }
    return true;
}
#call like this:
requireArray($_POST, array('time', 'username', 'foo'));

If you want to know specifically:

function missingFrom( $array, $required ) {
    $r = array();
    foreach( $required as $k ) {
        if ( !isset($array[$k]) || empty($array[$k]) )
            $r[] = $k;
    }
    return $r;
}

Called like previous function.

Vespid answered 11/4, 2011 at 15:11 Comment(0)

Your method seems to work fine here:

function if_post_echo($key, $default = "") {
    if(isset($_POST[$key])&&!empty($_POST[$key])){
        echo $_POST[$key];   
    }else{
        echo $default;   
    }
}

I made a simple input with the name test and the form method is POST and using echo if_post_echo('test');.

It posted on the page what was in the text box.

Vert answered 11/4, 2011 at 15:18 Comment(0)

This feature is being added in PHP 7 as the "Null Coalesce Operator" using two question marks:

echo ($_GET['message'] ?? 'default-if-not-set');

https://wiki.php.net/rfc/isset_ternary

Browband answered 23/9, 2015 at 22:21 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

The question:

Recommended topics

Hot tags