Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26

Thread: isset()

  1. #16
    Master Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    5,188
    Thanks
    113
    Thanked 610 Times in 596 Posts
    Quote Originally Posted by benanamen View Post
    The problem with a hidden field is that means you expect that every user is going to use YOUR form to submit data. There are several other ways it can be done and many reasons why someone might not use YOUR form.

    Say someone was posting data with cURL, they would have to know that your script REQUIRES some hidden piece of data in order to work or it will completely fail. Checking for the REQUEST METHOD is the only foolproof way for your script to always work.

    Having to code in your hidden data pretty much throws out your argument of "a few more characters of code to write" in order to properly handle a form submission.

    Another scenario, consider a team development with guys how do the code and other guys that write the templates. All the template guys would have to know and remember to put in the magical hidden text that allows the script to work and will fail without it.
    I'm very aware of your point, we've had this out before and Jacques1 decided to slam me heavily for it (before vanishing back to his other forum) however ultimately as the webmaster, there is no obligation for you to be forced to support clients alternative methods of form submission and in fact as webmaster, you may well chose to block them instead. Additionally even if you check the request method, there is still no guarantee that the automated client such as cURL will supply all of the expected fields. In fact, I could argue that anyone sending these fields should have viewed the source and seen ALL the fields they need to submit anyway.

    Take this for example. Moons ago I used to have a script that would check my car insurance was valid by submitting my registration to askMID. It worked dandy. If the insurance didn't show up for whatever reason i'd get an email (and was working on sms) to alert me not to bother using the car.

    Then askmid decided to get their knickers in a twist because i was a regular user. They decided to start inserting other variables into hidden fields that made no sense and meant the form wouldn't process correctly if not submitted. Worse, the html itself changed randomly plus they did some session tinkering too. The end result was that i could no longer submit requests via cURL. When i made contact they explicitly stated they didn't want this to continue and that was why they were actively blocking these requests. I can't argue with that, it's their website and if they're going to block automated requests, thats their decision - as it is with any webmaster.

    I personally don't support automated requests either. If i were to then i could spend hours providing tech support for people. I don't mind the thought of them doing automated requests but i don't have a policy of coding for it - i'm building a website not an API and they take their chances accordingly. If they want an API then thats negotiable.

    As for your comments regarding the template designers, well the back and front end coders would clearly need to work on their communication.

    Ultimately i'm not going to knock your way of doing things.. but it isn't the only way depending on your point of view of the bigger picture.
    Quote Originally Posted by deathshadow View Post
    So seriously, loosen up that tie, let out the belt, and try relating to normal people on the street instead of the gentleman's club crowd.

  2. #17
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,262
    Thanks
    3
    Thanked 128 Times in 123 Posts
    Wow, I never ever imagined someone would create a form with a single checkbox and nothing else
    Wow back at you!

    Your inexperience is really starting to show. Your method is just plain wrong and can completely fail and is not "my way" or my opinion. What I have shown is the correct FAILPROOF method in ALL situations. @Vege gave a very good example of a COMMON single checkbox usage. My example was not even pointing out the use of a single checkbox so you again show you missed the whole point.

    Have you never seen gmail or many other GUI's with multiple table rows where you can select CHECKBOXS to delete rows? Have you never done a form that has a single input of any type or a form that is all checkboxes? I hope you're not charging people for your "real-life" forms.

    And by the way, you never addressed the FACT that your if is pointless since there is only ever going to be ONE result. That alone shows what you are doing is wrong.
    Last edited by benanamen; 10-14-2017 at 05:35 PM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  3. #18
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,262
    Thanks
    3
    Thanked 128 Times in 123 Posts
    Quote Originally Posted by tangoforce View Post
    ................
    Ultimately i'm not going to knock your way of doing things.. but it isn't the only way depending on your point of view of the bigger picture.

    Even if you disregard every other reason I gave, the posted code example shows that anything else is clearly not the best way if one option will NEVER fail and another option could fail. And in the case of a checkbox form regardless of how many elements, it WILL fail. So are you going to adopt two different methods to code a form depending on the form type or you just going to have one foolproof method for all situations. It's not any more complicated than that.
    Last edited by benanamen; 10-14-2017 at 05:36 PM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  4. #19
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,262
    Thanks
    3
    Thanked 128 Times in 123 Posts
    Quote Originally Posted by phpmillion View Post
    However, all my code (and I guess code written by other folks here) is designed for real-life and form doesn't need to be processed when no single bit of data was submitted. In other words, all of us can create absurd examples to demonstrate how our method is "correct" and other methods are "total fails", but that's a desperate thing...
    Again you show your inexperience. Even YOUR own method will still process an empty form. I can use your "real-world" method and submit an EMPTY form and it will STILL be processed. If you knew what your doing an empty form would do absolutely nothing unless you wanted to provide user feedback that the form is empty.

    PHP Code:
    phpmillion "real-world" form - SUBMIT EMPTY FORM
    <?php

    if (!empty($_POST))
    {
        echo 
    '<br>I just submitted an empty form and it is processed';
    }
    ?>
    <form action="" method="post">
     <input name="notacheckbox" type="text">
     <input type="submit" value="Submit">
    </form>

    absurd examples
    LOL! Plenty of for really real-world uses in play

    but that's a desperate thing.
    So funny when people cant admit they are wrong. LOL!!!
    Last edited by benanamen; 10-14-2017 at 05:55 PM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  5. #20
    Master Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    5,188
    Thanks
    113
    Thanked 610 Times in 596 Posts
    Quote Originally Posted by benanamen View Post
    Followup: Proof of concept

    Try submitting this checkbox form unchecked using phpmillion's "technique". This will completely fail

    PHP Code:
    <?php
    var_dump
    ($_POST);

    if (!empty(
    $_POST))
    {
        echo 
    'The check says: POST request';
    }
    else
    {
        echo 
    'The check says: no POST request';
    }
    ?>
    <form action="" method="post">
     <input name="box1" type="checkbox">
     <input type="submit" value="Submit">
    </form>

    Now try it using the correct method. No failure.

    PHP Code:
    <?php
    var_dump
    ($_POST);

     if (
    $_SERVER['REQUEST_METHOD'] == 'POST')
    {
        echo 
    'The check says: POST request';
    }
    else
    {
        echo 
    'The check says: no POST request';
    }
    ?>
    <form action="" method="post">
     <input name="box1" type="checkbox">
     <input type="submit" value="Submit">
    </form>

    As a proof of concept.. :



    As you'll clearly see, in this scenario the _POST array IS empty - and thus the line you claim won't be seen IS. You did claim it will completely fail right?

    Empty means nothing in the array. The array can still be set and empty. I've not tried this on php7 but I'd find it strange that this behaviour would change.
    Attached Thumbnails Attached Thumbnails -screenshot_619-jpg  
    Quote Originally Posted by deathshadow View Post
    So seriously, loosen up that tie, let out the belt, and try relating to normal people on the street instead of the gentleman's club crowd.

  6. #21
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,262
    Thanks
    3
    Thanked 128 Times in 123 Posts
    When submitting the form tango force. This is an example of submitting the form. You are not going to code an else that is going to execute on page load in actual use as this example does. Admittedly, I should have left the else out which I did in a later post (#19) as I saw it would cause confusion. http://www.codingforums.com/php/3878...ml#post1540792

    I edited that post to remove the incorrectly used else. And yes, the actual check does completely fail on Submit.
    Last edited by benanamen; 10-14-2017 at 07:40 PM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  7. #22
    Master Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    5,188
    Thanks
    113
    Thanked 610 Times in 596 Posts
    Sorry i should have removed your second code snippet there... Let me start again.

    Using this code:



    Produces this:



    In other words, you CAN verify the post array containing data using the empty() function.

    Suppose I submit a post form to myscript.php?mode=users

    Would you call that a get or a post request? - because php via the server array classes it as a post request yet without the posted data in the array its a get request. So by that logic, if there is ANYTHING in the post array, you can assume it is a post request.

    Therefore if empty() does not find an empty _POST array... it is a post request. There is no need to look to see if php has set a string in the server array when its basically checking the same thing and using the same logic.

    Quote Originally Posted by benanamen View Post
    Even if you disregard every other reason I gave, the posted code example shows that anything else is clearly not the best way if one option will NEVER fail and another option could fail.
    Like I said to you though, even using your way there is still no guarantee that the client (in your example an automated request via cURL) will send all expected data anyway so while your point may be technically correct with regard to checking the server array, it is not the only way that you can verify your request method. As I said earlier I always look for a hidden form field and thats my preferred way to do it however the code sample you yourself gave earlier does work as per the screenshot above.

    That may well have changed in the later versions, i've not looked however it would be a bit odd to change the behaviour of empty() so drastically that it doesn't count an empty array as being empty.

    Quote Originally Posted by benanamen View Post
    And in the case of a checkbox form regardless of how many elements, it WILL fail.


    Thats one such checkbox form using my method. It does not fail. I look for the hidden field and if found, i look for the checkboxes. Works well enough for me.

    Quote Originally Posted by benanamen View Post
    So are you going to adopt two different methods to code a form depending on the form type or you just going to have one foolproof method for all situations. It's not any more complicated than that.
    From what i can work out you seem to be of the opinion that a post submission simply doesn't work unless you check it was a post request in the server array. This is wrong. You can check for a valid post array simply by looking for the elements you're expecting directly in the post array. It may not be politically correct but it also will not cause the code or logic to break.
    Last edited by tangoforce; 10-14-2017 at 09:06 PM.
    Quote Originally Posted by deathshadow View Post
    So seriously, loosen up that tie, let out the belt, and try relating to normal people on the street instead of the gentleman's club crowd.

  8. #23
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,262
    Thanks
    3
    Thanked 128 Times in 123 Posts
    Tangoforce, you think you're proving something and you have proven nothing.

    For one thing when you are doing the code for a form submission EVERYTHING goes in the if check that checks if the form is submitted. THERE IS NO ELSE. THE EXAMPLE IS WRONG AND I SAID SO.

    You know darn well the code goes as follows

    if (whatever post submit check is true){
    //Do EVERYTHING here. THERE IS NO ELSE THAT GOES HERE AND YOU KNOW THAT.
    }


    Suppose I submit a post form to myscript.php?mode=users

    Would you call that a get or a post request? - because php via the server array classes it as a post request yet without the posted data in the array its a get request. So by that logic, if there is ANYTHING in the post array, you can assume it is a post request
    What are you even talking about? PHP says it is a GET. Has nothing to do with what we are talking about.

    And in the case of a checkbox form regardless of how many elements, it WILL fail.
    Apparently I have to spell out every word. Without adding unnecessary hidden fields, it will in fact fail every time.

    Your example that works is because you are adding additional, unnecessary hidden code in order for it to work which I already addressed. PHP provides a built-in method to determine what kind of request has been made WITHOUT additional coding. You are free to do all the extra coding you want. There are all sort of hacks you can do to make something "work".

    Coding is logical. What you are doing is not logical.
    Php provides the request method to determine if their was a POST. Your logic REQUIRES EXTRA HIDDEN DATA in order to work

    In the case of a single OR multiple checkbox form with a PROPER if only (see first paragraph) and using phpmillions method it will absolutely fail. The fact is checking the request method BUILT IN to php is the single failproof solution for ALL cases without doing code gymnastics and adding ADDITIONAL coding in order for it to work. Bottom line, that is a workaround that is not needed since Php has provided a very simple foolproof in all cases method to handle it.

    In any case you have veered our off topic discussion to a whole different off topic discussion about how you do it. My off-topic veer was about what phpmillion posted. In that case, what he does will straight up fail with a checkbox form and the if is completely useless in any case since there will always only be one state.

    Why is it so hard for you to admit that checking the Request method is the best option for handling a form submission. It will not fail in any cases and requires no additional coding and is built-in to php. Can you answer YES to all of that those for your method or phpmillions?


    From what i can work out you seem to be of the opinion that a post submission simply doesn't work unless you check it was a post request in the server array.
    You worked it out wrong. I have not said that at all. Yes, your form with additional unnecessary coding of hidden elements works. What I am talking about is a best practice which includes not overcoding.
    Last edited by benanamen; 10-14-2017 at 10:08 PM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  9. #24
    Master Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    5,188
    Thanks
    113
    Thanked 610 Times in 596 Posts
    Quote Originally Posted by benanamen View Post
    Tangoforce, you think you're proving something and you have proven nothing.
    That depends on your point of view though. But this is becoming an interesting debate and I welcome further thoughts.

    Quote Originally Posted by benanamen View Post
    For one thing when you are doing the code for a form submission EVERYTHING goes in the if check that checks if the form is submitted. THERE IS NO ELSE. THE EXAMPLE IS WRONG AND I SAID SO.
    Thats fair enough, you provided a sample you're not happy with.. BUT.. people can and do use an else in their own code. I'll provide a sample in a jiffy.

    Quote Originally Posted by benanamen View Post
    You know darn well the code goes as follows

    if (whatever post submit check is true){
    //Do EVERYTHING here. THERE IS NO ELSE THAT GOES HERE AND YOU KNOW THAT.
    }
    Hang about there.. I'm sure there are plenty of scripts out there that obey this sort of logic:

    PHP Code:
    <?php
    //benanamen.php
    echo "URL is: $_SERVER[REQUEST_URI]<br><br>";
    echo 
    "Request method is: $_SERVER[REQUEST_METHOD]<br><br>";
    print 
    'Post array is:<br>';

    var_dump($_POST);
    print 
    '<br><br>';

    if(isset(
    $_POST['user']))
       {
       echo 
    "Hello $_POST[user]<br>";
       }
    else
       {
    ?>
    <html>
       <head>
          <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
          <title>XHTM</title>
       </head>
       <body>
          <form action="<?php echo $_SERVER['PHP_SELF']; ?>?mode=users" method="post">
             <input type="text" name="user" value="" />
             <input type="submit" name="submit" value="Send!" />
          </form>
       </body>
    </html>
    <?php
       
    }
    ?>
    Quote Originally Posted by benanamen View Post
    What are you even talking about? PHP says it is a GET.
    For the avoidance of confusion, i just want to make sure we're both on the same page on this so here's a full quote:



    Then you need to run the code above:



    Quote Originally Posted by benanamen View Post
    Apparently I have to spell out every word. Without adding unnecessary hidden fields, it will in fact fail every time.
    Ah.. but this is where we're potentially differing. I use a single point of entry through index.php for my projects. Anything that goes on (form submissions etc) all goes through that single file. Thus a hidden field to me is not unnecessary. To you it may be.

    Say my hidden field is called mode. My logic then looks something like this:

    PHP Code:
    switch(strtolower($_MODE['mode'])) //$_MODE being _GET or _POST - whatever i'm using (sometimes $_REQUEST to make it easier or $_HTTP which is $_GET + $_POST and kills cookies dead).
       
    {
       case 
    'emails':
          
    //Whatever
          
    break;
       case 
    'users':
          
    //Something else
          
    break;
       } 
    So to you that hidden field may be a waste of time. To me it is vital.

    Quote Originally Posted by benanamen View Post
    You are free to do all the extra coding you want. There are all sort of hacks you can do to make something "work".
    Ok, look at it like this. PHP looks for post data and if its present, sets $_SERVER['REQUEST_METHOD'] = 'POST'; otherwise it is GET by default. It's then set in the $_POST array. By that logic, if the request is a post request, then the post data will be in the _POST array which will not be empty.

    Now in your code, what is quicker and easier to type?:

    if ($_SERVER['REQUEST_METHOD'] == 'POST')

    or

    if (!empty($_POST))

    Look at the length of both those lines. The first is 41 characters. The second is 19.

    Try this code - it uses empty() instead of the user form field:

    PHP Code:
    <?php
    //benanamen.php
    echo "URL is: $_SERVER[REQUEST_URI]<br><br>";
    echo 
    "Request method is: $_SERVER[REQUEST_METHOD]<br><br>";
    print 
    'Post array is:<br>';

    var_dump($_POST);
    print 
    '<br><br>';

    if(!empty(
    $_POST))
       {
       echo 
    "Hello $_POST[user]<br>";
       }
    else
       {
    ?>
    <html>
       <head>
          <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
          <title>XHTM</title>
       </head>
       <body>
          <form action="<?php echo $_SERVER['PHP_SELF']; ?>?mode=users" method="post">
             <input type="text" name="user" value="" />
             <input type="submit" name="submit" value="Send!" />
          </form>
       </body>
    </html>
    <?php
       
    }
    ?>
    It works exactly the same as the previous code above that i screenshotted for you.


    So when you look at it like that, who is really doing the extra coding to achieve the same effect? - not the person typing the short version! It'll also take up 20 odd bytes less disk space.

    Quote Originally Posted by benanamen View Post
    Coding is logical. What you are doing is not logical.
    You're confusing two issues. I pointed out earlier that using empty() on the post array is acceptable. I've further pointed out that you can also use a hidden variable. These are two different methods - though both can be used together if needed.

    Quote Originally Posted by benanamen View Post
    Php provides the request method to determine if their was a POST. Your logic REQUIRES EXTRA HIDDEN DATA in order to work
    Thats due to the way i run things through a switch although it can still be used standalone. This however is not really extra hidden data if it means you cut down the number of files required on the server with all the logic inside just one index file.

    But face it, i don't even need a hidden form field when i can just tack the mode onto the end of the action url and be done with it that way.

    If you had 15 different files all starting with

    PHP Code:
    include 'config.php';
    include 
    'db.php';
    include 
    'security.php';
    include 
    'xyz/etc.php'
    then that would be a bit of a waste and also a maintenance pain. Going through one central file means there is less files to update, less disk space used on the server (those few lines alone are 89 bytes multiplied by the number of files using it) and IMO a pretty fair trade off for the sake of a hidden form field or longer url.

    Quote Originally Posted by benanamen View Post
    Why is it so hard for you to admit that checking the Request method is the best option for handling a form submission.
    I'm not denying checking the request method isn't a good option. I'm just saying there are other ways to check it. It seems pointless to me to type 20 odd characters extra when the same thing can be achieved with less. Ok it's only a few bytes on the disk and not going to break a storage limit by any means but its quicker to type

    Quote Originally Posted by benanamen View Post
    What I am talking about is a best practice which includes not overcoding.
    Again that depends on your POV.
    Last edited by tangoforce; 10-15-2017 at 12:31 AM.
    Quote Originally Posted by deathshadow View Post
    So seriously, loosen up that tie, let out the belt, and try relating to normal people on the street instead of the gentleman's club crowd.

  10. #25
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,262
    Thanks
    3
    Thanked 128 Times in 123 Posts
    First let me me address the first part. You wrote text and not code "Suppose I submit a post form to myscript.php?mode=users". I overlooked the specificity of "post form". I simply read it as you were submitting a form with the query string so that is a non issue. Yes, tango, the form with a post method would indeed be post. I didn't read it as you wrote it so there was indeed confusion.


    Ah.. but this is where we're potentially differing. I use a single point of entry through index.php for my projects.
    I also use a single point of entry. They way you are doing it, yes you would need an identifier. Without getting into it in this thread I will just say there is a much much better way to do that than you are doing that would not require you to ever have to edit the code and continually grow your switch statement. The fact that a hidden field for your approach is vital is a problem. Simply put, there is a much better way. I will say, I "used" to do the same type of thing until I got more educated (Funny enough, it was from @Jaques1), just as I used to incorrectly use if ($_POST). In a large application that would get very unwieldy and just isn't necessary to do what you want to do.



    Now in your code, what is quicker and easier to type?:

    if ($_SERVER['REQUEST_METHOD'] == 'POST')

    or

    if (!empty($_POST))

    Look at the length of both those lines. The first is 41 characters. The second is 19.
    Regarding if (!empty($_POST)) specifically, this is not about how many characters. if evaluates true/false. This incorrect method will ALWAYS be be true on submit and NEVER false even with a completely empty form so you will ALWAYS get past this line. And as previously shown, this will completely fail using an all checkbox form.

    PHP Code:
    <?php
    if (!empty($_POST))
    {
        echo 
    'This is ALWAYS true even with a blank form submitted';
    }
    ?>
    <form method="post">
     <input name="box1" type="text">
     <input type="submit" value="Submit">
    </form>

    Thats due to the way i run things through a switch although it can still be used standalone. This however is not really extra hidden data if it means you cut down the number of files required on the server with all the logic inside just one index file.
    If you had 15 different files all starting with

    PHP Code:
    include 'config.php';
    include 'db.php';
    include 'security.php';
    include 'xyz/etc.php';
    As I said, there is a much better way. This all has to do with the way you're doing it (and the way I used to do it) which is far from optimal.

    HTTP is a request-response protocol. If your are expecting a particular request such as POST in order for your script to continue it makes perfect sense that that is what you look for. Php has provided the Request Method that does exactly that.
    Last edited by benanamen; 10-15-2017 at 01:34 AM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  11. #26
    Super Moderator vinyl-junkie's Avatar
    Join Date
    Jun 2003
    Posts
    3,325
    Thanks
    3
    Thanked 42 Times in 42 Posts
    This thread has gotten way off topic from the original discussion.

    Time to close it.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    SNAP to it!


 
Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •