if not "array" echo out

[Monkuar]

if (empty($_POST['selected_messages']))
			message($lang_pms['Must select']);

		$idlist = array_values($_POST['selected_messages']);
		$idlist = array_map('intval', $idlist);
		$idlist = implode(',', array_values($idlist));

		// If you're not the owner of the message, you can't delete it.
		$result = $db->query('SELECT DISTINCT sender_id FROM '.$db->prefix.'messages WHERE id IN ('.$idlist.') AND folder="sent" ') or error('Unable to delete the message', __FILE__, __LINE__, $db->error());

 

Okay, as you can see it makes intval for all the $_POST['selected_messages'] , but the problem is, when I use tamper data and just add a form field "selected_messages" it brings up a mysql error and the $idlist is blank..

 

 

so is there a way to make sure that the $_POST['selected_messages'] has to equal 'selected_messages[]' OR show error?

 

people can just tamper data and use selected_messages without the [] and it brings up a mysql error, that's not good, I don't want users seeing my code

 

 

 

edit:

 

WOW

 

if (empty($idlist)){
		message("No Permission");
		}

 

fixed it

 

sorry

 

[QuickOldCar]

You could wrap the whole thing checking if isset and also not a blank value

 

Would be of no use to run the query with empty values

 

if (isset($_POST['selected_messages']) && $_POST['selected_messages'] !=''){

//execute code here only if is good

} else {

echo "No Message";
//die("No message");

}

[cpd]

In answer to the topic title.

 

if(!is_array($var){

 

Might still be worth testing for it in-case someone has once again edited the HTML.