bots and forms

[jodunno]

Hello,  i am reading about bots and forms and using hidden input fields. I read that bots can be programmed to ignore hidden fields, so i made a text input named email and i use css to display none. i am having trouble detecting the email input. i've tried if (!empty($_POST['email'])) { echo 'test'; exit; } but i see 'test' on submission. if i add value="0" i still see test displayed. if i add text then i still see test displayed. why is this not working? also, a zero seems to bypass empty(). i'm not able to understand why this is failing.

[mac_gyver]

your html is either broken (no closing > for that input) or you have multiple fields with the same name. it would take having the actual html of your form page to help. you might also be setting $_POST['email'] to a value somewhere in your php code.

if you use var_dump($_POST) to see what value it contains, you can back-track to find where the value is coming from.

[jodunno]

Thank you for your time, mac_gyver. I actually found the problem with my code: i always test things to be sure that they work and work correctly. I just typed 0 and the honeypot check didn't fail. for some reason a zero gets by an empty test. When i am tired, i really struggle to grasp things. I didn't notice at the time that a zero is not an integer in this case it is a string. I was testing for empty or zero but it still didn't work. Now i understand the matter. I know that any value means a bot is present but a zero seems to be ignored as no value. I don't know why but if i test empty or == '0' then i am able to detect the honeypot.

Thank you for helping.

[ginerjm]

That pesky PHP manual.  It comes in SO VERY handy.   

If you looked up 'empty' in the manual's function reference you would see very clearly that you can't rely on empty if a 0 or '0' is a possible entry.  It is explicitly mentioned there.

[jodunno]

hello goofy hand avatar person, i'm thinking of making a boot icon 'cause i like to play kick ball. lol

the manual page that i am looking at does not contain the words "one" can't rely on empty if a 0 or '0' is possible. I see that a zero or a '0' is considered to be empty.

https://www.php.net/manual/en/function.empty.php
Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE. 
The following values are considered to be empty:
<ul>
  <li>"" (an empty string)</li>
  <li>0 (0 as an integer)</li>
  <li>0.0 (0 as a float)</li>
  <li>"0" (0 as a string)</li>
  <li>NULL</li>
  <li>FALSE</li>
  <li>array() (an empty array)</li>
</ul>

Example #1 A simple empty() / isset() comparison.
<?php
$var = 0;

// Evaluates to true because $var is empty
if (empty($var)) {
    echo '$var is either 0, empty, or not set at all';
}

// Evaluates as true because $var is set
if (isset($var)) {
    echo '$var is set even though it is empty';
}
?>

pay attention to the statement "the following examples are considered to be empty", I don't see the semantics that imply "one can't rely on empty."

as far as i can see, the zero is supposed to be considered empty. Is there a second manual?

[ginerjm]

Apparently you don't understand how English works.  My sentence did not quote the manual - it made a statement re: the issue you are having. The manual does however specifically tell you that a 0 or '0' will give a false answer - which is the problem you are having.

Am I clearer now?

[cyberRobot]

Assuming that email field is supposed to be blank, you could use something like this instead:

if ($_POST['email'] != '') { echo 'bot detected'; exit; }