Issues with empty textboxes returning strings

[play_]

<form action="#" method="post">
<input type=t"text" name="first_name" /><br />
<input type="submit" name="submit" />
</form>

<?php
if(isset($_POST['submit'])) {
$first_name = (isset($_POST['first_name'])) ? $_POST['first_name'] : null;

$error = null;
$error .= ( ($first_name !== null)) ?  "<li>valid</li>" : "<li>Invalid first name.</li>";

if(isset($error)) {
	echo "<ul>$error</ul>";
}

}
?>

 

try the above code here: http://decay.nu/helps/del.php

 

Problem is, i leave the textfield empty, therefore, $first_name should become NULL, and i should get "invalid first name".

However, i'm not. Why?

[dbo]

It returns an empty string "" why not just test for empty string instead of null?

 

Also I guess it's a matter of preference but writing stuff like

$first_name = (isset($_POST['first_name'])) ? $_POST['first_name'] : null;

 

obliterates readability at the cost of saving a line of code. I'd suggest writing the extra line of code so that what you're trying to accomplish is easier to see... for you and for anyone who comes in after you.

[play_]

Thanks dbo.

I prefer the ternary operator for simple IF statements.

 

Although i can check if it's empty, i'm curious as to why it doesn't set first_name to NULL.

[dbo]

Heh, I dunno. I think it just works that way for everything except maybe buttons.

 

I'd also suggest creating your own library for validation. You can then leverage that library for all your validation needs... then if you need to update/expand/change your validation rules you're maintaining it in one place instead of writing custom validation for each each field.

[dbo]

On another note I typically do something like this to avoid having to test for null all together.

 

function get_from_array(&$array, $field)
{
   if( isset($array[$field]) ) return $array[$field];
   return "";  
}

$my_value = get_from_array($_POST, "username");

[play_]

Thanks.

 

I do. That wasn't the actual code, i just created an example of whats happening with the real one.

I do have a class with methods that validate different fields.

 

Something like this:

$error .= ( ($first_name !== null) && ($formie->ValidateNames($first_name) !== false) ) ?  "valid" : "<li>Invalid first name.</li>";

 

Thats where i was getting the problem. first name was never 'null'. even if the user didnt put anything on it. so im using empty now. thanks

 

Can you tell me what the & in front of $array does though? (function get_from_array(&$array, $field))

[dbo]

It just makes sure that arrays are passed by reference instead of by value. I'm not sure what the default is in PHP. So instead of making an entire copy of the array it just references the copy already in memory.

[play_]

And what's the benefit of that? faster?

[dbo]

Well if you have to reconstruct an entire list before processing I'd say it's faster But it depends on the situation if you should pass by reference or by value.

[play_]

Alright. Thanks although i don't think it would be noticeably faser.

maybe if the array was huuuge =)

[dbo]

You are correct, however if you look for efficiencies in your code everywhere and don't employ such an attitude the differences will become more and more noticable. But yeah on normal small input sizes they're isn't any noticable difference. It just cuts down on an O(n) machine operation.

[play_]

I dont understand.

 

<form action="#" method="post">
First name:<input type=t"text" name="first_name" /><br />
Last name:<input type=t"text" name="last_name" /><br />
<input type="submit" name="submit" />
</form>

<?php
if(isset($_POST['submit'])) {
$first_name = (!empty($_POST['first_name'])) ? $_POST['first_name'] : null;
$last_name = (!empty($_POST['last_name'])) ? $_POST['last_name'] : null;

$error = null;
$error .= ( ($first_name !== null)) ?  "<li><b>valid</b>. first name is not null</li>" : "<li><b>Invalid</b> first name. it's null</li>";
$error .= ( ($last_name !== null)) ?  "<li><b>valid</b>. last name is not null</li>" : "<li><b>Invalid</b> last name. it's null</li>";

if(isset($error)) {
	echo "<ul>$error</ul>";
}

}
?>

 

You can try the above code here: http://decay.nu/helps/del.php

[play_]

fill out only the second input field (last name)

 

If the first input field (first_name) is left blank, then first_name should become NULL. therefore, the $error variable should not display anything for it.

[wildteen88]

Better way for validation:

<?php
if(isset($_POST['submit']))
{
    $errors = null;

    if(isset($_POST['first_name']) && empty($_POST['first_name']))
    {
        $errors[] = 'First name is left blank!';
    }

    if(isset($_POST['last_name']) && empty($_POST['last_name']))
    {
        $errors[] = 'Last name is left blank!';
    }

    if(is_array($errors))
    {
        echo "Please correct the following errors:\n";
        echo "<ul>\n<li>" . implode("</li>\n<li>", $errors) . "</li>\n</ul>";
    }
    else
    {
        $first_name = $_POST['first_name'];
        $last_name = $_POST['last_name'];

        echo 'First name: ' . $first_name . "<br />\n";
        echo 'Last name: ' . $last_name . "<br />\n";
    }

    echo "<hr />\n";
}
?>
<form action="#" method="post">
First name: <input type="text" name="first_name" /><br />
Last name: <input type="text" name="last_name" /><br />
<input type="submit" name="submit" />
</form>

[roopurt18]

If you want to force the user to enter a value in a text box, you should check the length.  You have to watch out for people entering malicious content as well, such as HTML / Javascript.

 

if( !(isset($_POST["first_name"]) && strlen(trim($_POST["first_name"])) > 0) ){
  $errs[] = "You must provide a first name";
}

[play_]

Thanks guys.

 

That was actually part of a code. i do check for length (well, if it's more than 10 chars) and i do strip tags.

[roopurt18]

Just make sure you trim it before checking the length or the following will pass:

 

"        "