|
|
Posted by M. Sokolewicz on 10/19/67 11:08
Chris W. Parker wrote:
> M. Sokolewicz <mailto:tularis@php.net>
> on Tuesday, February 15, 2005 8:25 AM said:
>
>
>>>seems lengthy. is there a way around this?
>>>
>>>i tried using
>>>$cmd = @ $_POST['cmd'];
>>>
>>>to suppress errors but didnt seem to have ay effect.
>>>
>>
>>still
>>if(isset($_POST['cmd'])) {
>> $cmd = $_POST['cmd'];
>>}
>>
>>is the only (really) correct way. All others throw notices of
>>undefined indices, which you *should not* ignore! You can't shorten
>>it, you can't even wrap it in a function... it's simply tough luck
>
>
> Please correct me if I'm wrong (and maybe this is what you mean by
> "(really)") but I think even Rasmus recommends:
>
> <?php
>
> if(!empty($_POST['cmd']))
> {
> // stuff
> }
>
> ?>
>
> I'm using the following code to test this:
>
> <?php
>
> error_reporting(E_ALL);
>
> if(!empty($_POST['cmd']))
> {
> echo "set and not empty<br />";
> }
> else
> {
> echo "empty and/or not set<br />";
> }
>
> ?>
>
>
>
>
> Chris.
that's a different issue.
There are always at least 2 things you should do with your (expected) input:
1 - check if it *exists* (isset)
2 - check the validity (input-validation)
for step #2 empty is very commonly used, and also a very useful
function. However, you should never do #2 without #1, since that again
raises issues (of security, problems, unexpected input, etc)
Also note that empty($non_existent_var) will always throw an E_NOTICE
error when the variable in question is not set. isset() is the only
function/language-construct that can check for the existence of
variables without throwing an E_NOTICE.
- tul
Navigation:
[Reply to this message]
|