Ben Ramsey wrote about this in a php architect issue from august last year. I can't write down the whole article here, but what it came down to was:
This if statement checks for a true or false value and evaluates to TRUE for any non-false value. However, FALSE is defined as the boolean FALSE, the integer zero (0), the float zero (0.0) an empty string or the string "0", an array with zero elements or NULL. So if someone enters the number 0 in the name field the if statement will treat it as false. Not what you'd expect.
The empty() function evaluates to TRUE when a string is empty. An empty string is defined as a true empty string, the string "0", the integer zero, an empty array, a declared var with no value, NULL or FALSE. Again when someone enters 0 for the name field the if statement returns FALSE.
Finally the isset() function can give problems because an input variable can be set but still be empty.
He suggests the best way to check for the existence of data (from external sources) in a variable is to check the length of the strings. strlen() can be used for that. It returns a positive value for anything other than FALSE or NULL.
Code: Select all
if (strlen($_POST['name']) > 0 ) {
If you want to make sure spaces don't count, use