Page 2 of 2

Posted: Fri Feb 17, 2006 8:43 am
by matthijs
Ben Ramsey wrote about this in a php architect issue from august last year. I can't write down the whole article here, but what it came down to was:

Code: Select all

if ($_POST['name']) {
This if statement checks for a true or false value and evaluates to TRUE for any non-false value. However, FALSE is defined as the boolean FALSE, the integer zero (0), the float zero (0.0) an empty string or the string "0", an array with zero elements or NULL. So if someone enters the number 0 in the name field the if statement will treat it as false. Not what you'd expect.

Code: Select all

if (!empty($_POST['name'] )) {
The empty() function evaluates to TRUE when a string is empty. An empty string is defined as a true empty string, the string "0", the integer zero, an empty array, a declared var with no value, NULL or FALSE. Again when someone enters 0 for the name field the if statement returns FALSE.

Finally the isset() function can give problems because an input variable can be set but still be empty.

He suggests the best way to check for the existence of data (from external sources) in a variable is to check the length of the strings. strlen() can be used for that. It returns a positive value for anything other than FALSE or NULL.

Code: Select all

if (strlen($_POST['name']) > 0 ) {
If you want to make sure spaces don't count, use

Code: Select all

strlen(trim($_POST['name']))

Posted: Fri Feb 17, 2006 8:46 am
by Jenk
Just a note.. the @ operator only supresses the error message, the error still occurs ..

And a different note, never use @ on an include, it will suppress any and all error messages produced by the included file, as well as the include command itself. :)

And the problem with using :

Code: Select all

if (@$_POST['var']) { }
becomes apparent when the value of $_POST['var'] is 0, 'false' or (bool) false.

Moral of the story: Be explicit in your challenges..

Code: Select all

<?php

if (isset($_POST['var'])) {
  //variable is set
  if (strlen(trim($_POST['var'])) {
    //variable has a value
  }
}

?>

Posted: Fri Feb 17, 2006 8:50 am
by matthijs
Thinking about it: are there in fact any situations when one would use the error @ suppression?

Posted: Fri Feb 17, 2006 8:54 am
by Jenk
Yes.

Custom exception/error handling.

Code: Select all

<?php

funciton setDir ($dir) {
    if (@is_dir($dir)) {
        $this->_dir = realpath($dir);
    } else {
        throw new Exception('Supplied path ' . $dir . ' is not a valid directory!');
    }
}

try {
    setDir($dir);
} catch (Exception $e) {
    print $e->getMessage();
}

?>

Posted: Fri Feb 17, 2006 8:58 am
by duk
good posts... :D

always learning...

Posted: Fri Feb 17, 2006 9:02 am
by matthijs
That's interesting Jenk, thanks. May I ask, when does is_dir return errors then? In the comments in the manual I read something about the function returning an error when the directory is "bogus", but I'm not sure I understand to what that aplies exactly.

Posted: Fri Feb 17, 2006 9:17 am
by Jenk
sorry, was just an example of the top of my head.. but it gives you the idea anyway.

Posted: Fri Feb 17, 2006 9:24 am
by matthijs
no need to say sorry (of course). Thanks for the example, the idea is clear.