Trouble Verifying $_POST

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
theoph
Forum Commoner
Posts: 47
Joined: Wed Jul 30, 2003 5:26 pm
Location: Lexington, KY USA

Trouble Verifying $_POST

Post by theoph »

The running of this script at the top of this page is always putting values into 'BD' and 'ED,' even though 'searchBD' and 'searchED' are NOT empty when submitted in a form from the previous page. Any suggestions to why this is happening?

Code: Select all

<?php setcookie("donation_fset","http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); ?>
<?php session_start();?>
<?php require_once('../../../Connections/Home.php'); ?>
<?php
	if (empty($_POST['searchBD'])) {
		$_SESSION['BD'] = '2000-01-01';
	}
	if (empty($_POST['searchED'])) {
		$_SESSION['ED'] = date('Y-m-d');
	}	
?>
Last edited by theoph on Fri Mar 03, 2006 1:01 pm, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You're telling it to do that...

Code: Select all

<?php
    if (empty($_POST['searchBD'])) { 
        // if $_POST['searchBD'] is empty add a value to $_SESSION['BD']
        $_SESSION['BD'] = '2000-01-01';
    }
    if (empty($_POST['searchED'])) {
        // if $_POST['searchED'] is empty add a value to $_SESSION['ED']
        $_SESSION['ED'] = date('Y-m-d');
    }    
?>
theoph
Forum Commoner
Posts: 47
Joined: Wed Jul 30, 2003 5:26 pm
Location: Lexington, KY USA

Post by theoph »

Everah wrote:You're telling it to do that...
Opps . . . those form fields are NOT empty. Sorry. :oops:
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

So does that mean that the SESSION vars are still being set to something eventhough the POST vars ARE empty? Is there another portion of the script that is setting these session vars? Can you echo them out to see what the values are getting set to?
theoph
Forum Commoner
Posts: 47
Joined: Wed Jul 30, 2003 5:26 pm
Location: Lexington, KY USA

Post by theoph »

Changed the way the form was processed. From "Post" to "Get" and the following scripted worked. Post would have probably worked too, considering I needed to put a value in the session variable if they were not empty. Duh.

Code: Select all

<?php
	if (empty($_GET['searchBD'])) {
		$_SESSION['BD'] = '2000-01-01';
	} else {
		$_SESSION['BD'] = $_GET['searchBD'];
	}
	if (empty($_GET['searchED'])) {
		$_SESSION['ED'] = date('Y-m-d');
	} else {
		$_SESSION['ED'] = $_GET['searchED'];
	}
?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You might want to consider going back to post. The way the code is now anyone can set those session vars to anything they want by appending a querystring to the URL of the page. That is a little insecure, a little more so when you are setting session vars to user input values by way of GET. This is just an opinion.
Obrzut
Forum Newbie
Posts: 7
Joined: Wed Mar 01, 2006 10:23 am

Post by Obrzut »

Perhaps in your experience the variables are not being declared as empty. Personally, I have found using a mixture of conditional requirements usually solve the problem. However, they may not solve your situation as this could be the result of another part of your script.

However, if the variables are not actually being set by another part of your script you may want to try the following;

Code: Select all

<?PHP

if(isset($_POST['searchBD']) || $_POST['searchBD'] == "") {
// Set variable
}

?>
There are a variety of conditions that can determine if a variable is NULL and I find especially when dealing with form variables that the latter condition I presented usually captures the empty variable.

Perhaps this will help your endeavours to return to $_POST[] method of transfering data, no?

If the problem still persists perhaps some one here will offer more advice.

Obrzut
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I was thinking. It appears that you are setting a begin and end date range for search. You might want to try this method...

Code: Select all

<?php
    $_SESSION['BD'] = '2001-01-01';
    $_SESSION['ED'] = date('Y-m-d');

    if (isset($_POST['searchBD'])) {
        $_SESSION['BD'] = $_POST['searchBD'];
    }

    if (isset($_POST['searchED'])) {
        $_SESSION['ED'] = $_POST['searchED'];
    }
?>
This way you can go back to POST and still set your vars to what you want if post vars are not set. The above code assumes you have set up your HTML form in a way that the user can only supply a valid date in a valid format for your script. If this is not the case you should build in some error checkers to make sure users aren't screwing with your app.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Or:

Code: Select all

$_SESSION['BD'] =  isset($_GET['searchBD'] ? preg_replace('/[^0-9\-]/', '', $_GET['searchBD']) : '2000-01-01';
    $_SESSION['ED'] =  isset($_GET['searchED'] ? preg_replace('/[^0-9\-]/', '', $_GET['searchED']) : date('Y-m-d');
(#10850)
Post Reply