Page 1 of 1
Trouble Verifying $_POST
Posted: Fri Mar 03, 2006 12:04 pm
by theoph
The running of this script at the top of this page is always putting values into 'BD' and 'ED,' even though 'searchBD' and 'searchED' are
NOT empty when submitted in a form from the previous page.
Any suggestions to why this is happening?
Code: Select all
<?php setcookie("donation_fset","http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); ?>
<?php session_start();?>
<?php require_once('../../../Connections/Home.php'); ?>
<?php
if (empty($_POST['searchBD'])) {
$_SESSION['BD'] = '2000-01-01';
}
if (empty($_POST['searchED'])) {
$_SESSION['ED'] = date('Y-m-d');
}
?>
Posted: Fri Mar 03, 2006 12:47 pm
by RobertGonzalez
You're telling it to do that...
Code: Select all
<?php
if (empty($_POST['searchBD'])) {
// if $_POST['searchBD'] is empty add a value to $_SESSION['BD']
$_SESSION['BD'] = '2000-01-01';
}
if (empty($_POST['searchED'])) {
// if $_POST['searchED'] is empty add a value to $_SESSION['ED']
$_SESSION['ED'] = date('Y-m-d');
}
?>
Posted: Fri Mar 03, 2006 1:02 pm
by theoph
Everah wrote:You're telling it to do that...
Opps . . . those form fields are
NOT empty. Sorry.

Posted: Fri Mar 03, 2006 1:31 pm
by RobertGonzalez
So does that mean that the SESSION vars are still being set to something eventhough the POST vars ARE empty? Is there another portion of the script that is setting these session vars? Can you echo them out to see what the values are getting set to?
Posted: Fri Mar 03, 2006 2:42 pm
by theoph
Changed the way the form was processed. From "Post" to "Get" and the following scripted worked. Post would have probably worked too, considering I needed to put a value in the session variable if they were not empty. Duh.
Code: Select all
<?php
if (empty($_GET['searchBD'])) {
$_SESSION['BD'] = '2000-01-01';
} else {
$_SESSION['BD'] = $_GET['searchBD'];
}
if (empty($_GET['searchED'])) {
$_SESSION['ED'] = date('Y-m-d');
} else {
$_SESSION['ED'] = $_GET['searchED'];
}
?>
Posted: Fri Mar 03, 2006 3:48 pm
by RobertGonzalez
You might want to consider going back to post. The way the code is now anyone can set those session vars to anything they want by appending a querystring to the URL of the page. That is a little insecure, a little more so when you are setting session vars to user input values by way of GET. This is just an opinion.
Posted: Fri Mar 03, 2006 4:06 pm
by Obrzut
Perhaps in your experience the variables are not being declared as empty. Personally, I have found using a mixture of conditional requirements usually solve the problem. However, they may not solve your situation as this could be the result of another part of your script.
However, if the variables are not actually being set by another part of your script you may want to try the following;
Code: Select all
<?PHP
if(isset($_POST['searchBD']) || $_POST['searchBD'] == "") {
// Set variable
}
?>
There are a variety of conditions that can determine if a variable is NULL and I find especially when dealing with form variables that the latter condition I presented usually captures the empty variable.
Perhaps this will help your endeavours to return to $_POST[] method of transfering data, no?
If the problem still persists perhaps some one here will offer more advice.
Obrzut
Posted: Fri Mar 03, 2006 5:16 pm
by RobertGonzalez
I was thinking. It appears that you are setting a begin and end date range for search. You might want to try this method...
Code: Select all
<?php
$_SESSION['BD'] = '2001-01-01';
$_SESSION['ED'] = date('Y-m-d');
if (isset($_POST['searchBD'])) {
$_SESSION['BD'] = $_POST['searchBD'];
}
if (isset($_POST['searchED'])) {
$_SESSION['ED'] = $_POST['searchED'];
}
?>
This way you can go back to POST and still set your vars to what you want if post vars are not set. The above code assumes you have set up your HTML form in a way that the user can only supply a valid date in a valid format for your script. If this is not the case you should build in some error checkers to make sure users aren't screwing with your app.
Posted: Fri Mar 03, 2006 5:26 pm
by Christopher
Or:
Code: Select all
$_SESSION['BD'] = isset($_GET['searchBD'] ? preg_replace('/[^0-9\-]/', '', $_GET['searchBD']) : '2000-01-01';
$_SESSION['ED'] = isset($_GET['searchED'] ? preg_replace('/[^0-9\-]/', '', $_GET['searchED']) : date('Y-m-d');