How to check if a textarea is null in $_REQUEST

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mcccy005
Forum Contributor
Posts: 123
Joined: Sun May 28, 2006 7:08 pm

How to check if a textarea is null in $_REQUEST

Post by mcccy005 »

I want to be able to test if a textarea field is empty when a user submits the form (I can get it to work fine with text fields, radio fields etc).
The problem is that as soon as a user clicks on the textarea (but enters no data), somehow data registered as being entered into it; so that when the form is submitted and I use if(isset($_REQUEST['field_name'])), it will return true, even though theres actually no actual data in there.
I've also tested to see if the data in the $_REQUEST array is null; blank (ie. " " or "") etc. but can't get it to work.

Worse case scenario, I could just test the string to see if it has any letters (a, A - z, Z) or numbers 0 - 9 or any other characters (eg. /) but this seems a bit long-winded and dodgy and thought there ought to be a better way.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Is there a particular reason why you're using $_REQUEST and not $_GET or $_POST? Not really relevant, but it's bad practice to retrieve data from posted forms via $_REQUEST.

Try !empty($_REQUEST['field_name']); Also, what happens when you var_dump() the field?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Might need to trim() it first.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I agree with the others. You could try is_null(), but I think a better way would be to use empty(trim($_POST['field'[)).
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

Ambush Commander wrote:Is there a particular reason why you're using $_REQUEST and not $_GET or $_POST? Not really relevant, but it's bad practice to retrieve data from posted forms via $_REQUEST.

Try !empty($_REQUEST['field_name']); Also, what happens when you var_dump() the field?
any particular reason why using $_REQUEST is bad?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The data contained in $_REQUEST comes from a variety of sources. Each subsequent source overrides any conflicting elements. The order in which they are read is determined through the variables_order directive.
mcccy005
Forum Contributor
Posts: 123
Joined: Sun May 28, 2006 7:08 pm

Post by mcccy005 »

The reason I use $_REQUEST is because I created a series of objects to use to easily create an a series of related input forms with various input fields. I probably could change everything to $_POST and not allow the user to specify whether data from the form is sent using $_POST or $_GET, but heard that there was no security loop-holes with it so have left it.

Anyways, I've tried if(null); and if (empty( )) and that doesn't work.

Also, whilst I never use var_dump( ) I'm assuming it will output the same as echo '$_REQUEST['field_name'] which outputs absolutely nothing. If I have text before the echo and after the echo, there isn't even an extra blank space outputted (nor is it in the source code of the outputted html).

I do use stripslashes( ); but I used that AFTER I try to verify the data (but before it enters the database) so perhaps I'll try using trim( ) before-hand tonight and see how that goes.

Thanks.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

is_null() checks to see if a variable is defined as null or is has a null value. empty() tells you whether the string is empty, 0, "0", '', or array().

$_REQUEST is bad because it contains all of the members of the $_GET, $_POST and $_COOKIE arrays. Since PHP treats members of these arrays in certain order, it would be easy for someone to pass a $_GET var into the form action URL of a form and overwrite a $_POST var or even a cookie var. Just on that premise alone, $_REQUEST in an unsafe superglobal to use. The manual even says so.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

but still, I fail to see any security concernes of this? If you check and validate each input it should be no problem. Clearly using $_POST does not make you more secure as any data can be spoofed no matter what.
So bottom line I guess is...you can easily shoot yourself in the foot with the order of GET,POSt etc. if you mixed up your logic in a weird way.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

The risk is on the developer. If you want to bear that risk, so be it. Personally, if I know data is coming from POST, I use the POST array. If I know it is coming from GET, I use the GET. I always use the COOKIE array for cookies and the SESSION array for sessions (when I don't build my own session handler). It is not that much harder to do and is less susceptible to user interference.
Post Reply