0

I'm watching a video tutorial where the instructor is testing a form submission.

The code he is using is:

$required_fields = array('menu_name', 'position', 'visible');

foreach ($required_fields as $fieldname) {
    if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0) {
        $errors[] = $fieldname;
    } 
}

Notice the condition in the if statement after the && where he has $_POST[$fieldname] != 0

This does not work for me for some reason.

However, when I give the 0 quotes like this $_POST[$fieldname] != "0" then it works.

BTW, the 'visible' field is a boolean, aka tinyint(1), in MySQL.

Here is what the HTML on the form looks like for this field:

Visible:
<input type="radio" name="visible" value="1" <?php if ($sel_subject['visible'] == "1") {echo "checked=\"checked\"";} ?> /> Yes
&nbsp;
<input type="radio" name="visible" value="0" <?php if ($sel_subject['visible'] == "0") {echo "checked=\"checked\"";} ?> /> No

Any ideas? Thank you in advance for your help.

UPDATE:

I'm not sure what happened, but for some reason the code is working now without the quotes. Sorry for any confusion.

Nathan
  • 7,627
  • 11
  • 46
  • 80
  • I should add that, I have tried changing with quotes and without in the HTML, but it makes no difference. – Nathan Dec 26 '11 at 04:03
  • Can you check the code being used? It looks like the `if` statement, in the `foreach`, is missing a `)` before the `{`. – Tim Dec 26 '11 at 04:19
  • @Tim sorry, I'm not seeing that issue. I think eclipse would have alerted me. – Nathan Dec 26 '11 at 04:47
  • `if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) {`. The `if` expression never got closed properly. – Tim Dec 26 '11 at 04:55
  • Ah, you're right. This was a typo here... but in the code, I have closed the `if` condition. Sorry for the confusion. – Nathan Dec 26 '11 at 05:18

2 Answers2

1

Before comparing, do:

$fieldName = (int) $_POST[$fieldname];

Hope it helps

Sudhir Bastakoti
  • 99,167
  • 15
  • 158
  • 162
  • Can you describe what this does? – Nathan Dec 26 '11 at 04:51
  • @Nathan It casts it to an int, basically crams it into an int rather than a string. All form inputs are strings, even numbers, which means putting `0` in a form returns the string "0" when it's sent to the server, rather than the number/int 0. Of course, if their input was "0username", casting it to int would leave you with just the number 0. Not quite what you're looking for unless you want the data coming from the form to always be numeric. – Phoenix Dec 26 '11 at 05:33
  • @Nathan Also, when you cast a string to an int that doesn't start with a number, like `(int)"menuname"` the result is 0. So it's kinda useless to you as all fields without numeric data will equal 0 if cast to an int. – Phoenix Dec 26 '11 at 05:43
0

I think you have defined the conditions in the if () to make sure that all post params would have a value, and are not empty, but they could have 0 as a value (for the visible param).

Yet the second and third conditions are against some PHP internal type conversion rules. If you pass an empty string value for a paramter, then empty() would return true, so && operator would go to check the second condition. The comparison of an empty string with integer 0 returns true again, and so $value != 0 returns false, so the condition would not apply.

That is why if you send an empty string for the required field of 'position' (or any other), the code above would not consider it as an error and validation fails.

Since you want all values to be set and none empty, but the visible field could have the value of "0", I suggest you change the comparison to this:

foreach ($required_fields as $fieldname) {
    if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] !== "0")) {
        $errors[] = $fieldname;
    } 
}

Remember that all HTTP params (GET,POST, ...) are sent as string values to the PHP script. while comparing a string to integer 0 using == or != operators, would cause PHP to convert string values to integers, so there would be no difference between '', or '0'. But by using the === or !== operators and having the 0 as a string, no value would be converted. So you could differentiate between '' and '0'.

farzad
  • 8,775
  • 6
  • 32
  • 41
  • This is a lot to digest for me :-) but is exactly the type of detail I'm interested in. Not sure if you noticed my update/edit to the post, but for some reason (I'm not sure why), but the validation began to work properly. I still will take the time to study what you have written. It seems there are details here that will be helpful for me to understand. Thank you. – Nathan Dec 26 '11 at 05:20
  • your welcome Nathan. I would be happy to describe more if you needed. Yet I think if you send empty values from your HTML form (entering nothing in the HTML fields, and submitting), your code would not consider errors. If that is not what you want, then my suggested modification might help. :) – farzad Dec 26 '11 at 05:33