using or (||) in php if condition creates problem

Question

i have done something like this:

  <form action="validate.php" method="get">
Id :<input type="text" name="pID"/><br/><br/>
Name :<input type="text" name="pName"/><br/><br/>
Description :<input type="text" name="pDesc"/><br/><br/>
Price :<input type="text" name="pPrice"/><br/><br/>
<input type="submit" name="pSub"/>
</form>

my validate.php contains :

<?php 

if (!empty($_GET['pID']) || !empty($_GET['pName']) || !empty($_GET['pDesc']) || !empty($_GET['pPrice'])){
            if(is_numeric($_GET['pID']) || is_numeric($_GET['pPrice']))
            {
                echo "</br>Your ID :".$_GET["pID"]."</br>";
                echo "Name is :".$_GET["pName"]."</br>";
                echo "Description :".$_GET["pDesc"]."</br>";
                echo "and Price :".$_GET["pPrice"]."</br>";
            }
            else{echo "Pls See That ID and Price are Numerical";}
}else{
echo "Fill up All The Values";
}
?>

is not working properly ,

1st if conditions doesn't work properly ie. if i left blank "Name" input field message should have come saying "Fill up All The Values "...... instead its showing the list of inputs

is there any other way to validate form (PHP)

Answer 1

The question already has been answered, but there is one more thing,

I recommend that you use $_POST instead of $_GET because $_POST is way more secure, as you use HTML Forms. You could look it up on internet. Here is a link, the first answer says it all: Difference between $_POST & $_GET

Answer 2

You are using the wrong operator: || means "logical OR"; what you seem to be looking for is &&, that is "logical AND".

The code does exactly what you told it to do (see the documentation); the fact that you intended something else is not relevant to the computer:

if (!empty($_GET['pID']) || !empty($_GET['pName']) || !empty($_GET['pDesc']) || !empty($_GET['pPrice']))

means "if pID is not empty OR pName is not empty OR ..."; as soon as one or more of the fields are not empty, the condition evaluates to true.

What you can do to get what you meant:

• replace OR with AND ( && )
• use if (!(empty($_GET['pID']) || empty($_GET['pID'] ...)) - note that the whole expression is negated in parentheses

(read on De Morgan's laws to see why these two solutions are equivalent)

Answer 3

This is just wrong

if (!empty($_GET['pID']) || !empty($_GET['pName']) || !empty($_GET['pDesc']) || !empty($_GET['pPrice'])){}

You need to make it like this:

if (!empty($_GET['pID'], $_GET['pName'], $_GET['pDesc'], $_GET['pPrice'])){}

And no need to make ORs at all. Also, you'd better check if any of the given values are empty and throw error on that.

Answer 4

It's a logic problem with your code. Using || in this situation means that if ANY of those inputs contains a value, then the first condition is met. What you want to do is AND, not OR, so that the first condition is only met if all of the inputs are !empty.

I don't remember for sure what the AND operator is for PHP, since it's been a long time, but it's probably &&.

Answer 5

It's probably better that you switch the conditions around, like this:

if(empty($_GET['pID']) || empty($_GET['pName']) || empty($_GET['pDesc']) || empty($_GET['pPrice'])) {
   echo "Please fill up all the values";
} else {
   // Do other validation.
}

This way, you know your inputs are correct before you do anything else. Obviously I've not tested this, but it should work as expected. What you were saying before was asking if ANY of the inputs was not empty, do the additional validation. As one of the other commenters explained, if you wanted to do that, you should be using && rather than ||.

Changing it around just makes it a bit clearer!