Check if $_POST is empty

Question

I realize this question has been asked multiple times, but none have resolved the issue for me.

I want to check if any values in the $_POST array are empty except for two (sHostFirstName and sHostLastName), and throw a 400 error if there is an empty value. The only way I can get it to throw the 400 error is by putting a die() command after the header command, however I get the 400 error no matter if there are empty values or not.

foreach ($_POST as $key => $value) {
    if (empty($value) || !isset($value) && $key != 'sHostFirstName' || 'sHostLastName') {
        header("HTTP/1.1 400 Bad Request");
        break;
    }
}

Answer 1

Something like this

   //store and set default if not set - only needed for checkbox or radio buttons. for example, text fields are always submitted as an empty string.
   $sHostFirstName = isset($_POST['sHostFirstName']) ? $_POST['sHostFirstName'] : false;
  unset($_POST['sHostFirstName']); //remove so it's not part of our count
   //store and set default if not set - only needed for checkbox or radio buttons.
   $sHostLastName = isset($_POST['sHostLastName']) ? $_POST['sHostLastName'] : false;
   unset($_POST['sHostLastName']); //remove so it's not part of our count

   $post = array_filter(array_map('trim', $_POST)); //copy post remove empty items.
   if( count( $post ) != count($_POST) 
       //if count $_POST is not the same as count $post ( empty removed via array_filter) then something was removed / empty
       header('HTTP/1.1 400 Bad Request', true, 400);
       exit();
   }

should do after unset is used on them. See,

• store them in variables
• remove them from post
• then remove empty from a copy of post
• count copy ( - empties ) and compare to count of original
• if the count is different then something was removed ( ie. empty )

no need for a loop.

Also you can send the optional 2nd and 3rd params for header:

http://php.net/manual/en/function.header.php

2nd = replace - The optional replace parameter indicates whether the header should replace a previous similar header, or add a second header of the same type. By default it will replace, but if you pass in FALSE as the second argument you can force multiple headers of the same type.

3rd = http_response_code - Forces the HTTP response code to the specified value. Note that this parameter only has an effect if the string is not empty.

Answer 2

There's no need to loop through your POST data. Store your POST data in a variable $postData and remove the keys sHostFirstName and sHostLastName since these two need not be checked.

This $postData contains all key value pairs which need to be checked for blank entries. Now, use array_filter() to filter out any blank entries and store it in $filteredArray.

Finally, if there were no blank entries, the length of $postData will be same as ``$filteredArray`. If lengths don't match, that will imply one or more array keys had been filtered.

$postData = $_POST;
unset($postData['sHostFirstName'], $postData['sHostLastName']); // $postData contanis all key value pairs which can't be empty

$filteredArray = array_filter($postData); // Filters out the blank entries

/* If the length of `$filteredArray` and `$postData` aren't the same, that means one or more fields had been filtered out */

if (count($filteredArray) != count($postData)) {
    header("HTTP/1.1 400 Bad Request");
}

Answer 3

isset() will return true if the variable has been initialised. If you have a form field with its name value set to userName, when that form is submitted the value will always be "set", although there may not be any data in it.

Instead, trim() the string and test its length

if("" == trim($_POST['userName'])){
    $username = 'Anonymous';
}