Reputation: 2156
Filters vs $_POST (or $_GET)
Which one are you supposed to use, to check if a form submit button has been clicked?
<input type="submit" name="action" value="Sign Up">
if (isset($_POST['action'] && $_POST['action'] == "Sign Up") ...orif (isset(filter_input(INPUT_POST, 'action')) && filter_input(INPUT_POST, 'action') == "Sign Up")
NB: I use $_POST['action] == 'Sign Up', because I use the 'action' array for delete and logout as well, and because some of my forms have two submit buttons, so I can differentiate).
Upvotes: 3
Views: 2448
Answers (6)
Reputation: 3154
If it's just the exact value of an input you want while expecting a very specific value, just use #1.
Using filters can save the amount of code needed. As opposed to writing out all the code needed to check if an IP address you're given is, say not on a private range, you can reduce the code to just this...
$var = "192.168.2.1"; echo (int) filter_var($var, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE); // 0
See http://www.php.net/manual/en/filter.filters.validate.php for additional filter types and option flags. Additionally, you can pass the value to a callback function to customize how you filter data.
You can also change/sanitize the input with less code. See http://www.php.net/manual/en/filter.filters.sanitize.php
$var = "te)[email protected]"; echo filter_var($var, FILTER_SANITIZE_EMAIL); // "[email protected]"
Though using filter_x functions allows for writing out less code, I personally have no idea how it performs compared to being handled by actual verbose code nor do I personally know exactly how reliable the filters and sanitizers are.
Upvotes: 1
Reputation: 116140
I'm not sure, but I think I bumped into this problem once:
Forms can be posted by pressing enter, in which case no value for the button is posted. So I would strongly discourage to use three different submit buttons for three such different actions. Instead, I'd use three forms, and use another way to distinguish between them, like putting a hidden field in them or posting to a different url (or put something like ?action=signup in the forms action attribute.
Upvotes: 2
Reputation: 3043
Not actually answering the question. But I would give the different submit-buttons different name's, so they are not bound to the value which is displayed on the button. Which in turn makes it less error prone to change the text on the button.
For instance name='signup' or name='action[signup]'.
And check with isset($_POST['signup']) or isset($_POST['action']['signup']) respectively.
Upvotes: 2
Reputation: 67735
The first one is the right one:
if (isset($_POST['action'] && $_POST['action'] == "Sign Up") ...
Because using a function in isset will trigger a parse error. Only variables can be used with isset and other language constructs like empty.
Upvotes: 0
Reputation: 7207
Assuming you have <form method="post" ...>, you should use $_POST. You can check for a single field, for example:
if ( isset($_POST['action']) )
or any field:
if ( 0 < count($_POST) )
or check request method:
if ( $_SERVER['REQUEST_METHOD'] === 'POST' )
or a combination of above :)
I don't recommend checking submit button's value, if it changes, you need to modify the code as well. Not to mention what will you need to do if the site is or becomes multi lingual.
Upvotes: 4
Reputation: 10091
For just checking if it's there, you don't need filter_var. isset alone is sufficient.
Upvotes: 0
Related Questions
- PHP $_REQUEST $_GET or $_POST
- Why is better to use filter_input()?
- Differences between filter_var and filter_input
- PHP $_POST, $_GET, or $_REQUEST
- Better way to write some filters and post in PHP
- filter get and post values
- Best Place to Filter Inputs?
- post vs get for URL params?
- PHP : Which is more efficient in sanitizing $_get variable?
- When posting info from a form, is it better to use $_REQUEST or $_POST?