Reputation: 95
isset() function is returning true even when item is not set
Here is my code. For some reason, if I submit the form without placing and passwords in, it still creates the database entry. There are some comments scattered throughout the code, but the code is fairly straightforward. Any ideas?
<?php
//signup.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign up</h3>';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*The form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="user_name" /><br />
Password: <input type="password" name="user_pass" /><br />
Password again: <input type="password" name="user_pass_check" /><br />
E-mail: <input type="email" name="user_email" /><br />
<input type="submit" value="Add category" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Save the data
*/
$errors = array(); /* declare the array for later use */
if(isset($_POST['user_name']))
{
//the user name exists
if(!ctype_alnum($_POST['user_name']))
{
$errors[] = 'The username can only contain letters and digits.';
}
if(strlen($_POST['user_name']) > 30)
{
$errors[] = 'The username cannot be longer than 30 characters.';
}
}
else
{
$errors[] = 'The username field must not be empty.';
}
if(isset($_POST['user_pass']))
{
if($_POST['user_pass'] != $_POST['user_pass_check'])
{
$errors[] = 'The two passwords did not match.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors))
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach($errors as $key => $value)
{
echo '<li>'.$value.'</li>';
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe.
//also notice the sha1 function which hashes the password
$sql = "INSERT INTO
users(user_name, user_pass, user_email, user_date, user_level)
VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
'" . sha1($_POST['user_pass']) . "',
'" . mysql_real_escape_string($_POST['user_email']) . "',
NOW(),
0)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
echo 'Successfully registered. You can now <a href="signin.php">sign in</a>
and start posting!';
}
}
}
include 'footer.php';
?>
Upvotes: 3
Views: 10269
Answers (4)
Reputation: 23
Check this one too
if(isset($_POST['user_pass']) && !empty($_POST['user_pass']))
isset() will check that if the POST is set for 'user_pass' & !empty() will check that if the value is empty.
Upvotes: -1
Reputation: 9895
simple solution: if(!empty($_POST['xxx']) == true) almost equals when you use:
if(isset($_POST['xxx']) == true && $_POST['xxx'] != '')
except: isset() regards 0(string or number) as true, while empty() regards 0 as true.
Upvotes: -1
Reputation: 2314
Null and/or empty strings are still set if the variable is declared. Try this:
if(isset($_POST['user_pass']) && $_POST['user_pass'] != "")
Upvotes: 8
Reputation: 14814
isset checks that the variable is set - in this case it is set to '' (an empty string). Try using empty() as well.
Upvotes: 4
Related Questions
- How do I use isset properly here on my code?
- Php - isset() condition doesn't work
- isset() not giving expected results
- isset() always returns false in php
- php !isset and empty not working
- if(isset()) always displays true?
- isset(); doesn't return false and inserts blank field into database
- PHP !isset returns true when not set
- Why does this isset return false?
- PHP isset() returning false when should return true?