isset(), empty(), $_GET and $_POST problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I was trying to troubleshoot a login page that doesn't work - it keeps
saying the login/password is missing - when my tracing discovered this
peculiar behavior.

register_globals is off, so at the top of my script I assign a few
variables to incoming GET and POST values.

  $login = clean($_POST['login'], 30);
  $passwd = clean($_POST['passwd'], 30);
  $message = $_GET['message'];

clean() is simply a function that trims to the specified length and
applies EscapeShellCmd().

Now, below that I have an if statement to check for whether a
login/password has been supplied or if an error message exists.

  if (isset($message) || empty($login) || empty($passwd))
    // render the html page showing the form
  } else {
    // do some php/mysql stuff and redirect to another page

Yet when I fill out those form fields and submit, it always redisplays
the form with my tracing errors stating that those fields are empty.

When I echo out all $_GET and $_POST variables, indeed they are empty,
and strangely there is a $_GET['message'] that has no value, but
nevertheless is on the end of the url.  (/index.php?message=)  I can't
figure out how it got there.  The form action is just "index.php" and
it uses the POST method, so what could be adding that GET variable?

Now here's the weird part. If I simply add "1 ||" to the beginning of
that if statement, so basically it will always evaluate to true, then
suddenly the $_POST['login'] and $_POST['passwd'] are properly defined
and $_GET['message'] goes away!

So this makes me wonder, are the isset() and empty() functions
actually modifying the variables passed to them somehow?  And when I
put a true value in front of them, the if statement stops parsing
before it gets to those functions?

Re: isset(), empty(), $_GET and $_POST problem

Quoted text here. Click to load it

Bet you a banana cupcake that your HTML is screwed up.

Obey the Clown - /

Re: isset(), empty(), $_GET and $_POST problem

Chung Leong wrote:
Quoted text here. Click to load it

and how exactly are you sending both a _GET and _POST at the same time.  A form
action can be EITHER GET or POST but not both.  show us the complete  <form> tag.

if you are POSTing your login/pass with a message then  shouldn't you be looking
for _POST['message'] not _GET['message']

Michael Austin.
Consultant - Available.
Donations welcomed.

Re: isset(), empty(), $_GET and $_POST problem

On Mon, 26 Jul 2004 02:32:34 GMT, Michael Austin

Quoted text here. Click to load it

First let me say I've solved the problem.  Some code in an included
php file looked like this:

if (!isset($_SESSION['user']))
  // redirect to the login page
  $message = "There was a problem logging in.";
  header("Location: index.php?message=" . urlencode($message));

Originally, the if statement was only followed by a single statement,
and as such, it was not enclosed in code block .  A second
line was later added, but I didn't notice the brackets were missing.
(I was modifying code that wasn't mine. I would only leave out the
brackets if the entire if statement is all on one line to avoid
exactly this confusion.)  As a result, the second line was executed
because it's outside of the control structure, but the first line was
not.  (And since my login code was otherwise working, the if always
evaluated to false and left $message undefined.)

To answer the question about sending both _GET and _POST at the same
time, it's possible.  If the form uses the POST method, but the action
includes ?var=value stuff in the url, you get both.

However, in my case, I wasn't trying to do that, which is why I was
confused as to where the _GET message was coming from.  I also
couldn't figure out where my POST login/password values were
disappearing to.  Alas, all the code I was messing with and putting
trace calls into was working fine all along, and it was this included
file that was redirecting with the empty ?message=.

Since this was not screwed up HTML, I believe someone owes me a banana
cupcake.  :)

$cupcake = irradiate($_GET['cupcake']);  //just to be safe ;)

Re: isset(), empty(), $_GET and $_POST problem

Quoted text here. Click to load it

[) <- there!

Obey the Clown - /

Re: isset(), empty(), $_GET and $_POST problem

Chung Leong contained the following:

Quoted text here. Click to load it

It's a bit small.  You should have made it a class so that he could have
as many instances as he wants. :)

Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs /

Re: isset(), empty(), $_GET and $_POST problem

Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

On Mon, 26 Jul 2004 02:32:34 GMT

Quoted text here. Click to load it

Uhm... I suggest you think again, or try this.

// Please bare with syntax-errors... I've been coding Ruby
// the last 20 hours...

if (!empty($_POST['submit'])) {
    echo "<pre>";
    echo "\n\nBut we get:"

    echo "\n\n_POST: ";

    echo "\n\n_GET: ";
    echo "</pre>";

$self = $_SERVER['PHP_SELF'];
print <<<EOHTML
<form action="$self?what=you_see&aaand=this" method="POST" />
<input type="text" name="something" value="type something and submit"
/><br />
<input type="submit" name="submit" value=" Submit it! " />

Might enlighten you a little. ;)

Best regards,

 Anders K. Madsen ---

"There are 10 types of people in the world.
 Those who understand binary - and those who don't."

Content-Type: application/pgp-signature

Version: GnuPG v1.2.4 (GNU/Linux)



Re: isset(), empty(), $_GET and $_POST problem


Quoted text here. Click to load it

Well I just disproved that part by putting "|| 1" on the end of the if
statement instead of at the beginning.  So now I'm even more baffled.

What could be causing this?

Site Timeline