Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello,

 

This chapter contains this tip: "One thing most beginner developers don’t realize is that it’s possible—in fact, quite easy—for a hacker to submit data to your PHP script without using your intended HTML form. For this reason, it’s important that you validate the existence of expected variables (i.e., that
they are set), their type, and their values."

 

I take it that the example presented in Script 6.7 demonstrated how to validate the fields? So that there would be no need to use the function isset in this particular case for example?

 

Than you.
 

Link to comment
Share on other sites

  • 3 years later...
On 3/31/2017 at 11:52 AM, Larry said:

Good question! No, I would actually use isset() on all the POST variables before using empty() or doing other checks. Just a bit safer that way (well, it avoids errors). 

This is a little confusing for me.  Are you saying that I should be using the following when validating the passwords for example?

// Validate the password:
if isset((empty($_POST['password']))) {
	print '<p class="error">Please enter your password.</p>';
	$okay = FALSE;
}

// Check the two passwords for equality:
if isset(($_POST['password'] != $_POST['confirm'])) {
	print '<p class="error">Your confirmed password does not match the original password.</p>';
	$okay = FALSE;
}

 

Link to comment
Share on other sites

Thanks for the clarification. I may have overstated, or suggested using isset() too bluntly. It really depends upon the situation and how overly careful you may want to be. And what level of error reporting you have in place! If I recall correctly, empty() doesn't throw a warning if a variable isn't set, but I'd test that first (i.e., your first example is probably fine but maybe isset() isn't necessary). 

You could/should do isset() on $_POST['confirm'] before referencing it, but you can't do isset() on a condition, as you have in the second example. 

Let me know if anything is still unclear!

Link to comment
Share on other sites

 Share

×
×
  • Create New...