isset(), empty(), $_GET and $_POST problem

From: Dan (agent_at_thwackspam.fathom.org)
Date: 07/25/04

Next message: Robert Stearns: "Re: where do the backslashes (\) come from?"

Previous message: Gordon Burditt: "Re: What is the purpose of an array?"
Next in thread: Dan: "Re: isset(), empty(), $_GET and $_POST problem"
Reply: Dan: "Re: isset(), empty(), $_GET and $_POST problem"
Reply: Chung Leong: "Re: isset(), empty(), $_GET and $_POST problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 25 Jul 2004 19:12:10 GMT

I was trying to troubleshoot a login page that doesn't work - it keeps
saying the login/password is missing - when my tracing discovered this
peculiar behavior.

register_globals is off, so at the top of my script I assign a few
variables to incoming GET and POST values.

  $login = clean($_POST['login'], 30);
  $passwd = clean($_POST['passwd'], 30);

  $message = $_GET['message'];

clean() is simply a function that trims to the specified length and
applies EscapeShellCmd().

Now, below that I have an if statement to check for whether a
login/password has been supplied or if an error message exists.

  if (isset($message) || empty($login) || empty($passwd))
  {
    // render the html page showing the form
  } else {
    // do some php/mysql stuff and redirect to another page
  }

Yet when I fill out those form fields and submit, it always redisplays
the form with my tracing errors stating that those fields are empty.

When I echo out all $_GET and $_POST variables, indeed they are empty,
and strangely there is a $_GET['message'] that has no value, but
nevertheless is on the end of the url. (/index.php?message=) I can't
figure out how it got there. The form action is just "index.php" and
it uses the POST method, so what could be adding that GET variable?

Now here's the weird part. If I simply add "1 ||" to the beginning of
that if statement, so basically it will always evaluate to true, then
suddenly the $_POST['login'] and $_POST['passwd'] are properly defined
and $_GET['message'] goes away!

So this makes me wonder, are the isset() and empty() functions
actually modifying the variables passed to them somehow? And when I
put a true value in front of them, the if statement stops parsing
before it gets to those functions?

Next message: Robert Stearns: "Re: where do the backslashes (\) come from?"

Previous message: Gordon Burditt: "Re: What is the purpose of an array?"
Next in thread: Dan: "Re: isset(), empty(), $_GET and $_POST problem"
Reply: Dan: "Re: isset(), empty(), $_GET and $_POST problem"
Reply: Chung Leong: "Re: isset(), empty(), $_GET and $_POST problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]