Apache Friends Support Forum

by **sharavi79** » 04. January 2013 05:47

Hi all,
I am new to PHP. Please see the below code, there is no error but i can not get the output:

<?php
session_start();
if(isset($_SESSION['username'])){
echo "you are already registered $_SESSION[username]";
}
else if($_SERVER['REQUEST_METHOD']=='POST'){
if(!empty(trim($_POST['username']))
&& !empty(trim($_POST['email']))){
$uname=htmlentities($_POST['username']);
$email=htmlentities($_POST['email']);
$_SESSION['username']=$uname;
echo "thanks", "username: $uname <br />", "email: $email <br />";
}
else {
echo "pleaes fil both fields";
}
}
else {
?>
<form action="sessn.php" method="post">
<label for="username">username:</label>
<input type="text" name="username"/>
<label for="email">email:</label>
<input type="text" name="email"/>
<input type="submit" value="register"/>
</form>
<?php }
?>

by **Altrea** » 04. January 2013 07:37

Hi sharavi79,

sharavi79 wrote:if(!empty(trim($_POST['username']))
&& !empty(trim($_POST['email']))){

even if empty() looks like a function with its brackets, it is just a language construct, which means it has some limitations.
You can't use any functions (trim() for example) to use its return parameter with empty().

best wishes,
Altrea

by **sharavi79** » 09. January 2013 06:42

Hi Altrea,
I am new to PHP, I cant understand how to fix this problem. Could you explain me little more.

thanks,
Ravi

by **Altrea** » 09. January 2013 17:57

Hi Ravi,

sharavi79 wrote:I am new to PHP, I cant understand how to fix this problem. Could you explain me little more.

Sure, i can

If you don't need the trim() function, you can simply get rid of it:

Code: Select all: [...] elseif( 'POST' == $_SERVER['REQUEST_METHOD'] ) { if( ! empty( $_POST['username'] ) && ! empty( $_POST['email'] ) ) { $uname = htmlentities( $_POST['username'] ); $email = htmlentities( $_POST['email'] ); $_SESSION['username'] = $uname; [...]

If you need trim() i would use it later on in combination with htmlentities:

Code: Select all: [...] elseif( 'POST' == $_SERVER['REQUEST_METHOD'] ) { if( ! empty( $_POST['username'] ) && ! empty( $_POST['email'] ) ) { $uname = htmlentities( trim( $_POST['username'] ) ); $email = htmlentities( trim( $_POST['email'] ) ); $_SESSION['username'] = $uname; [...]

best wishes,
Altrea

by **hackattack142** » 09. January 2013 19:24

Hello,

I am going to throw in my 2 cents.

My advice would be to consult the documentation regarding functions when you are not sure about something. For example, the empty() construct (http://php.net/manual/en/function.empty.php) considers the following to be empty

Code: Select all: "" (an empty string) 0 (0 as an integer) 0.0 (0 as a float) "0" (0 as a string) NULL FALSE array() (an empty array) $var; (a variable declared, but without a value)

If you want to prevent your users from getting past your checks by inserting a space or other whitespace (would not be considered empty), you would need to perform the trim and assign the return values to a temporary variable before your empty checks.
For example:

Code: Select all: [...] elseif( 'POST' == $_SERVER['REQUEST_METHOD'] ) { $tmp_uname = trim( $_POST['username'] ); $tmp_email = trim( $_POST['email'] ); if( ! empty( $tmp_uname ) && ! empty( $tmp_email ) ) { $uname = htmlentities( $tmp_uname ); $email = htmlentities( $tmp_email ); $_SESSION['username'] = $uname; [...]

by **sharavi79** » 10. January 2013 06:07

Thanks Altrea, now its working.

Regards,
Ravi

Apache Friends Support Forum

Execution problem

Execution problem

Re: Execution problem

Re: Execution problem

Re: Execution problem

Re: Execution problem

Re: Execution problem

Who is online