PHP isset() and Form Input


It is easy to fall prey to simple errors when writing PHP. Usually when a script spits out an error it is because there is no semicolon or a quote mark is in the wrong spot. Even so, PHP is fairly forgiving and also explicit in warning of mistakes, but sometimes simple errors can also be deceptively hard to find.

The isset function is frequently used in if statements to test for a condition. Yet it can also fool the programmer when dealing with form input. For example input from a form looks something like this:

<input type=”text” name=”book” value=”<?php print $_SESSION[book]; >” />

However, the $_SESSION[book] variable happens to be empty, because say a book has not yet been chosen. What is more when the user submits the form, he does not fill in the “book” data.

Now if the script receiving this data looks like this:

if(isset($_SESSION[book]))
{
$x = “Eat chopped liver.”
}

Then someone is going to be eating chopped liver because even though there is nothing in the variable $_SESSION[book], the variable is still SET.

  1. No comments yet.

You must be logged in to post a comment.