Apache Friends Support Forum

Hi all,
I am new to PHP. Please see the below code, there is no error but i can not get the output:

<?php
session_start();
if(isset($_SESSION['username'])){
echo "you are already registered $_SESSION[username]";
}
else if($_SERVER['REQUEST_METHOD']=='POST'){
if(!empty(trim($_POST['username']))
&& !empty(trim($_POST['email']))){
$uname=htmlentities($_POST['username']);
$email=htmlentities($_POST['email']);
$_SESSION['username']=$uname;
echo "thanks", "username: $uname <br />", "email: $email <br />";
}
else {
echo "pleaes fil both fields";
}
}
else {
?>
<form action="sessn.php" method="post">
<label for="username">username:</label>
<input type="text" name="username"/>
<label for="email">email:</label>
<input type="text" name="email"/>
<input type="submit" value="register"/>
</form>
<?php }
?>

Hi sharavi79,

sharavi79 wrote:if(!empty(trim($_POST['username']))
&& !empty(trim($_POST['email']))){

even if empty() looks like a function with its brackets, it is just a language construct, which means it has some limitations.
You can't use any functions (trim() for example) to use its return parameter with empty().

best wishes,
Altrea

Hi Altrea,
I am new to PHP, I cant understand how to fix this problem. Could you explain me little more.

thanks,
Ravi

Hi Ravi,

sharavi79 wrote:I am new to PHP, I cant understand how to fix this problem. Could you explain me little more.

Sure, i can

If you don't need the trim() function, you can simply get rid of it:

Code: Select all

[...]
elseif( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
    if( ! empty( $_POST['username'] ) && ! empty( $_POST['email'] ) ) {
        $uname = htmlentities( $_POST['username'] );
        $email = htmlentities( $_POST['email'] );
        $_SESSION['username'] = $uname;
[...]

If you need trim() i would use it later on in combination with htmlentities:

Code: Select all

[...]
elseif( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
    if( ! empty( $_POST['username'] ) && ! empty( $_POST['email'] ) ) {
        $uname = htmlentities( trim( $_POST['username'] ) );
        $email = htmlentities( trim( $_POST['email'] ) );
        $_SESSION['username'] = $uname;
[...]

best wishes,
Altrea

Hello,

I am going to throw in my 2 cents.

My advice would be to consult the documentation regarding functions when you are not sure about something. For example, the empty() construct (http://php.net/manual/en/function.empty.php) considers the following to be empty

Code: Select all

"" (an empty string)
0 (0 as an integer)
0.0 (0 as a float)
"0" (0 as a string)
NULL
FALSE
array() (an empty array)
$var; (a variable declared, but without a value)

If you want to prevent your users from getting past your checks by inserting a space or other whitespace (would not be considered empty), you would need to perform the trim and assign the return values to a temporary variable before your empty checks.
For example:

Code: Select all

[...]
elseif( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
    $tmp_uname =  trim( $_POST['username'] );
    $tmp_email = trim( $_POST['email'] );
    if( ! empty( $tmp_uname ) && ! empty( $tmp_email ) ) {
        $uname = htmlentities( $tmp_uname );
        $email = htmlentities( $tmp_email );
        $_SESSION['username'] = $uname;
[...]

Thanks Altrea, now its working.

Regards,
Ravi