Can I use Empty and isset in a variable?

Asked

Viewed 1,823 times

12

Follow an example:

if(isset($_POST['nome']) && !empty($_POST['nome'])) {
    session_start();
    $_SESSION['nome'] = $_POST['nome'];
}

See demonstração

If I can’t use this, what would be recommended? I’m trying to adopt the best security issues for my site.

Interesting quote from a reference displayed in the @qmechanik response:

isset() test whether the variable was "started(isset)" and if you’re not null.

empty() can return "true" when the variable was "started(isset) by certain values.

Final logic: !empty check if it is not vázio, so if it is not empty it has been started, so !empty is enough and does not depend on isset, unlike the isset that depends on the !empty (This does not remove the fact that you can put isset and empty in such a situation) in some situations, finally any thought or quote that contradicts this, please reply if possible, thank you.

  • 1

    What is the intention, in terms of security?

  • Any care is little, I want to be safe in anything because my web will mess with some personal data and I do not want it to leak to any other hacker who has nothing to do..

2 answers

8


Power can, but it is redundant.

Both have different goals, the empty determines whether a variable is empty (one empty array, FALSE, NULL, 0 number or format string), the isset in turn informs if a variable was initiated, for example, if a variable is null or was destroyed with unset, the isset will return FALSE. One important detail: it does not check whether a variable is empty.

Using both is redundant, basically the empty is an abbreviation for !isset($variavel) || !$variavel, !empty() is analogous to isset($variavel) && $variavel, but without issuing warnings, the PHP manual quotes:

empty() is the opposite of (Boolean) var, with the exception of not generating a alert (Warning) if the variable does not exist.

The empty is implemented in the archive zend_language_parser. y - line 1204 which implements the method zend_compile_isset_or_empty present in the archive zend_compile. c - line 6117, empty is practically a !$variavel. This is the main point of this function: make a comparison boolean without having the concern of the set being variable or not.

If using one or the other, use the empty.

Example

$variavel;      // Variável indefinida
echo $variavel; // Notice: Undefined variable: variavel in...

if (!empty($variavel))
    echo "A {$variavel} pode ser usada, pois não está vazia ou indefinida.";
else
    echo "A variável está vazia ou não foi definida.";

See demonstração

The isset was not necessary to verify whether or not the variable was started.

References:

  1. Why check Both isset() and ! Empty()
  2. The Empty($v) Function is Actually (!isset($v) || $v != true)-and-Silence-warnings
  • Thank you for the very detailed reply friend, but now I am in doubt because according to the manual of php.net I do not understand anything about the examples :s and has the opposite answer of the friend there :s

  • updated the #code, details: isset = variable was started, Empty = the variable is not empty, so in this case will not give any kind of error, the friend of the other answer there translated me and agr I am converting into small forms. But I’ll clean it up in my shampoo when I get home.

  • I cleaned up on the ideone itself, check out: http://ideone.com/09MxuQ

  • But it would not be safer isset and Empty together?

  • @Kevinmtk O empty by itself already uses the isset internally. Run tests, look at source code, see references. =)

  • I agree with the logic that if the variable is not empty, then it was started earlier, unless a hacker bugges it...

  • @Kevinmtk you mentioned in the question that you were worried about security guard, maybe this link can make a start and this here also, in Portuguese. About good practice that is also informative. Any questions create a question. =)

  • 1

    Okay, thanks for the answers, and for the support rs, deserves best Anoswer friend!

Show 3 more comments

6

Can!
You are checking whether a variable exists and has some value.

A variable in php can be initialized without value, so it can be initiated and have no value attached to it, so there are several cases where you need to check if the variable exists and if it has value.

Observing

In your code you are checking if it exists or is empty, this can cause an error in the check, because the isset() is after the empty().

So do your verification like this to ensure the functioning of your code:

$post = $_POST['nome'];

if(isset($post) && !empty($post)) {
    session_start();
    $_SESSION['nome'] = $post; 
}

Note that I used && instead of using || so I need the variable to exist as long as it’s not empty.

  • Thank you for the very detailed answer, and the correction of my example code. D

  • many people are confused about empty. in some cases it is better to use only the empty, even if a variable does not exist!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.