I was looking for a catch-all way to easily determine whether any user data was posted via any HTML Form — without having to worry about the intricacies of each individual Form — in order to easily prohibit unregistered users from posting any content on the site.
Assuming the Form’s action attribute is always POST, is there any potential issues with using:
if(count($_POST) > 0)
to check if any data was posted?
In other words, is there any scenario where count($_POST) might be > 0 even if the user did not submit any info via POST, or where count($_POST) might == 0 even if the user did submit any info via POST?
(I first tried isset($_POST), but that didn’t work as it returns true even if no POST data is submitted by the user.)
This would be the simplest way to determine if one or more values have been sent via POST.
However, sometimes you may receive a form post that doesn’t contain any keys/values. An example would be an “accept our terms of service by clicking the checkbox” type form, where the only form field is a checkbox, or submit button. Checkbox name/value pairs are only sent if the checkbox gets checked, and submit buttons name/values aren’t always sent by browsers. Another example where $_POST could have no entries could be a file upload form. A good form handler will properly behave in these scenarios. You can use the following to detect a post request in ALL circumstances.