Home/ Questions/Q 956157
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T00:30:03+00:00

When checking that variables passed via GET and POST are correct, I might have

  • 0

When checking that variables passed via GET and POST are correct, I might have something like this:

<?php
//Controller
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
  if(!isset($_POST['new_email']))
    header('Location: somepage.php');
  else if(empty($_POST['new_email']))
    //Report error to user and prompt to try again
  else
    $newEmail = $_POST['new_email'];

  if(!isset($_POST['full_name']))
    header('Location: somepage.php');
  else if(empty($_POST['full_name']))
    //Report error to user and prompt to try again
  else
    $newName = $_POST['full_name'];

  if(!isset($_POST['new_password_a']))
    header('Location: somepage.php');
  else if(empty($_POST['new_password_a']))
    //Report error to user and prompt to try again
  else
    $newPasswordA = $_POST['new_password_a'];

  if(!isset($_POST['new_password_b']))
    header('Location: somepage.php');
  else if(empty($_POST['new_password_b']))
    //Report error to user and prompt to try again
  else
    $newPasswordB = $_POST['new_password_b'];

  //Do some things with the variables
}
else
{
  header('Location: somepage.php');
}

//View
//Display relevant view here
?>

How would you check GET and POST variables in your PHP script? I wonder if there is a better way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Maybe creating a function to avoid the repeated code?

    function check($varname,$destination,$message) {
    if (!isset($_POST[$varname])) {
        header("Location: $destination");
    } else if (empty($_POST[$varname])) {
        //Do something with $message
    } else {
        return $_POST[$varname];
    }
    return NULL;
}

    And then,

    <?php
//Controller
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
  $newEmail = check('new_email','somepage.php','Error message');
  $newName = check('new_name','somepage.php','Error message');
  $newPasswordA = check('new_password_a','somepage.php','Error message');
  $newPasswordB = check('new_password_b','somepage.php','Error message');

  //Do some things with the variables
  //Checking for NULL values (although if some var was null, 
  //it should have either redirected or reported an error)
}
else
{
  header('Location: somepage.php');
}

//View
//Display relevant view here
?>

    What The Pixel Developer says is true though, you should sanitize the inputs at least against SQL injection (if you will use the data in a database) and CSRF attacks.

    • 0