> if(isset($_REQUEST['firstname']) && !empty($RESULT['firstname'])) {
> $name = $_REQUEST['firstname'];
> } else {
> $name = 'Sir or Madam';
> }
>
> Can anyone see any problems with the code?
Your conditional will never evaluate to true. What is $RESULT? Where
did it come from? $RESULT is not a built-in PHP variable or function,
so empty($RESULT) will always be true, making !empty(...) always
false.
Also, it should be noted that if a form field exists, it will exist in
the form data POSTed to PHP, even if the field is empty.
I'm guessing that what you want to do is something like this:
if(!empty($_POST['firstname']) {
$name = $_POST['firstname'];
} else {
$name = 'Sir or Madam';
}
empty() will evaluate to false if the field is empty OR if the field
does not exist. Also not the use of $_POST instead of $_REQUEST.
This will ensure that your data is actually coming from the form
instead of an attacker trying to inject data with $_GET variables or
some other source.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
