Must I also check if the strings are empty apart from isset?

if I do the following code, can someone delete part of the form and still get this inserted as an empty value? Must I use empty as well or is isset alone good enough?

if (!isset($_GET[‘email’]) || !isset($_GET[‘userid’])) {
echo “”;
exit();
} else {
$email = strip_tags($_GET[‘email’]);
$username = strip_tags($_GET[‘userid’]);

if (!isset($_GET[‘email’]) || !isset($_GET[‘userid’])) {
  echo “”;
  exit();
}else{
 if (empty($_GET[‘email’]) || empty($_GET[‘userid’])){
 exit();
}else{
  $email = strip_tags($_GET[‘email’]);
  $username = strip_tags($_GET[‘userid’]);

//other codes
}
}

you can use both !isset and empty together for better result :confused:

3 Likes

isset() checks if something exists or not.

empty() checks of it has a value.

If you don’t set the super global $_GET with an index of email and pass it through isset() and empty(), isset will return false as $_GET[‘email’] is not set, but empty() will throw an error of “not found”

2 Likes

I am still confused as to what is the difference between doing empty() and if($username === ‘’) {}; don’t they both do the same thing?

i think $username === ‘’ returns true for empty space too. but empty() doesn’t

So I guess it would be better to use empty() instead of that ===’’?.. I guess I should be using all of them just to be safe?

btw it is Up to you to choose one since they’re same :slight_smile: