Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Problems with validation logic

From: PHP with MySQL Essential Training

Video: Problems with validation logic

In this movie we're going to talk about problems that can occur in your validation logic. Now these are problems that happen with any if statement, but they're critical to get right when we're working with validations. Normally in your code, if your if statement's not right, well, then you'll see it right there on the page and know, while you're developing, that you've done something wrong. But if our validations fail us, then we lose control over the data that's coming into our application. And we may not even know about it because we're not there at the time that it happens. So let's work to understand some of the common problems. The last movie we wrote a validation, that would check to make sure the @ symbol, was inside a string that was being submitted by a form.

Problems with validation logic

In this movie we're going to talk about problems that can occur in your validation logic. Now these are problems that happen with any if statement, but they're critical to get right when we're working with validations. Normally in your code, if your if statement's not right, well, then you'll see it right there on the page and know, while you're developing, that you've done something wrong. But if our validations fail us, then we lose control over the data that's coming into our application. And we may not even know about it because we're not there at the time that it happens. So let's work to understand some of the common problems. The last movie we wrote a validation, that would check to make sure the @ symbol, was inside a string that was being submitted by a form.

And the string POS function is what we were using. That function either returns the position where the item is found, or it returns false if it's not found at all. If we use the simple comparison operator equals equals then we get false positives. We need to use the triple equals to say that it's exact. And the reason why is because if the @ symbol is in the first position, then string position will return zero to us. because that's the position the string starting at zero so it'll return zero and believe it or not zero is equal to false as far as PHP is concerned. Let's take a look.

Let's create ourselves a new page. I'm going to create basic.html, and I'm going to do a Save As, and let's call this false_positives.php. Now these aren't really truly false positives, because this is just the way PHP works. It's not like PHP is getting it incorrect, PHP is doing it correctly, but they might seem like false positives to us if we don't understand what it's doing. So, let me just start by pasting in a basic function here, and I'm going to call this function is equal. It's going to take two values, and it's going to output those values to us followed by a colon, using the double equals operator, and then it's going to compare them.

And if they are equal, then it's going to output true, and if not equal, it's going to output false. So it's going to return the output to us, and then, I'm just going to paste a whole bunch of examples here. Not going to sit and type them all out. You can take time to review them one by one. But I'm going to be comparing various things, like zero vs false. The number four vs true. Zero number vs the string and zero. Zero vs an empty string. Zero vs a string with the letter A in it. The number one vs the number 01, and so on.

Let's try this all out and see what we get. Go into Firefox and lets load up false positives dot php. Look at that. Every single one of them returned true. Every single one said it was true. Now don't worry the display here is a little off because when it goes to convert false to a string to display it, it comes back with no empty string so don't let that throw you. The key part is notice that every single one of these lines returns true. All of these things are considered equivalent in PHP. Now why is that? It's because when PHP does a comparison it does type juggling for you. Remember we talked about type juggling.

PHP does type juggling here in order to compare two things that have a different type. In every single one of these cases, I've got something that is of a different type, with one exception which is here. I've got something that are two strings, right? So be careful about that. Here, I've got things that are both strings but it compares them and says that they are equal because there's only spaces at the beginning or the plus sign at the beginning. And it sees those as being numbers. It's an odd quirk in PHP ,I just want you to see. So all of these things are considered equal. There are some rules for how PHP goes about doing these comparisons.

When PHP does type juggling during comparisons. String vs null. It converts null to be an empty string and then compares them to see if they are the same. So empty string versus null is going to be equal. The letters A, B, C versus null is not going to be equal. If we have a Boolean versus any other type at all, doesn't matter what it is, any other type it's going to convert the other one to be a Boolean. And there are rules about how it does that, but it's going to try and figure out how to convert. A number or a string to be in a boolean, either true or false. And then number versus others, the last one, if it's a number versus something else besides boolean, it's going to convert that other thing to being a number.

So if that other thing is a string, it'll use its conversion to convert a string to a number. We saw a little bit of how that worked earlier. If it's null, well, it's going to try and convert that to be a number. What is null? Well, that's converted to 0. So these are the basic rules that it's going to use to follow when it's doing the switching. So how can you get around these false positives? Let's just take all of this code that we have, let's just copy it, and drop down here, going to paste it in again, but this time, instead of is equal, let's make it is exact. And instead of a double equals, we're going to use a triple equals, so is it exactly the same.

We're not saying, is it roughly the same, is it exact. And then, for each one of these, let's just paste that in, all the way down the line. There we go. Now let's go back over, let's put a br tag here, just so we can see the difference. Br in the middle Let's go back over and reload our page. Every single one of those returns false. So, you see the importance of the triple equals here. If we have two types that are different, that may be different, then we want to use that triple equals. The other solution, that instead of letting PHP doing type juggling for you, you could do type switching and switch it yourself.

So you can make sure that whatever you're comparing gets converted to be two strings or to be two numbers. If you do that though make sure that you are certain that both types end up being the same thing. Otherwise PHP's type juggling is still going to kick in. So you might be setting something to be a string but if what you're comparing it to is an integer. Well PHP is going to go ahead and do it's switching behind the scenes. So spend some time playing with these false positives so that you understand what they are. But it also has an implication for another PHP function that's very common and that's empty. With the empty function, an empty string, zero, zero inside a string, null, false, and an empty array, are all considered to be empty. And that might not be what you would expect, especially that third one there, that third one really could trip you up.

You think, well wait a minute. I sent a string with zero in it back. That's not empty, that's zero. That's the number zero that I was trying to return to the user. Imagine that you have a web form that asks, how many children do you have? It wouldn't be very useful if we checked to see if they submitted a value for that form. But they're not allowed to put in the value zero. For zero children. We require them to have one, two, three or more children. So you can see how this would trip you up. To see this, let's close up our false positives page. Just save it and then close it. And let's go back to the page we were on before.

Which was our validations dot php. So it's down here, validations.php. And up at the top of it, you can see here's where we used empty. So let's just try some of these now. So if we have an empty string, well, then we know it's going to be empty, but let's try the number 0 in there. Let's reload our page, validation failed. See how that works? Put two 0's in there, now validation works. Let's put the number 1 in there, the validation works. But the 0 is a problem for us. So in addition to the example I gave where you might want to enter the number of children being 0.

It also comes up when you are working with select options, where one of the selections might be the number zero. It's important for radio buttons where you are choosing between true and false, like visible. A lot of times you'll send zero for not visible and one, true, if it is visible. It also comes up with checkboxes, because checkboxes often send zero if they're not checked and one if they are checked. Let's try another example here, though. Let's put an empty space in here. Now we've just got a space, in fact, let's put several spaces. Save it Let's reload the page.

It passes our validations. Says it wasn't empty. Now some of this is deciding what you mean empty is. But probably if someone had a web form and they just typed some spaces, you probably don't want to accept that value. We probably want to require them to put something in that field. Now dealing with spaces one way to do that is just to use the Trim function. So we'll trim all of the spaces out of there, leading and trailing spaces and see what we're left with. And if that turns out to be empty then we'll know that the field was empty, so that's a good easy fix. Another way we could do this is add something to this to say that well if it's not empty, and if it's not is numeric value. So if the value is not numeric, then we're going to allow it. So let's try that, let's try if we have the number 0 now. It passes our validations.

Another way to do it is not to use empty at all, but to just say, well the value must be exactly equal to this, an empty string. So after we trim it, if the value is exactly equal to that, Whatever they sent us, then we know that it's empty. So let's try that. Once again it a passes validations because we have a 0 in there. take the 0 out and now it fails our validations. Another commons solution that many developers adopt is to write their own version of empty which meets their specific needs. So you write your own function that says if it is one of the following values, and you check to see and you just get to pick from this list and decide...

Which things you think ought to be considered empty. If you don't think false should be considered empty, well then you can leave it out of your set. If you don't thing that zero is a string should be empty, you can leave that out of your set. So you can write your own custom function. Last bit of caution I want to give you about the logic of your validations is just to make sure you are careful with the basic operators as well. So many bugs get caused by using less than, less than or equal to, greater than, greater than or equal to Incorrectly. So you want something to only be five characters? Well, should you use less than or less than or equal to? You have to be careful about that and then the operators and, and or making sure that your logic really is sound between all those.

A lot of times it takes a little while to get it all worked out exactly. So that your conditions, when grouped, there are several of them, All still result in one true or false that has the correct answer you want.

Show transcript

This video is part of

Image for PHP with MySQL Essential Training
PHP with MySQL Essential Training

131 video lessons · 34295 viewers

Kevin Skoglund
Author

 
Expand all | Collapse all
  1. 4m 8s
    1. Welcome
      1m 0s
    2. Using the exercise files
      3m 8s
  2. 15m 6s
    1. What is PHP?
      3m 52s
    2. The history of PHP
      2m 51s
    3. Why choose PHP?
      4m 10s
    4. Installation overview
      4m 13s
  3. 54m 53s
    1. Overview
      2m 33s
    2. Working with Apache Web Server
      6m 56s
    3. Changing the document root
      7m 24s
    4. Enabling PHP
      6m 16s
    5. Upgrading PHP
      3m 30s
    6. Configuring PHP
      10m 3s
    7. Installing MySQL
      5m 46s
    8. Configuring MySQL
      7m 24s
    9. Text editor
      5m 1s
  4. 31m 25s
    1. Overview
      3m 27s
    2. Installing WampServer
      5m 46s
    3. Finding the document root
      2m 24s
    4. Configuring PHP
      8m 12s
    5. Configuring MySQL
      5m 45s
    6. Text editor
      5m 51s
  5. 19m 12s
    1. Embedding PHP code on a page
      6m 43s
    2. Outputting dynamic text
      5m 55s
    3. The operational trail
      2m 27s
    4. Inserting code comments
      4m 7s
  6. 1h 18m
    1. Variables
      7m 50s
    2. Strings
      4m 38s
    3. String functions
      8m 54s
    4. Numbers part one: Integers
      6m 27s
    5. Numbers part two: Floating points
      5m 25s
    6. Arrays
      10m 0s
    7. Associative arrays
      6m 37s
    8. Array functions
      6m 33s
    9. Booleans
      3m 50s
    10. NULL and empty
      5m 15s
    11. Type juggling and casting
      8m 27s
    12. Constants
      4m 43s
  7. 27m 37s
    1. If statements
      6m 0s
    2. Else and elseif statements
      4m 16s
    3. Logical operators
      7m 30s
    4. Switch statements
      9m 51s
  8. 42m 15s
    1. While loops
      8m 41s
    2. For loops
      5m 59s
    3. Foreach loops
      8m 16s
    4. Continue
      8m 28s
    5. Break
      4m 8s
    6. Understanding array pointers
      6m 43s
  9. 37m 25s
    1. Defining functions
      8m 25s
    2. Function arguments
      5m 32s
    3. Returning values from a function
      7m 33s
    4. Multiple return values
      4m 53s
    5. Scope and global variables
      6m 2s
    6. Setting default argument values
      5m 0s
  10. 20m 18s
    1. Common problems
      3m 47s
    2. Warnings and errors
      8m 36s
    3. Debugging and troubleshooting
      7m 55s
  11. 57m 57s
    1. Links and URLs
      5m 33s
    2. Using GET values
      5m 35s
    3. Encoding GET values
      8m 41s
    4. Encoding for HTML
      9m 26s
    5. Including and requiring files
      7m 40s
    6. Modifying headers
      6m 45s
    7. Page redirection
      6m 43s
    8. Output buffering
      7m 34s
  12. 1h 3m
    1. Building forms
      7m 28s
    2. Detecting form submissions
      5m 59s
    3. Single-page form processing
      7m 57s
    4. Validating form values
      10m 40s
    5. Problems with validation logic
      9m 54s
    6. Displaying validation errors
      7m 23s
    7. Custom validation functions
      6m 28s
    8. Single-page form with validations
      7m 25s
  13. 28m 5s
    1. Working with cookies
      2m 49s
    2. Setting cookie values
      5m 55s
    3. Reading cookie values
      6m 1s
    4. Unsetting cookie values
      4m 51s
    5. Working with sessions
      8m 29s
  14. 48m 39s
    1. MySQL introduction
      6m 43s
    2. Creating a database
      7m 41s
    3. Creating a database table
      7m 42s
    4. CRUD in MySQL
      5m 48s
    5. Populating a MySQL database
      7m 32s
    6. Relational database tables
      6m 40s
    7. Populating the relational table
      6m 33s
  15. 56m 4s
    1. Database APIs in PHP
      4m 51s
    2. Connecting to MySQL with PHP
      7m 45s
    3. Retrieving data from MySQL
      8m 47s
    4. Working with retrieved data
      6m 12s
    5. Creating records with PHP
      6m 58s
    6. Updating and deleting records with PHP
      9m 6s
    7. SQL injection
      3m 5s
    8. Escaping strings for MySQL
      6m 45s
    9. Introducing prepared statements
      2m 35s
  16. 35m 58s
    1. Blueprinting the application
      7m 19s
    2. Building the CMS database
      5m 14s
    3. Establishing your work area
      4m 38s
    4. Creating and styling the first page
      4m 22s
    5. Making page assets reusable
      6m 36s
    6. Connecting the application to the database
      7m 49s
  17. 32m 49s
    1. Adding pages to the navigation subjects
      5m 58s
    2. Refactoring the navigation
      6m 7s
    3. Selecting pages from the navigation
      6m 2s
    4. Highlighting the current page
      5m 26s
    5. Moving the navigation to a function
      9m 16s
  18. 1h 45m
    1. Finding a subject in the database
      9m 48s
    2. Refactoring the page selection
      10m 52s
    3. Creating a new subject form
      6m 55s
    4. Processing form values and adding subjects
      11m 20s
    5. Passing data in the session
      9m 16s
    6. Validating form values
      9m 40s
    7. Creating an edit subject form
      8m 30s
    8. Using single-page submission
      7m 44s
    9. Deleting a subject
      9m 44s
    10. Cleaning up
      10m 37s
    11. Assignment: Pages CRUD
      4m 30s
    12. Assignment results: Pages CRUD
      6m 10s
  19. 39m 26s
    1. The public appearance
      8m 52s
    2. Using a context for conditional code
      11m 37s
    3. Adding a default subject behavior
      6m 9s
    4. The public content area
      5m 51s
    5. Protecting page visibility
      6m 57s
  20. 1h 3m
    1. User authentication overview
      4m 3s
    2. Admin CRUD
      8m 41s
    3. Encrypting passwords
      7m 26s
    4. Salting passwords
      5m 42s
    5. Adding password encryption to CMS
      11m 54s
    6. New PHP password functions
      3m 13s
    7. Creating a login system
      11m 28s
    8. Checking for authorization
      5m 48s
    9. Creating a logout page
      5m 40s
  21. 2m 4s
    1. Next steps
      2m 4s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed PHP with MySQL Essential Training.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.