1

I'm using jQuery to post HTTP requests to my PHP page (Apache/Linux, if that matters). I carefully validate on the client so that empty requests are not sent. However on occasions, I'd get an empty request like this:
- $_POST collection empty ($_GET collection also empty);
- Content-Length is nonzero (a number below 100, consistent with a valid POST from my script)
- Content-Type properly application/x-www-form-urlencoded
- reading from php://input yields an empty string

It's as if $_POST is somehow eaten on the way. I checked the code very carefully - I don't do anything to the contents of $_POST.

CLARIFICATION: I do catch this condition on the server; it's not like my code dies horribly. But I have a very strong feeling that it's not genuine lack of user input, but some kind of data corruption en route. Why else would there be a nonzero Content-Length?

If the client-side validation failed, I'd get a $_POST with empty fields. The way things are, I'm getting no fields at all. Utterly perplexed.

Any ideas, please?

UPDATE: the client-side request submittal code goes like this:

var r = trim((re = document.getElementById("tread")).value),
    m = trim((me = document.getElementById("tmean")).value);
if(r == "" && m == "")
    alert("Please provide.");
else
{
    $.post(URLPrefix + "tsearch.php", {R : r, M : m, Src:"bytext"}, DoneSearch, "html");
}

There's also another request to the same server-side script, which goes:

$.post(URLPrefix + "tsearch.php", {K0 : KCode(0),
    K1 : KCode(1), K2 : KCode(2), K3 : KCode(3),
    P : document.getElementById("pos").checked ? 1 : 0,
    Src:"bykanji"}, DoneSearch, "html");

I don't see how this code, where all fields are unconditional, can provide an empty POST collection.

Improve this question
0

2 Answers 2

Reset to default
0

If you're validating on the client side using jQuery/Javascript, clients with scripting turned off will not hit you validation code. If you want to test for that, have an additional hidden field and set it to a value using JS in your form.

e.g. In your form, have

<input  type="hidden" value="False, JS is off" name="my-hidden-field" />

and int your javascript

$('#my-hidden-field').val('True, JS is on');

You can use this to see if the empty posts are a result of your validation code failing to run on the client side of things.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

jQuery post() is invoked from the script to begin with. There's no form/action/method combo as a backup. So if scripting is off on the client, nothing will ever work. Also, I can see, in my logs, a series of requests from very obviously the same user - same IP, within minutes of one another, and all of them except one look proper (with $_POST variables in them).
0

I would honestly suggest doing both client-side and server-side validation. Checking for empty/null inputs in the $_POST[] array using PHP is trivial. Presumably your JavaScript should catch the empty inputs and not allow the request but just in case someone by-passes your JS you should always double check on the server. Something as simple as:

if(empty($_POST['val']))
 // throw error

Would work just fine, you can either halt all processing from that point or handle it any way you like. If data validation is important I really think it should be done on the server, JavaScript (or anything that is strictly client-side) is just too easy to tinker with.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.