php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49219 Incorrect Inputvalidation on GET/POST/REQUEST params in function empty()
Submitted: 2009-08-11 08:38 UTC Modified: 2009-08-11 09:25 UTC
From: er at master-studios dot net Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 5.2.10 OS: Centos
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: er at master-studios dot net
New email:
PHP Version: OS:

 

 [2009-08-11 08:38 UTC] er at master-studios dot net 
Description:
------------
empty() function works incorrect for value validation

Reproduce code:
---------------
---
From manual page: function.empty
---

file.php:

<?php
  if(empty($_GET[s]))
     echo "EMPTY";
  else
     echo "FULL";
?>



Expected result:
----------------
on running the "file.php?s=asdf" works fine. 

Actual result:
--------------
And if an empty array is passed to this function there should also be a "EMPTY" result. but if you call "file.php?s[]=" the you get a FULL.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-11 09:20 UTC] jani@php.net 
# php -r '$foo=array();var_dump(empty($foo));'
bool(true)

Empty array is empty. Not a bug.
 [2009-08-11 09:25 UTC] jani@php.net 
And as for ?s[]=, that is not empty, it has one empty item:

# QUERY_STRING=foo[]= SCRIPT_FILENAME=t.php src/build/php_5_2/sapi/cgi/php-cgi 
X-Powered-By: PHP/5.2.11-dev
Content-type: text/html

array(1) {
  ["foo"]=>
  array(1) {
    [0]=>
    string(0) ""
  }
}
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Dec 04 16:00:01 2025 UTC