mysql - PHP isset() with multiple parameters

Question

I'm trying to work with AJAX autocompletes and I am having a few problems with getting the two languages to work in synergy.

When I replace all the issets with only 1 $_POST the snippet below will work, however by adding another $_POST I get an error on line 5.

<?php 

require_once '../Configuration.php';
if (isset($_POST['search_term'] . $_POST['postcode']) == true && empty ($_POST['search_term'] . $_POST['postcode']) == false) {
$search_term = mysql_real_escape_string($_POST['search_term'] . $_POST['postcode']);
$query = mysql_query("SELECT `customer_name`,`postcode` FROM `Customers` WHERE `customer_name` LIKE '$search_term%' ");
while(($row = mysql_fetch_assoc($query)) !== false) {
    //loop
    echo '<li>',$row['customer_name'] . $row['postcode'] '</li>';
}
}


?>

Any advice on why it is throwing this error would be much appreciated. Thanks.

I understand I should be using mysqli, I am just trying to get the logic first :)

Js:

Primary.js:

$(document).ready(function() {
$('.autosuggest').keyup(function() {

    var search_term = $(this).attr('value');
    var postcode = $_GET['postcode'];
    //alert(search_term); takes what is typed in the input and alerts it
    $.post('ajax/search.php', {search_term:search_term, postcode:postcode},     function (data) {
        $('.result').html(data);
        $('.result li').click(function() {
            var result_value = $(this).text();
            $('.autosuggest').attr('value', result_value);
            $('.result').html('');

        });
    });
});
});

Answer 1

The parameter(s) to isset() must be a variable reference and not an expression (in your case a concatenation); but you can group multiple conditions together like this:

if (isset($_POST['search_term'], $_POST['postcode'])) {
}

This will return true only if all arguments to isset() are set and do not contain null.

Note that isset($var) and isset($var) == true have the same effect, so the latter is somewhat redundant.

Update

The second part of your expression uses empty() like this:

empty ($_POST['search_term'] . $_POST['postcode']) == false

This is wrong for the same reasons as above. In fact, you don't need empty() here, because by that time you would have already checked whether the variables are set, so you can shortcut the complete expression like so:

isset($_POST['search_term'], $_POST['postcode']) && 
    $_POST['search_term'] && 
    $_POST['postcode']

Or using an equivalent expression:

!empty($_POST['search_term']) && !empty($_POST['postcode'])

Final thoughts

You should consider using filter functions to manage the inputs:

$data = filter_input_array(INPUT_POST, array(
    'search_term' => array(
        'filter' => FILTER_UNSAFE_RAW,
        'flags' => FILTER_NULL_ON_FAILURE,
    ),
    'postcode' => array(
        'filter' => FILTER_UNSAFE_RAW,
        'flags' => FILTER_NULL_ON_FAILURE,
    ),
));

if ($data === null || in_array(null, $data, true)) {
    // some fields are missing or their values didn't pass the filter
    die("You did something naughty");
}

// $data['search_term'] and $data['postcode'] contains the fields you want

Btw, you can customize your filters to check for various parts of the submitted values.