Checking PHP Strlen of multiple strings

Question

I have 4 fields from a previous page using an html form in the post method. Everything works fine except I am trying to check to make sure the strlens of each field are below 200. The following code always says that they are too long even though I am making sure they are way below 200.

PHP:

$hsname = trim($_POST['hsname']);
$hsstate = trim($_POST['hsstate']);
$hsemail = trim($_POST['hsemail']);
$hspassword = trim($_POST['hspassword']);

if (strlen($hsname) || strlen($hsstate) || strlen($hsemail) || strlen($hspassword) > 200){

die("Each field can only contain 200 characters");  //this is always returned even though the fields are below 200.
}
else {
echo "fields have good characters";
}

Answer 1

I will translate Your if condition:

if (strlen($hsname) || strlen($hsstate) || strlen($hsemail) || strlen($hspassword) > 200)

It`s like:

if(strlen($hasname)!='' || strlen($hsstate)!='' || strlen($hsemail)!='' || strlen($hspassword) > 200)

So You should know why it`s wrong now ;) Compare every strlen or try that:

$maximumValue = max(strlen($hsname), strlen($hsstate), strlen($hsemail), strlen($hspassword));
// You got maximum value now, so:
if($maximumValue > 200){}

Answer 2

The reason your condition always returns true is because you're only checking if the last string has a length of greater than 200. The other strings are checked for whether they have a length of greater than 0, so your condition reads "if any of the first 4 strings are greater than 0 or the last string is greater than 200". Try this instead

foreach(array($hsname,$hsstate,$hsemail,$hspassword) as $string) {
    if(strlen($string) > 200) {
        die("Each field can only contain 200 characters"); 
    }
}

Answer 3

That wont work, when you evaluate

strlen($hsname)

It will satisfy the if condition when it has more than 0 characters This is the same for the first 3 strings you check against

You need the ' > 200 ' for each of the strings you want to compare [assuming that you are passing the actual values in the post]:

$hsname = 'test';
$hsstate = 'test';
$hsemail = 'test';
$hspassword = 'test';

if (strlen($hsname) > 200 || strlen($hsstate) > 200 || strlen($hsemail) > 200 || strlen($hspassword) > 200){
    die("Each field can only contain 200 characters");  //this is always returned even though the fields are below 200.
} else {
    echo "fields have good characters";
}

Answer 4

You need to check that the fields are indeed there, and then check their length.

One way of doing it:

$fields = array('hsname', 'hsstate', 'hsemail', 'hspassword');

foreach ($fields as $field) {
    if (!array_key_exists($field, $_POST)) {
        die("Field {$field} is missing");
    }
    // Declare a variable whose name is in $field.
    ${$field} = trim($_POST[$field]);
    if (strlen(${$field}) > 200) {
        die("Field {$field} must be less or equal to 200 characters");
    }   
}

If you have international character support, you may also want to verify effective string length against database field length; a single UTF8 "character" may be more than one database field "character". The mb_* functions may help you, as well as utf8 encoding and decoding functions.