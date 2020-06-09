Not to mention that the code cannot assume that post fields exist.

Just because your form is properly constructed doesn’t stop anyone from sending an empty POST request to your system.

As for

codeispoetry: codeispoetry: than what could be the point of putting extra constraint of → if (!empty($_POST['first_name'])) {

It’s there to put a default value in if the form was submitted correctly, but has an empty field.

Now, there’s a shorter way of writing it;

if (isset($_POST['first_name'])) { if (!empty($_POST['first_name'])) { $_SESSION['first_name'] = htmlentities($_POST['first_name']); } else { $_SESSION['first_name'] = 'Bashful'; } }

=>

if(isset($_POST['first_name'])) { $_SESSION['first_name'] = htmlentities($_POST['first_name']) ?: "Bashful"; }

(PHP 5.3+)

Fair warning: This will also mean that someone who puts their first name as “0” will be called Bashful, due to the nature of truthy boolean conversion.