...

View Full Version : If statement is getting processed and I don't know why.



samuurai
12-28-2007, 07:54 PM
Newbie problem!!

An if statement in my code is getting processed and I can't figure out why.

The form comes up and even if the there's no data entered, I can still submit the form to the mysql database.

Here's my code:



<?php
include 'header.php';
include 'sidebar.php';

if(isset($_POST['addcontact'])) {
$errors = array();

if(!isset($_POST['firstname'])) {
echo strlen($_POST['firstname']);
$errors[] = 'Please enter a first name.';
}
/////////////// THIS is the if statement that's saying all is ok - Basically I want it to only submit to the database if there's a phone number or email address or both entered.
if(isset($_POST['mobile']) || isset($_POST['homephone']) || isset($_POST['workphone']) || isset($_POST['homephone']) || isset($_POST['email'])) {
$sql = "INSERT INTO addressbook (firstname,lastname,address1,address2,city,postcode,region,country,home,mobile,work,fax,email,websit e,dob,comments) VALUES ( '$_POST[firstname]', '$_POST[lastname]', '$_POST[address1]', '$_POST[address2]', '$_POST[city]', '$_POST[postcode]', '$_POST[region]', '$_POST[country]','$_POST[homephone]','$_POST[mobile]','$_POST[workphone]','$_POST[fax]','$_POST[email]','$_POST[website]','$_POST[dob]','$_POST[comments]')";
$result = mysql_query($sql);
?>
<h1>Successfully submitted new contact!</h1>


<?php
}
else {
$errors[] = 'Please enter some way of contacting the person';
}


if(empty($errors)) {
}
else {
echo '<h1>Error:</h1>The following error(s) ocurred:<br />';
foreach ($errors as $msg) {
echo " - $msg<br />\n";
}
}




}
else {
include 'addcontact.inc.php';
}
include 'footer.php';
?>

johnnyb
12-28-2007, 08:23 PM
Correct me if I'm wrong, but here's how I understand your problem:
1) You load up the web page with the form in it
2) You enter nothing in the form
3) You submit the blank form and the info is saved in the DB even though you didn't enter anything

Correct?


If so, I think it's because you're only checking that the variables are set, not that they actually contain anything.

isset($_POST['varname']) will return true even if $_POST['varname'] contains an empty string or null. This is because when you submitted the form the browser POSTed all of the form fields, even if they are empty. (Actually - there is an exception for checkboxes, but that's another story).

What I do is check both that the POST variable is set, ( isset($_POST['varname']) ), and I check for an expected value, usually just by checking that the strlen() is greater than 0 - or for a phone number that it's greater than the minimum length of the phone number I'm expecting.


So, if I was writing it, your IF right before you execute the query would look like this:


if((isset($_POST['mobile']) && strlen($_POST['mobile']) >= 10) || (isset($_POST['homephone']) && strlen($_POST['homephone']) >= 10) || (isset($_POST['workphone']) && strlen($_POST['workphone']) >= 10) || (isset($_POST['email']) && strlen($_POST['email']) > 0)) {


If you want to go farther you can check to see if the E-mail address is formatted correctly using a Regular Expression, but if you just want to avoid empty rows in your table the code above will do it.

matak
12-29-2007, 04:27 AM
people use SPACE, i think character for space is &bnsp; i'm not sure, maybe it becomes space. make sure that there at least some characters in field with preg_match or similar, and some smart regular expresion. can find many already writen in javascript, then it's easy to turn them to PHP...

Inigoesdr
12-29-2007, 06:57 AM
i think character for space is &bnsp;

The HTML character code for space is &nbsp; (non-breaking space).

samuurai
12-30-2007, 01:43 PM
isset($_POST['varname']) will return true even if $_POST['varname'] contains an empty string or null. This is because when you submitted the form the browser POSTed all of the form fields, even if they are empty.


That's all I needed.. thanks a lot. That's motivated me to set up some form validation :)

Thanks a lot JohnnyB



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum