...

View Full Version : Validation Error



Noumenon
02-17-2006, 11:42 AM
I get neither an error message nor an input into the DB. What am I missing?



<?php
if(isset($_POST['submit']) && $_POST['submit'] == 'Submit'){ //if submitted
$name = $_POST['name'];
$website = $_POST['website'];
$entry = $_POST['entry'];
$ip = $_SERVER['REMOTE_ADDR'];

if(empty($name) || $name == "Name" || $name == "&nbsp;Name"){ //if $name is blank or either "Name" or "&nbsp;Name" show error
$error = '<FONT CLASS="f3">You did not enter your name.</FONT>';
}
else{
if(empty($entry) || $entry == "Message" || $entry == "&nbsp;Message"){ //if $entry is blank or either "Message" or "&nbsp;Message" show error
$error = '<FONT CLASS="f3">You did not enter a message.</FONT>';
}
else{
if(empty($website) || $website == "Website" || $website == "&nbsp;Website"){ //if $website is blank or either "Website" or "&nbsp:Website" insert null
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', NULL, '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());

}
else{
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', '$website', '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
}
}
}
?>
<TABLE BORDER="0">
<TR>
<TD>
<FORM ACTION="<?php echo $PHP_SELF; ?>" METHOD="post" NAME="guestbook">
<INPUT TYPE="text" NAME="name" SIZE="25" MAXLENGTH="30" VALUE="&nbsp;Name" CLASS="formstyle" OnFocus="javascript:this.select()">
<INPUT TYPE="submit" NAME="submit" VALUE="&nbsp;Send&nbsp;" CLASS="submitstyle"><BR>
<INPUT TYPE="text" NAME="website" SIZE="36" MAXLENGTH="80" VALUE="&nbsp;Website" CLASS="formstyle" OnFocus="javascript:this.select()"><BR>
<TEXTAREA NAME="entry" ROWS="4" COLS="33" MAXLENGTH="80" CLASS="formstyle" OnFocus="javascript:this.select()">&nbsp;Message</TEXTAREA>
</FORM>
</TD>
</TR>
<TR>
<TD ALIGN="center">
<?php echo $error; ?>
</TD>
</TR>
</TABLE>

degsy
02-17-2006, 01:38 PM
<INPUT TYPE="submit" NAME="submit" VALUE="&nbsp;Send&nbsp;" CLASS="submitstyle"><




if(isset($_POST['submit']) && $_POST['submit'] == 'Submit'){


values do not match

Noumenon
02-17-2006, 02:05 PM
Fixed that. But now it disregards the if-statements and inserts everything that's posted.

degsy
02-17-2006, 02:11 PM
I would change your nested ifs and use standalone if statements with an error flag.



$err = '';

if(empty($name)){
$err .= "enter a name<br>";
}

if(empty($message)){
$err .= "enter a message";
}

if($err != ""){
//do stuff
}

Noumenon
02-17-2006, 02:27 PM
Changed it like you said. It reports right if nothing is typed into name and entry, it still inserts it though. If something is typed into name and entry it inserts it and reports that I need to enter a message.

Also, the if-statement for the Website isn't doing it's job. It still inserts an url.



if(isset($_POST['submit']) && $_POST['submit'] == 'Submit'){ //if submitted
$name = $_POST['name'];
$website = $_POST['website'];
$entry = $_POST['entry'];
$ip = $_SERVER['REMOTE_ADDR'];


$error = '';

if(empty($name) || $name == "Name" || $name == "&nbsp;Name"){
$error .= "You did not enter your name.<BR>";
}

if(empty($entry) || $entry == "Message" || $entry == "&nbsp;Message"){
$error .= "You did not enter a message.";
}

if($error != ""){
if(empty($website) || $website == "Website" || $website == "&nbsp;Website"){ //if $website is blank or either "Website" or "&nbsp:Website" insert null
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', NULL, '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
else{
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', '$website', '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
}
}

degsy
02-17-2006, 02:51 PM
That's because you are telling it to.



if(empty($website) || $website == "Website" || $website == "&nbsp;Website"){ //if $website is blank or either "Website" or "&nbsp:Website" insert null
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', NULL, '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
else{
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', '$website', '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}

That is saying that if website is blank then do this query, else do that query.

Either way you are executing the query.



if(empty($website) || $website == "Website" || $website == "&nbsp;Website"){ //if $website is blank or either "Website" or "&nbsp:Website" insert null
$website = NULL;
}

if($error != ""){
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `website`, `entry`, `date`, `ip`) VALUES ('$name', &#163;website, '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
}

Noumenon
02-17-2006, 02:54 PM
yeah but the if query is inserting NULL and the else query is inserting $website

EDIT: sorry, missed that you posted some code. Trying it now.

EDIT2: It works until you enter an URL like http://www.threedaysindarkness.com. Then this error is shown:

Error with mysql query on line 43.
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '://www.threedaysindarkness.com, '', NOW(), '87.96.137.171')' at



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum