Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Nov 2007
    Posts
    144
    Thanks
    64
    Thanked 0 Times in 0 Posts

    If statement is getting processed and I don't know why.

    Newbie problem!!

    An if statement in my code is getting processed and I can't figure out why.

    The form comes up and even if the there's no data entered, I can still submit the form to the mysql database.

    Here's my code:

    PHP Code:
    <?php
    include 'header.php';
    include 
    'sidebar.php';

    if(isset(
    $_POST['addcontact'])) {
      
    $errors = array();
      
      if(!isset(
    $_POST['firstname'])) {
      echo 
    strlen($_POST['firstname']);
        
    $errors[] = 'Please enter a first name.';
      }
    /////////////// THIS is the if statement that's saying all is ok - Basically I want it to only submit to the database if there's a phone number or email address or both entered.
      
    if(isset($_POST['mobile']) || isset($_POST['homephone']) || isset($_POST['workphone']) || isset($_POST['homephone']) || isset($_POST['email'])) {
        
    $sql "INSERT INTO addressbook (firstname,lastname,address1,address2,city,postcode,region,country,home,mobile,work,fax,email,website,dob,comments) VALUES ( '$_POST[firstname]', '$_POST[lastname]', '$_POST[address1]', '$_POST[address2]', '$_POST[city]', '$_POST[postcode]', '$_POST[region]', '$_POST[country]','$_POST[homephone]','$_POST[mobile]','$_POST[workphone]','$_POST[fax]','$_POST[email]','$_POST[website]','$_POST[dob]','$_POST[comments]')";
        
    $result mysql_query($sql);
      
    ?>
      <h1>Successfully submitted new contact!</h1>
        
      
      <?php
      
    }
      else {
        
    $errors[] = 'Please enter some way of contacting the person';
      }

      
      if(empty(
    $errors)) {
      }
      else {
        echo 
    '<h1>Error:</h1>The following error(s) ocurred:<br />';
        foreach (
    $errors as $msg) {
          echo 
    " - $msg<br />\n";
        }
      }




    }
    else {
      include 
    'addcontact.inc.php';
    }
    include 
    'footer.php';
    ?>

  • #2
    Regular Coder
    Join Date
    Apr 2003
    Location
    Montreal, QC
    Posts
    340
    Thanks
    3
    Thanked 2 Times in 2 Posts
    Correct me if I'm wrong, but here's how I understand your problem:
    1) You load up the web page with the form in it
    2) You enter nothing in the form
    3) You submit the blank form and the info is saved in the DB even though you didn't enter anything

    Correct?


    If so, I think it's because you're only checking that the variables are set, not that they actually contain anything.

    isset($_POST['varname']) will return true even if $_POST['varname'] contains an empty string or null. This is because when you submitted the form the browser POSTed all of the form fields, even if they are empty. (Actually - there is an exception for checkboxes, but that's another story).

    What I do is check both that the POST variable is set, ( isset($_POST['varname']) ), and I check for an expected value, usually just by checking that the strlen() is greater than 0 - or for a phone number that it's greater than the minimum length of the phone number I'm expecting.


    So, if I was writing it, your IF right before you execute the query would look like this:
    PHP Code:
    if((isset($_POST['mobile']) && strlen($_POST['mobile']) >= 10) || (isset($_POST['homephone']) && strlen($_POST['homephone']) >= 10) || (isset($_POST['workphone']) && strlen($_POST['workphone']) >= 10) || (isset($_POST['email']) && strlen($_POST['email']) > 0)) { 
    If you want to go farther you can check to see if the E-mail address is formatted correctly using a Regular Expression, but if you just want to avoid empty rows in your table the code above will do it.
    Search for Laughter or Just Search?
    GiggleSearch.org
    Blog: www.johnbeales.com
    All About Ballet: www.the-ballet.com

  • #3
    Banned
    Join Date
    Apr 2007
    Posts
    428
    Thanks
    29
    Thanked 5 Times in 5 Posts
    people use SPACE, i think character for space is &bnsp; i'm not sure, maybe it becomes space. make sure that there at least some characters in field with preg_match or similar, and some smart regular expresion. can find many already writen in javascript, then it's easy to turn them to PHP...

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by matak View Post
    i think character for space is &bnsp;
    The HTML character code for space is &nbsp; (non-breaking space).

  • #5
    Regular Coder
    Join Date
    Nov 2007
    Posts
    144
    Thanks
    64
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by johnnyb View Post
    isset($_POST['varname']) will return true even if $_POST['varname'] contains an empty string or null. This is because when you submitted the form the browser POSTed all of the form fields, even if they are empty.
    That's all I needed.. thanks a lot. That's motivated me to set up some form validation

    Thanks a lot JohnnyB


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •