To give myself tighter control over error messages during form handling I thought it might be best if I were to create an array and use array_push() every time my conditionals found an array and then later use a loop to echo an unordered list of errors.
The issue that I am finding is that my conditional echos an unordered list anyway, which must mean that my conditional (whether any error messages were sent to the arrays) are coming up positive when I don't want them to. I have tried both count() and isset() on the
php_errors and / or
php_success arrays. Here is my code (count() conditionals about 2/3 the way down):
PHP Code:
<?php
ob_start();
session_start();
include ($_SERVER["DOCUMENT_ROOT"] . '/includes/config.inc.php');
require (MYSQL);
$username = $_SESSION['username'];
$page_title = $username . ' User Settings';
$page_author = 'Dataconia,' . $username;
$page_description = 'Dataconia user settings for' . $username;
$page_keywords = 'Dataconia, settings, user,' . $username;
include ($_SERVER["DOCUMENT_ROOT"] . '/includes/header.html');
$php_errors[] = null;
$php_success[] = null;
$fn = $ln = $p = false;
echo '<h2>' . $username . ' User Settings</h2>';
if (isset($_SESSION['username'])) {
$user_settings_query = "SELECT * FROM users WHERE username = '$username'";
$query_results = mysqli_query($dbc, $user_settings_query);
$num = mysqli_num_rows ($query_results);
$row = mysqli_fetch_array($query_results, MYSQLI_ASSOC) or trigger_error("Query: $user_settings_query\n<br />MySQL Error: ". mysqli_error($dbc));
if ($num == 1) {
if (isset($_POST['submitted'])){
$trimmed = array_map('trim', $_POST);
if(strlen($trimmed['first_name']) <=30 && preg_match('/^[A-Z \'.-]{2,30}$/i', $trimmed['first_name'])){
$fn = mysqli_real_escape_string($dbc, $trimmed['first_name']);
$first_name_query = "UPDATE users SET first_name = '$fn'";
$first_name_results = mysqli_query($dbc, $first_name_query) or trigger_error("Query $first_name_query\n<br />MySQL Error:"
. mysqli_error($dbc));
if (mysqli_affected_rows($dbc) == 1) {array_push($php_sucess, 'Your first name has been updated');}
else {array_push($php_errors, 'Sorry but your first name was unable to be updated.');}
}
else { //if first name was greater than 30 characters long
array_push($php_errors, 'Please enter a first name that is 30 characters long or less.');
}
if (strlen($trimmed['last_name']) <=30 && preg_match ('/^[A-Z \'.-]{2,30}$/i', $trimmed['last_name'])){
$ln = mysqli_real_escape_string($dbc, $trimmed['last_name']);
$last_name_query = "UPDATE users SET last_name ='$ln'";
$last_name_results = mysqli_query($dbc, $last_name_query) or trigger_error("Query $last_name_query\n<br />MySQL Error:"
. mysqli_error($dbc));
if (mysqli_affected_rows($dbc) == 1){array_push($php_success, 'Your last name has been updated.');}
else {array_push($php_errors, 'Sorry but your last name was unable to be updated.');}
}
else {// if last name is not under 30 characters
array_push($php_errors, 'Please enter a last name that is 30 characters long or less.');
}
if (isset($trimmed['password1']) && preg_match ('/^\w{4,20}$/', $trimmed['password1']) )
{
if ($trimmed['password1'] == $trimmed['password2']) //preg_match conditional start
{ $p = mysqli_real_escape_string ($dbc, $trimmed['password1']);
$password_query = "UPDATE users SET pass = SHA1('$p')";
$password_results = mysqli_query ($dbc, $password_query) or trigger_error("Query: $password_query\n<br />MySQL Error: " . mysqli_error($dbc));
if(mysqli_affected_rows($dbc) == 1) {array_push($php_success, 'Your password has been updated.');}
else {array_push($php_errors, 'Sorry but your password was not updated correctly. Please try again.');}
} //trimmed match start
else {array_push($php_errors, 'Your password did not match the confirmed password.'); }
}
else { array_push($php_errors, 'Please enter a valid password.'); }
}
} //end of existence of 1 row for user info
else { // if information was not loaded correctly (eg not able to load info from session username
array_push($php_errors, 'Your information could not be loaded at this time. Please try again later.');
}
}
else { // if session username is not equal to _get['username']
array_push($php_errors, 'You are not logged in or have accessed this page incorrectly. Please try again later.');
}
if (count($php_errors) >= 1){echo '<ul class="errors">';
foreach ($php_errors AS &$pe) {
echo '<li>' . $pe . '</li>';
}
echo '</ul>';
}
if (count($php_success) >= 1){ echo '<ul class="errors">';
foreach ($php_success AS &$ps) {
echo '<li>' . $ps . '</li>';
}
} echo '</ul>';
echo '<form action="user_settings.php" method="post" style="padding:0 0 0 20px;">';
echo '<p>Your current information:<br /></p>
<table>
<tr><td class="form_left" style="text-align:right;">First Name:</td><td class="form_right" style="text-align:left;">
<input type="text" name="first_name" size="25" maxlength="50" value="';
if (isset($row['first_name'])) {echo $row['first_name'];}
echo '" /></td></tr><tr><td class="form_left">Last Name:</td><td class="form_right"><input type="text" name="last_name" size="25" maxlength="50" value="';
if (isset($row['last_name'])) {echo $row['last_name'];}
echo '" /></td></tr><tr><td class="form_left">Password: </td><td class="form_right">
<input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters, numbers, and the underscore.
Must be between 4 and 20 characters long.</small></td></tr>
<tr><td class="form_left"> Confirm Password: </td><td class="form_right">
<input type="password" name="password2" size="20" maxlength="20" /> <small>Use only letters, numbers, and the underscore.
Must be between 4 and 20 characters long.</small></td></tr>
<tr><td class="form_left"> Country: </td><td class="form_right"><select name="country" maxlength="70">';
$countries_rows = false;
$countries_query = 'SELECT country FROM countries LIMIT 300';
$countries_results = mysqli_query($dbc, $countries_query) or trigger_error("Query: $countries_query\n<br />MySQL Error: " . $mysqli_error($dbc));
echo '<option value="...">...</option>';
while ($r = mysqli_fetch_array($countries_results)){
if ($row['country'] == $r['country']){
echo '<option value="' . $r['country'] . '" selected="selected">' . $r['country'] . '</option>';
}
else {
echo '<option value="' . $r['country'] . '">' . $r['country'] . '</option>';
}
} //end of while
echo '</select></td></tr></table>
<p><input type="submit" name="submit" value="Save" /></p>
<input type="hidden"
<input type="hidden" name="submitted" value="TRUE" />
</form>
</div>';
mysqli_close($dbc);
include ($_SERVER["DOCUMENT_ROOT"] . '/includes/footer.html');
?>
I just need to find a way for a conditional to only be triggered if I give a value to the php_errors or php_success arrays.
Before you post, read our: 
