Form Validation Question with the (&&) operator

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Form Validation Question with the (&&) operator

Post by Heckler »

I'm creating a small validation form for a mailing list. I'm trying to verify the form using a self-referencing form. I'm trying to teach myself PHP and MySQL so it is very possible that I just don't understand something just yet, hopefully you guys can help me out.

Here's my Code:

Code: Select all

 
 
if(isset($_POST['submit'])) {
     $output_form = false;
 
$email=$_POST['email'];
$name=$_POST['name'];
$phone=$_POST['cell'];
$zip=$_POST['zip'];
 
    if(empty($name) && empty($email) && empty($phone) && empty($zip)) {
          echo 'All fields are blank. <br />'; 
          $output_form = true; 
}
    if(empty($name)) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
          echo 'Name field was left blank. <br />';
          $output_form = true;
}
//CONTINUE CHECKING FOR EMPTY VARIABLES
...
 
   if((!empty($name) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
          require("databasecon.php");
          $query = "INSERT INTO data_base (email, name, cell, zip)" . "VALUES ('$email', '$name', '$phone', '$zip')"; 
          mysqli_query($dbc, $query)
                      or die('Error. Connection could not be established.');
          require("confirmation.php");
   }
}
else{
     $output_form = true;
}
 
if($output_form) {
?>
     <form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>"?
          Name: <input id="name" type="text" size="25" maxlength="25" class="formfield" value="<?php echo $name; ?>"/><br />
          E-mail: <input id="email" type="text" size="30" maxlength="30" class="formfield" value="<?php echo $email; ?>"<br />
          Cell: <input id="cell" type="text" size="10" maxlength="10" class="formfield" value="<?php echo $cell; ?>"<br />
          Zip Code: <input id="zip" type="text" size="5" maxlength="5" class="formeidl" value="<?php echo $zip; ?>"<br />
          <input type="submit" name="submit" id="submit" value="Process" />
<?php
}
?>
 
Line 10 errors saying it expects a $ where &, but I can't make sense as to why the previous type of code I wrote doesn't throw the same error.

I realize this may not be the best way to do this. I also think the issue is with the && operator because it will tell me that all fields are empty regardless of whether or not they have anything in them. I also have an issue with making the data the user enters "sticky".

Help! :D
Last edited by Heckler on Wed Mar 24, 2010 5:26 pm, edited 3 times in total.
mikosiko
Forum Regular
Posts: 757
Joined: Wed Jan 13, 2010 7:22 pm

Re: Form Validation Question with the (&&) operator

Post by mikosiko »

Heckler wrote:....


 
    if(empty($name) && empty($email) && email($phone) && empty($zip)) {


 
are you sure of the part in red?
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Re: Form Validation Question with the (&&) operator

Post by Heckler »

mikosiko wrote:
Heckler wrote:....


 
    if(empty($name) && empty($email) && email($phone) && empty($zip)) {


 
are you sure of the part in red?
Yeah that was a typo when I was transposing it. I think I found my error though. I had:

Code: Select all

 
...&& (!empty(&zip))) { 
 
So I think I found my original issue, but how does everything else look? Is it ok that I am chaining the && operators?
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Form Validation Question with the (&&) operator

Post by flying_circus »

Heckler wrote:So I think I found my original issue, but how does everything else look? Is it ok that I am chaining the && operators?
That is one method of doing it and functionally it should work fine. It is probably one of the more difficult ways to do it in terms of readability and understanding when you come back to your code in 6 months.

I prefer something like this, which I feel is a bit cleaner

Code: Select all

<?php
  if(isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == "post") {
    $output_form = false;
    $output_errors = '';
    
    $name = (isset($_POST['name'])) ? $_POST['name'] : '';
    $email = (isset($_POST['email'])) ? $_POST['email'] : '';
    $phone = (isset($_POST['phone'])) ? $_POST['phone'] : '';
    $zip = (isset($_POST['zip'])) ? $_POST['zip'] : '';
    
    if(empty($name))
      $output_errors .= 'Name field was left blank. <br />';
      
    if(empty($email))
      $output_errors .= 'Email field was left blank. <br />';
      
    if(empty($phone))
      $output_errors .= 'Phone field was left blank. <br />';
      
    if(empty($zip))
      $output_errors .= 'Zip field was left blank. <br />';
    
    
    if(!empty($output_errors)) {
      $output_form = true;
    } else {
      require_once("databasecon.php");
      
      $query = sprintf("INSERT INTO `data_base` (`email`, `name`, `cell`, `zip`)" . "VALUES ('%s', '%s', '%s', '%s');",
                       mysqli_real_escape_string($dbc, $email),
                       mysqli_real_escape_string($dbc, $name),
                       mysqli_real_escape_string($dbc, $phone),
                       mysqli_real_escape_string($dbc, $zip));
                       
      mysqli_query($dbc, $query) or die('Error. Connection could not be established.');
      
      require_once("confirmation.php");
    }
  }
  
if($output_form) {
  print $output_errors;
?>
     <form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>"?
          Name: <input id="name" type="text" size="25" maxlength="25" class="formfield" value="<?php echo $name; ?>"/><br />
          E-mail: <input id="email" type="text" size="30" maxlength="30" class="formfield" value="<?php echo $email; ?>"<br />
          Cell: <input id="cell" type="text" size="10" maxlength="10" class="formfield" value="<?php echo $cell; ?>"<br />
          Zip Code: <input id="zip" type="text" size="5" maxlength="5" class="formeidl" value="<?php echo $zip; ?>"<br />
          <input type="submit" name="submit" id="submit" value="Process" />
<?php
}
?>
Also, don't forget to escape your data before transferring it to another medium (inserting into the database, in this case).
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Re: Form Validation Question with the (&&) operator

Post by Heckler »

Thanks a ton circus.

What exactly do you mean when you say escape?

I'm assuming the close connection command, which I can't remember off the top of my head. Something like mysqli_close($dbc, $query)
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Form Validation Question with the (&&) operator

Post by flying_circus »

Heckler wrote:What exactly do you mean when you say escape?
See the mysqli_real_escape_string() function in the code I posted :)

Using that function will escape all characters that have special meaning to MySQL, so that the results you get are the results you expect, when running a query.

If you are interested in the subject, you can find loads of information by using google to search for SQL Injection. Properly escaping your data will mitigate the risk of a sql injection attack.
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Re: Form Validation Question with the (&&) operator

Post by Heckler »

Oh wow. I must be blind. Thanks again Circus. I'm going to read up on the subject.
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Re: Form Validation Question with the (&&) operator

Post by Heckler »

Ok. I've got the kinks worked out only to find another. I figured it down to the form not passing the information to the variables in the "PULL DATA FROM FORM AND ASSIGN VAR" section; however, I can't figure out why.

Also I'm going to rewrite your (circus) way. It is much cleaner. But I'm still learning and I don't fully understand everything you've done in that specific code. So i'd like to figure out what i'm doing wrong here. Any help is appreciated.

Code: Select all

 
if (isset($_POST['submit'])) {
    
    //PULL DATA FROM FORM AND ASSIGN VARIABLE
    $email=$_POST['email'];
    $name=$_POST['name'];
    $phone=$_POST['cell'];
    $zip=$_POST['zip'];
    //CREATE VAR FOR CHECKING IF FORM NEEDS TO BE DISPLAYED.
    $output_form = false;   
    //CHECK AND SEE IF ALL FIELDS ARE EMPTY
    if ((empty($name)) && (empty($email)) && (empty($phone)) && (empty($zip))) {
                            echo 'All fields are blank.';
                            $output_form = true;
    }
    if ((empty($name)) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
                            echo 'Name field was left blank. <br />';
                            $output_form = true;
    }
    if ((!empty($name)) && (empty($email)) && (!empty($phone)) && (!empty($zip))) {
                            echo 'E-mail field was left blank. <br />';
                            $output_form = true;                            
    }
    if ((!empty($name)) && (!empty($email)) && (empty($phone)) && (!empty($zip))) {
                            echo 'Phone field was left blank. <br />';
                            $output_form = true;
    }
    if ((!empty($name)) && (!empty($email)) && (!empty($phone)) && (empty($zip))) {
                            echo 'Zipcode field was left blank. <br />';
                            $output_form = true;
    }
    
    if ((!empty($name)) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
            //CONNECT TO DATABASE
            require("databascon.php");
            $query = "INSERT INTO adv_db(email, name, cell, zip)" . "VALUES ('$email', '$name', '$cell', '$zip')";                                      
            mysqli_query($dbc, $query)
                    or die('Error. Connection could not established.'); 
            //SHOW CONFIRMATION PAGE                    
            require("thankyou.php");
        }
}
 
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Re: Form Validation Question with the (&&) operator

Post by Heckler »

BUMP!

Still can't figure it out. I had my isset checking "submit" but my submit button value was "process" so I changed that but still nothing. Can anyone point me in a direction?

I should mention no matter what it displays "All fields are blank." I can't get the variables from the form to assign to a variable and thus they are not "sticky" either.

To my newbie eyes it looks like it should work. Clearly there is something I don't understand.
Heckler
Forum Newbie
Posts: 7
Joined: Wed Mar 24, 2010 12:09 pm

Re: Form Validation Question with the (&&) operator

Post by Heckler »

I think if found it. I have the form names as ID= and not Name=

I think that is my issue :D
amainejr
Forum Newbie
Posts: 1
Joined: Fri Mar 26, 2010 1:51 pm

Re: Form Validation Question with the (&&) operator

Post by amainejr »

Why not instead of using

Code: Select all

 
if (isset($_POST['submit']))
 
use

Code: Select all

 
if ($_POST)
 
I'm a newbie to PHP, so i'm not real strong with the workings of it, but I do have a C++ and Java background. That seems to work for me, but I haven't even finished my book yet, so don't flame me if there's a security issue there or something.
Post Reply