Page 1 of 1
Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 3:55 pm
by Heckler
I'm creating a small validation form for a mailing list. I'm trying to verify the form using a self-referencing form. I'm trying to teach myself PHP and MySQL so it is very possible that I just don't understand something just yet, hopefully you guys can help me out.
Here's my Code:
Code: Select all
if(isset($_POST['submit'])) {
$output_form = false;
$email=$_POST['email'];
$name=$_POST['name'];
$phone=$_POST['cell'];
$zip=$_POST['zip'];
if(empty($name) && empty($email) && empty($phone) && empty($zip)) {
echo 'All fields are blank. <br />';
$output_form = true;
}
if(empty($name)) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
echo 'Name field was left blank. <br />';
$output_form = true;
}
//CONTINUE CHECKING FOR EMPTY VARIABLES
...
if((!empty($name) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
require("databasecon.php");
$query = "INSERT INTO data_base (email, name, cell, zip)" . "VALUES ('$email', '$name', '$phone', '$zip')";
mysqli_query($dbc, $query)
or die('Error. Connection could not be established.');
require("confirmation.php");
}
}
else{
$output_form = true;
}
if($output_form) {
?>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>"?
Name: <input id="name" type="text" size="25" maxlength="25" class="formfield" value="<?php echo $name; ?>"/><br />
E-mail: <input id="email" type="text" size="30" maxlength="30" class="formfield" value="<?php echo $email; ?>"<br />
Cell: <input id="cell" type="text" size="10" maxlength="10" class="formfield" value="<?php echo $cell; ?>"<br />
Zip Code: <input id="zip" type="text" size="5" maxlength="5" class="formeidl" value="<?php echo $zip; ?>"<br />
<input type="submit" name="submit" id="submit" value="Process" />
<?php
}
?>
Line 10 errors saying it expects a $ where &, but I can't make sense as to why the previous type of code I wrote doesn't throw the same error.
I realize this may not be the best way to do this. I also think the issue is with the && operator because it will tell me that all fields are empty regardless of whether or not they have anything in them. I also have an issue with making the data the user enters "sticky".
Help!

Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 4:12 pm
by mikosiko
Heckler wrote:....
if(empty($name) && empty($email) && email($phone) && empty($zip)) {
are you sure of the part in red?
Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 4:23 pm
by Heckler
mikosiko wrote:Heckler wrote:....
if(empty($name) && empty($email) && email($phone) && empty($zip)) {
are you sure of the part in red?
Yeah that was a typo when I was transposing it. I think I found my error though. I had:
So I think I found my original issue, but how does everything else look? Is it ok that I am chaining the && operators?
Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 4:32 pm
by flying_circus
Heckler wrote:So I think I found my original issue, but how does everything else look? Is it ok that I am chaining the && operators?
That is one method of doing it and functionally it should work fine. It is probably one of the more difficult ways to do it in terms of readability and understanding when you come back to your code in 6 months.
I prefer something like this, which I feel is a bit cleaner
Code: Select all
<?php
if(isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == "post") {
$output_form = false;
$output_errors = '';
$name = (isset($_POST['name'])) ? $_POST['name'] : '';
$email = (isset($_POST['email'])) ? $_POST['email'] : '';
$phone = (isset($_POST['phone'])) ? $_POST['phone'] : '';
$zip = (isset($_POST['zip'])) ? $_POST['zip'] : '';
if(empty($name))
$output_errors .= 'Name field was left blank. <br />';
if(empty($email))
$output_errors .= 'Email field was left blank. <br />';
if(empty($phone))
$output_errors .= 'Phone field was left blank. <br />';
if(empty($zip))
$output_errors .= 'Zip field was left blank. <br />';
if(!empty($output_errors)) {
$output_form = true;
} else {
require_once("databasecon.php");
$query = sprintf("INSERT INTO `data_base` (`email`, `name`, `cell`, `zip`)" . "VALUES ('%s', '%s', '%s', '%s');",
mysqli_real_escape_string($dbc, $email),
mysqli_real_escape_string($dbc, $name),
mysqli_real_escape_string($dbc, $phone),
mysqli_real_escape_string($dbc, $zip));
mysqli_query($dbc, $query) or die('Error. Connection could not be established.');
require_once("confirmation.php");
}
}
if($output_form) {
print $output_errors;
?>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>"?
Name: <input id="name" type="text" size="25" maxlength="25" class="formfield" value="<?php echo $name; ?>"/><br />
E-mail: <input id="email" type="text" size="30" maxlength="30" class="formfield" value="<?php echo $email; ?>"<br />
Cell: <input id="cell" type="text" size="10" maxlength="10" class="formfield" value="<?php echo $cell; ?>"<br />
Zip Code: <input id="zip" type="text" size="5" maxlength="5" class="formeidl" value="<?php echo $zip; ?>"<br />
<input type="submit" name="submit" id="submit" value="Process" />
<?php
}
?>
Also, don't forget to escape your data before transferring it to another medium (inserting into the database, in this case).
Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 4:50 pm
by Heckler
Thanks a ton circus.
What exactly do you mean when you say escape?
I'm assuming the close connection command, which I can't remember off the top of my head. Something like mysqli_close($dbc, $query)
Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 5:28 pm
by flying_circus
Heckler wrote:What exactly do you mean when you say escape?
See the mysqli_real_escape_string() function in the code I posted
Using that function will escape all characters that have special meaning to MySQL, so that the results you get are the results you expect, when running a query.
If you are interested in the subject, you can find loads of information by using google to search for SQL Injection. Properly escaping your data will mitigate the risk of a sql injection attack.
Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 7:22 pm
by Heckler
Oh wow. I must be blind. Thanks again Circus. I'm going to read up on the subject.
Re: Form Validation Question with the (&&) operator
Posted: Wed Mar 24, 2010 8:09 pm
by Heckler
Ok. I've got the kinks worked out only to find another. I figured it down to the form not passing the information to the variables in the "PULL DATA FROM FORM AND ASSIGN VAR" section; however, I can't figure out why.
Also I'm going to rewrite your (circus) way. It is much cleaner. But I'm still learning and I don't fully understand everything you've done in that specific code. So i'd like to figure out what i'm doing wrong here. Any help is appreciated.
Code: Select all
if (isset($_POST['submit'])) {
//PULL DATA FROM FORM AND ASSIGN VARIABLE
$email=$_POST['email'];
$name=$_POST['name'];
$phone=$_POST['cell'];
$zip=$_POST['zip'];
//CREATE VAR FOR CHECKING IF FORM NEEDS TO BE DISPLAYED.
$output_form = false;
//CHECK AND SEE IF ALL FIELDS ARE EMPTY
if ((empty($name)) && (empty($email)) && (empty($phone)) && (empty($zip))) {
echo 'All fields are blank.';
$output_form = true;
}
if ((empty($name)) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
echo 'Name field was left blank. <br />';
$output_form = true;
}
if ((!empty($name)) && (empty($email)) && (!empty($phone)) && (!empty($zip))) {
echo 'E-mail field was left blank. <br />';
$output_form = true;
}
if ((!empty($name)) && (!empty($email)) && (empty($phone)) && (!empty($zip))) {
echo 'Phone field was left blank. <br />';
$output_form = true;
}
if ((!empty($name)) && (!empty($email)) && (!empty($phone)) && (empty($zip))) {
echo 'Zipcode field was left blank. <br />';
$output_form = true;
}
if ((!empty($name)) && (!empty($email)) && (!empty($phone)) && (!empty($zip))) {
//CONNECT TO DATABASE
require("databascon.php");
$query = "INSERT INTO adv_db(email, name, cell, zip)" . "VALUES ('$email', '$name', '$cell', '$zip')";
mysqli_query($dbc, $query)
or die('Error. Connection could not established.');
//SHOW CONFIRMATION PAGE
require("thankyou.php");
}
}
Re: Form Validation Question with the (&&) operator
Posted: Thu Mar 25, 2010 2:12 pm
by Heckler
BUMP!
Still can't figure it out. I had my isset checking "submit" but my submit button value was "process" so I changed that but still nothing. Can anyone point me in a direction?
I should mention no matter what it displays "All fields are blank." I can't get the variables from the form to assign to a variable and thus they are not "sticky" either.
To my newbie eyes it looks like it should work. Clearly there is something I don't understand.
Re: Form Validation Question with the (&&) operator
Posted: Thu Mar 25, 2010 2:26 pm
by Heckler
I think if found it. I have the form names as ID= and not Name=
I think that is my issue

Re: Form Validation Question with the (&&) operator
Posted: Fri Mar 26, 2010 1:55 pm
by amainejr
Why not instead of using
use
I'm a newbie to PHP, so i'm not real strong with the workings of it, but I do have a C++ and Java background. That seems to work for me, but I haven't even finished my book yet, so don't flame me if there's a security issue there or something.