Page 1 of 1
If Empty - Header
Posted: Thu Sep 11, 2014 5:47 pm
by donny
hello,
i have a order form process page that if someone goes to it on accident it will enter useless info in my db. i want to be able to protect this page so if one of the variables that the form posts is empty then it'll header them to another page.
Code: Select all
if (empty($_POST['name'])) {
header('Location: form.php');
}
i had this at the top of my code so if name wasn't set then it'd header them to the form so it don't execute the rest of the code and post stuff into my db but this isn't working. can someone tell me a code that'll work?
thank you
Re: If Empty - Header
Posted: Thu Sep 11, 2014 6:39 pm
by Celauran
You definitely want to address that problem with things being entered into the database like that, but that's a separate issue.
The snippet you posted looks like it should be working fine. Can you elaborate on not working? Is it not redirecting? Is it throwing an error? Both? Is the header being called before everything else? Headers need to be sent before any output, so even a blank line in an include could be tripping you up.
Re: If Empty - Header
Posted: Thu Sep 11, 2014 10:47 pm
by donny
You definitely want to address that problem with things being entered into the database like that, but that's a separate issue.
can you tell me what you mean by this? i am trying to fix the problem by doing this?
also the code above that i tried doesn't produce any error it just simply acts like its not there. if i go to the url manually it doesn't header me back to the form. it doesn't do anything
Re: If Empty - Header
Posted: Fri Sep 12, 2014 7:24 am
by Celauran
donny wrote:You definitely want to address that problem with things being entered into the database like that, but that's a separate issue.
can you tell me what you mean by this? i am trying to fix the problem by doing this?
Sounds like there's no validation on form submission. Redirecting an empty form (or a page hit with no submission at all) makes sense. It's a good idea, just not sufficient. In addition to that, you want to check that all required fields have been filled and that they have been filled with data of the expected type. If I submit an order for t-shirts and specify 'tomato' as the quantity, that shouldn't hit your DB.
donny wrote:also the code above that i tried doesn't produce any error it just simply acts like its not there. if i go to the url manually it doesn't header me back to the form. it doesn't do anything
Did you check that you have error reporting enabled? Checked that it's being executed before any output is sent to the browser?
Re: If Empty - Header
Posted: Fri Sep 12, 2014 12:26 pm
by donny
i am using a bootstrap validator on the form itself to make sure I'm getting what i want and it works just fine. i am not checking data on the processing page again if thats what you mean.
here is the top of the code I'm having trouble with
Code: Select all
<?php
session_start();
if (empty($_POST['name'])) {
header('Location: /form.php');
}
//rest of code
?>
//rest of page
i do have error reporting enabled. it just completely acts as if the code isn't there.
Re: If Empty - Header
Posted: Fri Sep 12, 2014 12:56 pm
by Celauran
I wouldn't rely solely on client-side validation; it can be disabled. Never trust user data. Have you done a var_dump of $_POST['name'] after your header block? Are you certain it's empty?
Re: If Empty - Header
Posted: Fri Sep 12, 2014 6:50 pm
by donny
you are right thats something i will work on next.
is this still a good way to send someone back to the form in this case? (accidentally go to process page)
i found out what the problem was this is a example of my code
Code: Select all
<?php
session_start();
if(empty($POST['name'])) {
header('Location: GO_TO_FORM');
exit();
}
//CODE
//ADD INFO TO DB
header('Location: GO_TO_NEXT_PAGE');
?>
i have 2 headers in the code. one was the one i was adding the if empty one that will send them back to the form.
the second one i have is for at the end of my code after it posts the data into db it sends them to the next page.
to make it work right i had to add the exit() function in. i thought the header would act as the exit here, i don't know why it still reads the rest of the code when its being told to redirect.
can i use something like this then?
Code: Select all
if(empty($_POST['name'])) {
exit(header('Location: back_to_form'));
}
any input? how would you protect the pages in my case? i have a few pages i need to protect
Re: If Empty - Header
Posted: Sat Sep 13, 2014 6:20 pm
by donny
anybody have a better way of doing this?