Page 1 of 1

Form validation

Posted: Thu Aug 23, 2007 3:23 am
by kkonline
Below is the extract of a validation script

If no title is typed then it gives the desired message "fill your title properly." but for content validation even if no content is submitted it does not echo the message but continues to the next part of the script

Code: Select all

//validation for next field

	      if(isset($_POST['title']))//title field is set
			  {
			   $n = $_POST['title'];
			   if (strlen($n) > 0 && strlen($n) < 61) //valid and sql friendly name now in $name
			     {
	$title = trim(mysql_real_escape_string($_POST['title']));
                       }
			   else {
			     // $n is not valid
                     echo "fill your title properly.";
$fault++;
				exit;
			        }
                   } 	
			else {
				//name not set
			   echo "you left the title field blank.";
$fault++;	
			exit;
			     } 	

//validation for next field
	      if(isset($_POST['content']))//content  field is set
			  {
			   	$content = trim(mysql_real_escape_string($_POST['content']));

                   } 	
			else {
				//name not set
			   echo "left the content field blank.";
$fault++;
				exit;
			     }

Posted: Thu Aug 23, 2007 3:39 am
by Defkon1
i think that's because post variable from html forms are always created (except in case of checkboxes)... so isset() will be always TRUE, but with empty value...

Posted: Thu Aug 23, 2007 5:37 am
by Steve Mellor
Defkon1 wrote:i think that's because post variable from html forms are always created (except in case of checkboxes)... so isset() will be always TRUE, but with empty value...
That's right.

Try this instead, set a variable when the form is submitted, lets call it $query.

Code: Select all

$query = '';
Then perform your tests so, for the first one

Code: Select all

if($_POST['title'] == ''){
     $query .= 'you left the title field blank. '; 
}
notice the space after the sentance. Also I am at a loss to remember if it should be $query .= or $query =. which is what happens when I don't sleep well.

Ok, so keep cycling through your validation rules until you get to the end and then you need a simple script to check if the form is valid:

Code: Select all

if($query != ''){
     // Put your actions here for an invalid form
}else{
     // Process the form
}
I tend to do it in both PHP and Javascript since you get a better level of user feedback with Javascript. It gives you the option of changing the colour of field names that are wrong and only having to submit the form once.

Posted: Thu Aug 23, 2007 5:42 am
by aceconcepts
The empty function is always rather useful too.

Code: Select all

if(empty($var))
{
      //SET ERROR
} else
      //VALIDATE VAR VALUE
}

Posted: Thu Aug 23, 2007 5:45 am
by kkonline
another simple solution would be to use

Code: Select all

if(strlen($_POST["content"]) > 0)
instead of

Code: Select all

if(isset($_POST['content']))/php]

Posted: Thu Aug 23, 2007 5:48 am
by Steve Mellor
aceconcepts wrote:The empty function is always rather useful too.

Code: Select all

if(empty($var))
{
      //SET ERROR
} else { // (Edited for accuracy)
      //VALIDATE VAR VALUE
}
Yeah, that works too, rather well in fact. :wink:

Posted: Thu Aug 23, 2007 7:56 am
by aceconcepts
Thanks for the edit "{". I'm so blind 8)