PHP check that form value is not blank

Hi Experts,

I have the following attached code, it already checks for malicious characters but whats the easiest way to check that a field has not been left blank and if so to identify the field to the user?

Many Thanks,
Dean.
if(!empty($_POST) && isset($_POST))
{
	//make variables safe to insert
  $id = mysql_real_escape_string($_POST['id']);
  $Forename = mysql_real_escape_string($_POST['Forename']);
	$Surname = mysql_real_escape_string($_POST['Surname']);
	$Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
	$Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
	$RoomNo = mysql_real_escape_string($_POST['RoomNo']);
	$Tel = mysql_real_escape_string($_POST['Tel']);

	//query to insert data into table
	$sql = "
		INSERT INTO bookings
		SET
		id = '$id',
		Forename = '$Forename',
		Surname = '$Surname',
		Arrival_Date = '$Arrival_Date',
		Departure_Date = '$Departure_Date',
		RoomNo = '$RoomNo',
		Tel = '$Tel'";
	$result = mysql_query($sql);
	if(!$result)
	{
		echo "Failed to insert record<br>Please Ensure booking does not currently exist";
	}
	else
	{
		echo "Record inserted successfully";
	}
}
?>

Open in new window

deanlee17Asked:
Who is Participating?
 
Lukasz ChmielewskiConnect With a Mentor Commented:
Yes, that's right, my bad

$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

//NOTE: MAKE SURE YOU DO YOUR OWN APPROPRIATE SERVERSIDE ERROR CHECKING HERE!!!
if(!empty($_POST) && isset($_POST))
{
    $emptyvariables = false;

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
                echo"Please insert $key<br />";
                $emptyvariables = true;
                }
        }
    }
    
    if($emptyvariables == false){
    


        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
            
            echo"$query";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}



?>

<table width="300" border="1">
	<tr>
		<td><b>ID</b></td>
		<td><b>Forename</b></td>
		<td><b>Surname</b></td>
		<td><b>Arrival_Date</b></td>
		<td><b>Departure_Date</b></td>
		<td><b>RoomNo</b></td>
		<td><b>Tel</b></td>
	</tr>
	<?
	//show data from tables
	$sql = "
		SELECT *
		FROM bookings
		ORDER BY ID ASC
		LIMIT 20";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	//print data
	?>
	<tr>
		<td><? echo $row['id']; ?></td>
		<td><? echo $row['Forename']; ?></td>
		<td><? echo $row['Surname']; ?></td>
		<td><? echo $row['Arrival_Date']; ?></td>
		<td><? echo $row['Departure_Date']; ?></td>
		<td><? echo $row['RoomNo']; ?></td>
		<td><? echo $row['Tel']; ?></td>
	</tr>
	<?
	}
	?>
</table>

Open in new window

0
 
deanlee17Author Commented:
Below is an attempt, but if ID and Forename are both empty then the echo only says "Please insert ID." I want it to flag up all missing fields.
if(!$id)
	{
		echo "Please insert ID<br>";
	}
	elseif(!$Forename)
	{
		echo "Please Enter Forename<br>";
	}
	else
	{
		
	
	// end test
	
	//query to insert data into table
	$sql = "
		INSERT INTO bookings
		SET
		id = '$id',
		Forename = '$Forename',
		Surname = '$Surname',
		Arrival_Date = '$Arrival_Date',
		Departure_Date = '$Departure_Date',
		RoomNo = '$RoomNo',
		Tel = '$Tel'";
	$result = mysql_query($sql);
	if(!$result)
	{
		echo "Failed to insert record<br>Please Ensure booking does not currently exist";
	}
	else
	{
		echo "Record inserted successfully";
	}
}
}

Open in new window

0
 
Lukasz ChmielewskiCommented:
You can try
if(!$id){echo "Please insert ID<br>";}
if(!$Forename){echo "Please Enter Forename<br>";}
and so on (not using elseif but simple if)
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
deanlee17Author Commented:
Hi Roads,

That seems to work for the error message. Is there any better way to loop through the vaiables rather than just having....

if(!$id)
 {
    echo "Please insert ID<br>";
 }
if(!$Forename)
 {
    echo "Please Enter Forename<br>";
  }

etc etc

Thanks,
Dean.
0
 
Lukasz ChmielewskiCommented:
A simple example:
<?php
    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }
?>

<form action="#" method="post">
    <input type="text" name="var1" /> var1<br />
    <input type="text" name="var2" /> var2<br />
    <input type="text" name="var3" /> var3<br />
    <input type="submit" value="send" />
</form>

Open in new window

0
 
Lukasz ChmielewskiCommented:
Oh, allright then :) This would the code look like I guess (not tested)

<?php

if(!empty($_POST) && isset($_POST))
{

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }else{

        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}


?>

Open in new window


0
 
deanlee17Author Commented:
haha thanks roads. Would that display all empty fields?
0
 
Lukasz ChmielewskiCommented:
Yes, it should - test it.
0
 
deanlee17Author Commented:
Hmm error checking is working well. But it now wont insert a genuine record.

See code attached.

Thanks for your help so far
<?


$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

//NOTE: MAKE SURE YOU DO YOUR OWN APPROPRIATE SERVERSIDE ERROR CHECKING HERE!!!
if(!empty($_POST) && isset($_POST))
{

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }else{

        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}



?>

<table width="300" border="1">
	<tr>
		<td><b>ID</b></td>
		<td><b>Forename</b></td>
		<td><b>Surname</b></td>
		<td><b>Arrival_Date</b></td>
		<td><b>Departure_Date</b></td>
		<td><b>RoomNo</b></td>
		<td><b>Tel</b></td>
	</tr>
	<?
	//show data from tables
	$sql = "
		SELECT *
		FROM bookings
		ORDER BY ID ASC
		LIMIT 20";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	//print data
	?>
	<tr>
		<td><? echo $row['id']; ?></td>
		<td><? echo $row['Forename']; ?></td>
		<td><? echo $row['Surname']; ?></td>
		<td><? echo $row['Arrival_Date']; ?></td>
		<td><? echo $row['Departure_Date']; ?></td>
		<td><? echo $row['RoomNo']; ?></td>
		<td><? echo $row['Tel']; ?></td>
	</tr>
	<?
	}
	?>
</table>

Open in new window

0
 
deanlee17Author Commented:
Ok, it now trys to insert but fails everytime, we hit the echo "Failed to insert record<br>Please Ensure booking does not currently exist";

Many Thanks :)
0
 
deanlee17Author Commented:
0
 
deanlee17Author Commented:
Nope ignore that! It works.

Could you just describe how these 2 lines work and then we are done :)

  foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
0
 
Lukasz ChmielewskiCommented:
Is there any identity column in the database ? Isn't id a primary unique key ?
0
 
deanlee17Author Commented:
See my post above :)
0
 
Lukasz ChmielewskiCommented:
:)
POST is an array of key -> value, key is the name of the input field, value is its value, you can see it clearly, when you put print_r($_POST); just before that:

  foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
0
 
deanlee17Author Commented:
Excellent. Thanks for all the help.
0
 
Lukasz ChmielewskiCommented:
No problem
0
All Courses

From novice to tech pro — start learning today.