[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PHP check that form value is not blank

Posted on 2011-03-04
17
Medium Priority
?
320 Views
Last Modified: 2012-05-11
Hi Experts,

I have the following attached code, it already checks for malicious characters but whats the easiest way to check that a field has not been left blank and if so to identify the field to the user?

Many Thanks,
Dean.
if(!empty($_POST) && isset($_POST))
{
	//make variables safe to insert
  $id = mysql_real_escape_string($_POST['id']);
  $Forename = mysql_real_escape_string($_POST['Forename']);
	$Surname = mysql_real_escape_string($_POST['Surname']);
	$Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
	$Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
	$RoomNo = mysql_real_escape_string($_POST['RoomNo']);
	$Tel = mysql_real_escape_string($_POST['Tel']);

	//query to insert data into table
	$sql = "
		INSERT INTO bookings
		SET
		id = '$id',
		Forename = '$Forename',
		Surname = '$Surname',
		Arrival_Date = '$Arrival_Date',
		Departure_Date = '$Departure_Date',
		RoomNo = '$RoomNo',
		Tel = '$Tel'";
	$result = mysql_query($sql);
	if(!$result)
	{
		echo "Failed to insert record<br>Please Ensure booking does not currently exist";
	}
	else
	{
		echo "Record inserted successfully";
	}
}
?>

Open in new window

0
Comment
Question by:deanlee17
  • 9
  • 8
17 Comments
 

Author Comment

by:deanlee17
ID: 35034411
Below is an attempt, but if ID and Forename are both empty then the echo only says "Please insert ID." I want it to flag up all missing fields.
if(!$id)
	{
		echo "Please insert ID<br>";
	}
	elseif(!$Forename)
	{
		echo "Please Enter Forename<br>";
	}
	else
	{
		
	
	// end test
	
	//query to insert data into table
	$sql = "
		INSERT INTO bookings
		SET
		id = '$id',
		Forename = '$Forename',
		Surname = '$Surname',
		Arrival_Date = '$Arrival_Date',
		Departure_Date = '$Departure_Date',
		RoomNo = '$RoomNo',
		Tel = '$Tel'";
	$result = mysql_query($sql);
	if(!$result)
	{
		echo "Failed to insert record<br>Please Ensure booking does not currently exist";
	}
	else
	{
		echo "Record inserted successfully";
	}
}
}

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034442
You can try
if(!$id){echo "Please insert ID<br>";}
if(!$Forename){echo "Please Enter Forename<br>";}
and so on (not using elseif but simple if)
0
 

Author Comment

by:deanlee17
ID: 35034531
Hi Roads,

That seems to work for the error message. Is there any better way to loop through the vaiables rather than just having....

if(!$id)
 {
    echo "Please insert ID<br>";
 }
if(!$Forename)
 {
    echo "Please Enter Forename<br>";
  }

etc etc

Thanks,
Dean.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034723
A simple example:
<?php
    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }
?>

<form action="#" method="post">
    <input type="text" name="var1" /> var1<br />
    <input type="text" name="var2" /> var2<br />
    <input type="text" name="var3" /> var3<br />
    <input type="submit" value="send" />
</form>

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034730
Oh, allright then :) This would the code look like I guess (not tested)

<?php

if(!empty($_POST) && isset($_POST))
{

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }else{

        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}


?>

Open in new window


0
 

Author Comment

by:deanlee17
ID: 35034809
haha thanks roads. Would that display all empty fields?
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034887
Yes, it should - test it.
0
 

Author Comment

by:deanlee17
ID: 35034916
Hmm error checking is working well. But it now wont insert a genuine record.

See code attached.

Thanks for your help so far
<?


$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

//NOTE: MAKE SURE YOU DO YOUR OWN APPROPRIATE SERVERSIDE ERROR CHECKING HERE!!!
if(!empty($_POST) && isset($_POST))
{

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }else{

        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}



?>

<table width="300" border="1">
	<tr>
		<td><b>ID</b></td>
		<td><b>Forename</b></td>
		<td><b>Surname</b></td>
		<td><b>Arrival_Date</b></td>
		<td><b>Departure_Date</b></td>
		<td><b>RoomNo</b></td>
		<td><b>Tel</b></td>
	</tr>
	<?
	//show data from tables
	$sql = "
		SELECT *
		FROM bookings
		ORDER BY ID ASC
		LIMIT 20";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	//print data
	?>
	<tr>
		<td><? echo $row['id']; ?></td>
		<td><? echo $row['Forename']; ?></td>
		<td><? echo $row['Surname']; ?></td>
		<td><? echo $row['Arrival_Date']; ?></td>
		<td><? echo $row['Departure_Date']; ?></td>
		<td><? echo $row['RoomNo']; ?></td>
		<td><? echo $row['Tel']; ?></td>
	</tr>
	<?
	}
	?>
</table>

Open in new window

0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 2000 total points
ID: 35034972
Yes, that's right, my bad

$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

//NOTE: MAKE SURE YOU DO YOUR OWN APPROPRIATE SERVERSIDE ERROR CHECKING HERE!!!
if(!empty($_POST) && isset($_POST))
{
    $emptyvariables = false;

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
                echo"Please insert $key<br />";
                $emptyvariables = true;
                }
        }
    }
    
    if($emptyvariables == false){
    


        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
            
            echo"$query";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}



?>

<table width="300" border="1">
	<tr>
		<td><b>ID</b></td>
		<td><b>Forename</b></td>
		<td><b>Surname</b></td>
		<td><b>Arrival_Date</b></td>
		<td><b>Departure_Date</b></td>
		<td><b>RoomNo</b></td>
		<td><b>Tel</b></td>
	</tr>
	<?
	//show data from tables
	$sql = "
		SELECT *
		FROM bookings
		ORDER BY ID ASC
		LIMIT 20";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	//print data
	?>
	<tr>
		<td><? echo $row['id']; ?></td>
		<td><? echo $row['Forename']; ?></td>
		<td><? echo $row['Surname']; ?></td>
		<td><? echo $row['Arrival_Date']; ?></td>
		<td><? echo $row['Departure_Date']; ?></td>
		<td><? echo $row['RoomNo']; ?></td>
		<td><? echo $row['Tel']; ?></td>
	</tr>
	<?
	}
	?>
</table>

Open in new window

0
 

Author Comment

by:deanlee17
ID: 35035376
Ok, it now trys to insert but fails everytime, we hit the echo "Failed to insert record<br>Please Ensure booking does not currently exist";

Many Thanks :)
0
 

Author Comment

by:deanlee17
ID: 35035398
Nope ignore that! It works.

Could you just describe how these 2 lines work and then we are done :)

  foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35035414
Is there any identity column in the database ? Isn't id a primary unique key ?
0
 

Author Comment

by:deanlee17
ID: 35035428
See my post above :)
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35035479
:)
POST is an array of key -> value, key is the name of the input field, value is its value, you can see it clearly, when you put print_r($_POST); just before that:

  foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
0
 

Author Comment

by:deanlee17
ID: 35036336
Excellent. Thanks for all the help.
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35036355
No problem
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This article discusses how to implement server side field validation and display customized error messages to the client.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Suggested Courses
Course of the Month18 days, 12 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question