[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

PHP check that form value is not blank

Posted on 2011-03-04
17
Medium Priority
?
319 Views
Last Modified: 2012-05-11
Hi Experts,

I have the following attached code, it already checks for malicious characters but whats the easiest way to check that a field has not been left blank and if so to identify the field to the user?

Many Thanks,
Dean.
if(!empty($_POST) && isset($_POST))
{
	//make variables safe to insert
  $id = mysql_real_escape_string($_POST['id']);
  $Forename = mysql_real_escape_string($_POST['Forename']);
	$Surname = mysql_real_escape_string($_POST['Surname']);
	$Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
	$Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
	$RoomNo = mysql_real_escape_string($_POST['RoomNo']);
	$Tel = mysql_real_escape_string($_POST['Tel']);

	//query to insert data into table
	$sql = "
		INSERT INTO bookings
		SET
		id = '$id',
		Forename = '$Forename',
		Surname = '$Surname',
		Arrival_Date = '$Arrival_Date',
		Departure_Date = '$Departure_Date',
		RoomNo = '$RoomNo',
		Tel = '$Tel'";
	$result = mysql_query($sql);
	if(!$result)
	{
		echo "Failed to insert record<br>Please Ensure booking does not currently exist";
	}
	else
	{
		echo "Record inserted successfully";
	}
}
?>

Open in new window

0
Comment
Question by:deanlee17
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
17 Comments
 

Author Comment

by:deanlee17
ID: 35034411
Below is an attempt, but if ID and Forename are both empty then the echo only says "Please insert ID." I want it to flag up all missing fields.
if(!$id)
	{
		echo "Please insert ID<br>";
	}
	elseif(!$Forename)
	{
		echo "Please Enter Forename<br>";
	}
	else
	{
		
	
	// end test
	
	//query to insert data into table
	$sql = "
		INSERT INTO bookings
		SET
		id = '$id',
		Forename = '$Forename',
		Surname = '$Surname',
		Arrival_Date = '$Arrival_Date',
		Departure_Date = '$Departure_Date',
		RoomNo = '$RoomNo',
		Tel = '$Tel'";
	$result = mysql_query($sql);
	if(!$result)
	{
		echo "Failed to insert record<br>Please Ensure booking does not currently exist";
	}
	else
	{
		echo "Record inserted successfully";
	}
}
}

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034442
You can try
if(!$id){echo "Please insert ID<br>";}
if(!$Forename){echo "Please Enter Forename<br>";}
and so on (not using elseif but simple if)
0
 

Author Comment

by:deanlee17
ID: 35034531
Hi Roads,

That seems to work for the error message. Is there any better way to loop through the vaiables rather than just having....

if(!$id)
 {
    echo "Please insert ID<br>";
 }
if(!$Forename)
 {
    echo "Please Enter Forename<br>";
  }

etc etc

Thanks,
Dean.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034723
A simple example:
<?php
    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }
?>

<form action="#" method="post">
    <input type="text" name="var1" /> var1<br />
    <input type="text" name="var2" /> var2<br />
    <input type="text" name="var3" /> var3<br />
    <input type="submit" value="send" />
</form>

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034730
Oh, allright then :) This would the code look like I guess (not tested)

<?php

if(!empty($_POST) && isset($_POST))
{

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }else{

        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}


?>

Open in new window


0
 

Author Comment

by:deanlee17
ID: 35034809
haha thanks roads. Would that display all empty fields?
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35034887
Yes, it should - test it.
0
 

Author Comment

by:deanlee17
ID: 35034916
Hmm error checking is working well. But it now wont insert a genuine record.

See code attached.

Thanks for your help so far
<?


$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

//NOTE: MAKE SURE YOU DO YOUR OWN APPROPRIATE SERVERSIDE ERROR CHECKING HERE!!!
if(!empty($_POST) && isset($_POST))
{

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])) echo"Please insert $key<br />";
        }
    }else{

        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}



?>

<table width="300" border="1">
	<tr>
		<td><b>ID</b></td>
		<td><b>Forename</b></td>
		<td><b>Surname</b></td>
		<td><b>Arrival_Date</b></td>
		<td><b>Departure_Date</b></td>
		<td><b>RoomNo</b></td>
		<td><b>Tel</b></td>
	</tr>
	<?
	//show data from tables
	$sql = "
		SELECT *
		FROM bookings
		ORDER BY ID ASC
		LIMIT 20";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	//print data
	?>
	<tr>
		<td><? echo $row['id']; ?></td>
		<td><? echo $row['Forename']; ?></td>
		<td><? echo $row['Surname']; ?></td>
		<td><? echo $row['Arrival_Date']; ?></td>
		<td><? echo $row['Departure_Date']; ?></td>
		<td><? echo $row['RoomNo']; ?></td>
		<td><? echo $row['Tel']; ?></td>
	</tr>
	<?
	}
	?>
</table>

Open in new window

0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 2000 total points
ID: 35034972
Yes, that's right, my bad

$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

//NOTE: MAKE SURE YOU DO YOUR OWN APPROPRIATE SERVERSIDE ERROR CHECKING HERE!!!
if(!empty($_POST) && isset($_POST))
{
    $emptyvariables = false;

    if(!empty($_POST)){
        foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
                echo"Please insert $key<br />";
                $emptyvariables = true;
                }
        }
    }
    
    if($emptyvariables == false){
    


        //make variables safe to insert
      $id = mysql_real_escape_string($_POST['id']);
      $Forename = mysql_real_escape_string($_POST['Forename']);
        $Surname = mysql_real_escape_string($_POST['Surname']);
        $Arrival_Date = mysql_real_escape_string($_POST['Arrival_Date']);
        $Departure_Date = mysql_real_escape_string($_POST['Departure_Date']);
        $RoomNo = mysql_real_escape_string($_POST['RoomNo']);
        $Tel = mysql_real_escape_string($_POST['Tel']);

        //query to insert data into table
        $sql = "
            INSERT INTO bookings
            SET
            id = '$id',
            Forename = '$Forename',
            Surname = '$Surname',
            Arrival_Date = '$Arrival_Date',
            Departure_Date = '$Departure_Date',
            RoomNo = '$RoomNo',
            Tel = '$Tel'";
            
            echo"$query";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo "Failed to insert record<br>Please Ensure booking does not currently exist";
        }
        else
        {
            echo "Record inserted successfully";
        }
    }
}



?>

<table width="300" border="1">
	<tr>
		<td><b>ID</b></td>
		<td><b>Forename</b></td>
		<td><b>Surname</b></td>
		<td><b>Arrival_Date</b></td>
		<td><b>Departure_Date</b></td>
		<td><b>RoomNo</b></td>
		<td><b>Tel</b></td>
	</tr>
	<?
	//show data from tables
	$sql = "
		SELECT *
		FROM bookings
		ORDER BY ID ASC
		LIMIT 20";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	//print data
	?>
	<tr>
		<td><? echo $row['id']; ?></td>
		<td><? echo $row['Forename']; ?></td>
		<td><? echo $row['Surname']; ?></td>
		<td><? echo $row['Arrival_Date']; ?></td>
		<td><? echo $row['Departure_Date']; ?></td>
		<td><? echo $row['RoomNo']; ?></td>
		<td><? echo $row['Tel']; ?></td>
	</tr>
	<?
	}
	?>
</table>

Open in new window

0
 

Author Comment

by:deanlee17
ID: 35035376
Ok, it now trys to insert but fails everytime, we hit the echo "Failed to insert record<br>Please Ensure booking does not currently exist";

Many Thanks :)
0
 

Author Comment

by:deanlee17
ID: 35035398
Nope ignore that! It works.

Could you just describe how these 2 lines work and then we are done :)

  foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35035414
Is there any identity column in the database ? Isn't id a primary unique key ?
0
 

Author Comment

by:deanlee17
ID: 35035428
See my post above :)
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35035479
:)
POST is an array of key -> value, key is the name of the input field, value is its value, you can see it clearly, when you put print_r($_POST); just before that:

  foreach($_POST as $key => $val){
            if(empty($_POST[$key])){
0
 

Author Comment

by:deanlee17
ID: 35036336
Excellent. Thanks for all the help.
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35036355
No problem
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question