checking fields for data

Beginners - Learning PHP
#1

hey, new to this php and its amazingly difficult to get your head around. I’ve just wrote my first INSERT which works great but I’ve been trying to add error checking which does not allow empty field. I will post my code here. for some reason my error checking is not working but i can’t see my mistake. I only checked it with the first_name but it allowed an empty field to be inserted

Can anyone help?

Also is it possible to add multiple checks on one field with only one if statement? i.e check there is something there while making sure its over so many characters? I know I’m really asking two questions here. If anyone could answer just the first question that would be great thank you
[php]

<?php include('database name is here'); session_start(); $validation_id = strval(time()); if(isset($_POST['submit'])) { if($_POST['first_name'] == "") { $message = "Please enter a first name"; $success = 0; } else if($_POST['last_name'] == "") { $message = "Please enter a surname"; $success = 0; } else if($_POST['DOB'] == "") { $message = "Please enter your birthday in the format dd/mm/yyy"; $success = 0; } else if($_POST['email'] == "") { $message = "Please enter the user's email"; $success = 0; } else if($_POST['username'] == "") { $message = "Please enter a username"; $success = 0; } else if($_POST['password'] == "") { $message = "Please enter a password"; $success = 0; } $first_name = mysql_real_escape_string($_POST['first_name']); $last_name = mysql_real_escape_string($_POST['last_name']); $DOB = mysql_real_escape_string($_POST['DOB']); $sex = mysql_real_escape_string($_POST['sex']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $agree = mysql_real_escape_string($_POST['agreed']); $creation_date = mysql_real_escape_string($_POST['creation_date']); $user_type = mysql_real_escape_string($_POST['member_type']); $access_level = mysql_real_escape_string($_POST['access_level']); $validation = mysql_real_escape_string($_POST['validation_id']); $club_user = mysql_real_escape_string($_POST['user_type']); $insert_member= "INSERT INTO Members (`first_name`,`last_name`,`DOB`,`sex`,`email`,`username`,`password`,`agree`,`creation_date`,`usertype`,`access_level`,`validationID`) VALUES ('".$first_name."','".$last_name."','".$DOB."','".$sex."','".$email."','".$username."','".$password."','".$agree."','".$creation_date."','".$user_type."','".$access_level."', '".$validation."')"; $insert_member_now= mysql_query($insert_member) or die(mysql_error()); } [/php]
#2

The reason it is still entering data into the database is because even if your validation fails it allows the sql to be ran.

At the top of your script put
[php]
$success = 1;
[/php]

and then before this line
[php]
$first_name = mysql_real_escape_string($_PoOST[‘firstname’])
[/php]

add

[php]
if (1===$success) {
[/php]

then on the last line of your file add
[php]
}
[/php]

What this will do is check to see if any of your validation has failed. This is because when validation fails you set $success to 0 all you needed to do was use this value. If $success is 1 everything is ok and the rest of the script can execute.

If you need any more explanation don’t hesitate to ask.

Sponsor our Newsletter | Privacy Policy | Terms of Service