Why are my PHP form validations returning true while theyre still null?

goldenpages · September 9, 2012, 3:14am

For some reason when i upload files, it goes through my script after submitted, then even if I leave the title text field blank, it still uploads. Here’s my code:
[php]

<?php if($_SESSION["id"] == $userid && isset($_SESSION["login"])) { if (isset($_POST["uploadsubmit"])) { if ($_FILES["upload"]["name"] == "") { $_SESSION["upload"] = "Please choose a file to upload"; $_SESSION["uploadsuccess"] = ""; $_SESSION["uploadsize"] = ""; } if ($_FILES["upload"]["name"] != "") { $_SESSION["upload"] = ""; } if ($_FILES["upload"]["type"] == "image/gif") { $_SESSION["upload"] = "Filetype not supported"; } if ($_FILES["upload"]["size"] > 10000000) { $_SESSION["uploadsize"] = "File size is too big"; $_SESSION["upload"] = ""; $_SESSION["uploadsuccess"] = ""; } if (empty($_POST["title"]) || strlen($_POST["title"]) > 50) { $_SESSION["title"] = "Please enter a title for your uploaded file"; } if (!empty($_POST["title"]) && strlen($_POST["title"]) < 50) { $_SESSION["title"] = ""; } if (empty($_POST["describe"]) || strlen($_POST["describe"]) < 10 || strlen($_POST["describe"]) > 200) { $_SESSION["describe"] = "Please give your uploaded file a description (Must be between 10-200 characters)"; } if (!empty($_POST["describe"]) && strlen($_POST["describe"]) > 10 And strlen($_POST["describe"]) < 200) { $_SESSION["describe"] = ""; } if ($_POST["category"] == "SELECT A CATEGORY") { $_SESSION["category"] = "Please select the category you wish your uploaded file to feature in"; } if ($_POST["category"] != "SELECT A CATEGORY") { $_SESSION["category"] = ""; } if ($_FILES["upload"]["name"] != "" && $_FILES["upload"]["size"] < 10000000 && $_SESSION["describe"] == "" && $_SESSION["category"] == "" && $_SESSION["title"] == "" && $_FILES["upload"]["type"] == "image/jpeg" || $_FILES["upload"]["type"] == "image/png" || $_FILES["upload"]["type"] == "image/pjpeg" || $_FILES["upload"]["type"] == "audio/mpeg") { $name = $_FILES["upload"]["name"]; $type = $_FILES["upload"]["type"]; $file_name = $_FILES['upload']['name']; $random_digit = rand(0000,200000); $new_file_name = $random_digit . $file_name; $directory = $new_file_name; $path = "uploads/" . $new_file_name; if (copy($_FILES['upload']['tmp_name'], $path)) { require "chapterpdo4.php"; } } } ?>

Select a File:

<?php echo $_SESSION["upload"]; echo $_SESSION["uploadsize"]; ?>

<?php echo $_SESSION["uploadsuccess"]; ?>

Title: <?php echo $_SESSION["title"]; ?>

Description:
<?php echo $_SESSION["describe"]; ?>

Category: SELECT A CATEGORY Singing Dancing Modeling Programming/Development Art Acting Music/Songwriting Comedy Rapping Tricks

<?php echo $_SESSION["category"]; ?>

<?php } ?>

[/php]

I only allow the file to upload while there are no session errors. but even though the session errors are active, it still submits and returns true even though i leave the fields blank. what is wrong with this code? thanks so much

cabalsdemon · September 9, 2012, 3:41am

you have to do it different then that

if submit then check for errors

with if and elsif and the last one say if no errors submit it

goldenpages · September 9, 2012, 3:45am

If i do that, it will display 2 errors in one line at the same time. i dont think thats where the problem is

cabalsdemon · September 9, 2012, 3:46am

read my post again

let see i will try to dig something up

goldenpages · September 9, 2012, 3:49am

sorry for being difficult but what youre tying to say is to check for errors then submit it? how would i do what youre trying to tell me to do?

wilson382 · September 9, 2012, 4:06am

Hello Golden,

I think error is on the following conditional statement.
[php]
if ($_FILES[“upload”][“name”] != “” && $_FILES[“upload”][“size”] < 10000000 && $_SESSION[“describe”] == “” && $_SESSION[“category”] == “” && $_SESSION[“title”] == “” && $_FILES[“upload”][“type”] ==

“image/jpeg” || $_FILES[“upload”][“type”] == “image/png” || $_FILES[“upload”][“type”] == “image/pjpeg” || $_FILES[“upload”][“type”] == “audio/mpeg”)
[/php]

Instead please try the following statement.
[php]
if (($_FILES[“upload”][“name”] !== “”) && ($_FILES[“upload”][“size”] < 10000000) && ($_SESSION[“describe”] == “”) && ($_SESSION[“category”] == “”) &&
($_SESSION[“title”] == “”) && (($_FILES[“upload”][“type”] == “image/jpeg”) || ($_FILES[“upload”][“type”] == “image/png”) || ($_FILES[“upload”][“type”] ==“image/pjpeg”)
|| ($_FILES[“upload”][“type”] == “audio/mpeg”)))
[/php]

goldenpages · September 9, 2012, 4:18am

Thanks it worked, but can you explain why it works with your if statement with parenthesis in each element?

wilson382 · September 9, 2012, 4:27am

well the simply answer would be “It’s a php rule” i don’t know any other way to say it.

however it’s because for every statement in parenthesis its much more clear to read.

if you take a deep look into my statement u can notice i inserted an extra parenthesis just for the OR by OR i mean where you start saying || because if you leave it without parenthesis when php meet the first OR it will take it as met condition for the whole statement which is why it was uploading the files.

In yourr case

Wrong
[php]
if ($x & $y || $k || $m)
[/php]
Wrong
[php]
if (($x) & ($y) || ($k) || ($m))
[/php]

correct!
[php]
if (($x) & (($y) || ($k) || ($m)))//if x and either y or k or m
[/php]

if i helped you don’t forget to karma me.

cabalsdemon · September 9, 2012, 4:44am

yes wilson you got it
i must be real tired that i didnt put 2 and 2 together

i seen it and it didnt trigger me

[php]

if (($_FILES[“upload”][“name”] != “”) && ($_FILES[“upload”][“size”] < 10000000) && ($_SESSION[“describe”] == “”) && ($_SESSION[“category”] == “”) && ($_SESSION[“title”] == “”) && ($_FILES[“upload”][“type”] ==

“image/jpeg” || $_FILES[“upload”][“type”] == “image/png” || $_FILES[“upload”][“type”] == “image/pjpeg” || $_FILES[“upload”][“type”] == “audio/mpeg”))

[/php]

try that goldenpages should work