Member Avatar for ElaineTeo 
if(empty($_POST['txtEmail'])) 
{
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?emptyusr=1';
    header('Location:'.$page);   
}
  • 4 Contributors
  • 11 Replies
  • 207 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by ElaineTeo

Recommended Answers

All 11 Replies

Member Avatar for broj1

Syntacticaly code is OK. What error do you get? What do you want to achieve?

Member Avatar for jstfsklh211

please post more detail

Member Avatar for ElaineTeo 
if(empty($_POST['txtEmail'])) 
{
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?emptyusr=1';
    header('Location:'.$page);   
} 


if (isset($_REQUEST['emptyusr']))
{
    echo "<font color=red>Please fill in email</font>";
}

If the filed is blank, should be cant add into database and will show msg "Please fill in email".. But I still can add data into database and din show and error msg... Thank for help...

Member Avatar for ericnmk80

if(empty($_POST['txtEmail']))

I think you should make the first line to check as NOT EMPTY like this:-

if ($_POST['txtEmail'] != "")

Try and see... Please let me know if it didn't help. Thanks

Member Avatar for ericnmk80

And this Block of code should be in another PHP file called "Signup.php". Not over here...

if (isset($_REQUEST['emptyusr']))
{    
   echo "<font color=red>Please fill in email</font>";
}

Please try and see if it helps....

Thanks

Member Avatar for ElaineTeo

Yes, I already change to

if ($_POST['txtEmail'] != "")

But still the same... Din show any error msg..

if (isset($_REQUEST['emptyusr'])){echo "<font color=red>Please fill in email</font>";}
Ya, this code is inside SignUp.php

Member Avatar for broj1

I do not understand why you run the query if the field is blank. What is the $sql query? Maybe you should negate the condition (if $_POST['txtEmail'] is not empty then...):

if(!empty($_POST['txtEmail']))

You actually have to tell what to achieve or maybe post the whole script.

Member Avatar for ElaineTeo 
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$_POST[txtEmail]','$_POST[txtPassword]','$_POST[txtRePassword]','$_POST[txtFirstName]','$_POST[txtLastName]','$_POST[cboNationality]','$_POST[cboGender]')";



if ($txtEmail != '')
{
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?emptyusr=1';
    header('Location:'.$page);   
} 

if($_POST['txtPassword'] == $_POST['txtRePassword'])
{
    //Passwords Matched, so proceed with code
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?wrongpwd=1';
    header('Location:'.$page);   
} 



mysql_close($con)
Member Avatar for broj1

Sorry to keep you waiting so long for reply, I've been away.

You have an error in your SQL statement. The associative indexes of the $_POST array have to be enclosed in quotes and in addition to that $_POST elements have to be enclosed in curly braces since they are composite variables. So the correct syntax for the query would be:

$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('{$_POST['txtEmail']}','{$_POST['txtPassword']}','{$_POST['txtRePassword']}','{$_POST['txtFirstName']}','{$_POST['txtLastName']}','{$_POST['cboNationality']}','{$_POST['cboGender']}')";

But there is a better and safer way. Firstly it is a very bad idea to include values form POST directly to your query without cleaning them first. Someone can input a SQL injection code in one of your textboxes and run her query with bad intentions on your database. So you better clean the values first (at least escape them using i.e. mysql_real_escape_string - http://php.net/manual/en/function.mysql-real-escape-string.php). Secondly using quotes and curly braces as above is correct but can lead to errors. So better, safer and cleaner approach would be:

// clean values, I used trim and mysql_real_escape_string,
// you can also use filters or your functions, also depending on values
$txtEmail = mysql_real_escape_string(trim($_POST['txtEmail']), $con);
$txtPassword = mysql_real_escape_string(trim($_POST['txtPassword']), $con);
$txtRePassword = mysql_real_escape_string(trim($_POST['txtRePassword']), $con);
$txtFirstName = mysql_real_escape_string(trim($_POST['txtFirstName']), $con);
$txtLastName = mysql_real_escape_string(trim($_POST['txtLastName']), $con);
$cboNationality = mysql_real_escape_string(trim($_POST['cboNationality']), $con);
$cboGender = mysql_real_escape_string(trim($_POST['cboGender']), $con);

// use clean values in the query
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$txtEmail','$txtPassword','$txtRePassword','$txtFirstName','$txtLastName','$cboNationality','$cboGender')";
Member Avatar for broj1

Another error (and probably the main reason to not working) is in line 7 of your code:

if ($txtEmail != '')

$txtEmail has probably not been declared yet. You probably meant $POST['txtEmail'].

Member Avatar for ElaineTeo

Thank you.. Your suggestion is great!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.