0

I am having a problem on notifying the user when he/she submit a empty form. When I submit an empty form, the system doesn't notify or alert the user that the form is empty. And when I put a title and I leave the content textbox empty its still add to the database and notify that it successfully added. Same goes when I leave the title textbox empty. The two textboxes should have contain texts before submitting. Here is my code...

<?php

        extract($_POST);
        if($submit=='submit' || strlen($service_name)>0 )
        {
            $rs=mysql_query("select * from tblservices where service_name='$service_name'");
            if (mysql_num_rows($rs)>0)
            {
                echo '<div class="n_error"><p>Opps! Service Already Exist.</p></div>';
                echo '<button type="submit" href="add_service.php">Try again.</button>';
                exit;
            }
        mysql_query("insert into tblservices(service_name, service_content) values ('$service_name', '$service_content')") or die(mysql_error());
            echo '<div class="n_ok"><p>Success! Service has been added.</p></div>';

        $submit="";
        }
        ?>

                    <form method="post">
                    <div class="element">
                        <label for="service_name">Service Title <span class="red">(required)</span></label>
                        <input name="service_name" id="service_name" type="text" class="text err" />
                    </div>

                    <div class="element">
                        <label for="content">Page content <span class="red">(required)</span></label>
                        <textarea name="service_content" id="service_content" class="textarea" rows="10"></textarea>
                    </div>
                    <div class="entry">
                        <button type="submit">Preview</button> <button type="submit" class="add">Save page</button> <button class="cancel">Cancel</button>
                    </div>
                </form>

Please, help me. Advance Happy new year.. :D

3
Contributors
4
Replies
27
Views
3 Years
Discussion Span
Last Post by RascelleGrepo
0

Your condition is wrong since it checks if either submit is set (which always is after submitting) or $service_name has some text. The condition is always true and the values are inserted (if they do not exist). The correct condition would be using && (and):

if($submit=='submit' && strlen($service_name) > 0 && strlen($service_content > 0)) {
    ...
}

or a bit simpler one (without using slow-performing strlen):

if($submit=='submit' && $service_name != '' && $service_content != '') {
    ...
}

And I have to take your attention to two more things not related to your question but quite important:

  1. do not insert user input you received from a web form directly into database without cleaning it first! Bad guys (and gals) might enter a nasty sql into an input or textarea fields and you will transfer that politely and directly to your database server. It is called an sql injection. To fight against it you have to at least clean the user input by disabling characters that are potentionally dangerous (especially the ' which is the pandora's box opener). You do that by escaping user input string using mysql_real_escape_string function. You can add to that some black / white listing and other checking and validating methods.

    mysql_query("insert into tblservices(service_name, service_content) values ('" . mysql_real_escape_string($service_name) . "', "' . mysql_real_escape_string($service_content) . "')") or die(mysql_error());

  2. You use mysql extension to handle database related stuff. This extension is old and is about to be kicked out of this world. If you can, switch to mysqli or PDO as soosn as possible to be on the safer side.

Edited by broj1

0

Change the IF statement to:

if($submit == 'submit' && strlen($service_name) > 0 && strlen($service_content) > 0)

@broj1 sorry, I didn't saw your answer, bye!

Edited by cereal

1

@broj1 sorry, I didn't saw your answer, bye!

No worries, mate. Two answers are better than one :-)

0

Thank you.. for some reason, the and(&&) doesnt work. That's why i chose to use or(||). Anyways, I already fixed it. Thank youuu again. :D happy new year. :D

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.