Help with same page error message

[nepzap2]

Hello all,

 

I know this request is very simple but I'm having a little difficulty

 

I'm trying to get an error message to say "Sorry, fields are empty" to appear if a user clicks on a submit button with the fields empty and "Thanks" if the user clicks the submit button with the fields filled in.

 

Bellow is my code:

 

The condition to check for the error:

 

<?php 
    session_start(); 

$errorMessage = '';

if (isset($_POST['UserId']) && isset($_POST['Password'])) {

		$errorMessage = 'Sorry, fields are empty';
	}

?>

 

 

And the form with the message:

 

 

<?php
			if ($errorMessage != '') {
			?>
			<p align="left"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
			<?php
			}
			?>
                <br />
            	<table>
                <form action="" method="post" name="formLogin" id="frmLogin">
                    	<tr>
                        	<td>User Name</td>
                        	<td><input name="UserId" type="text" id="UserId"></td>
                    	</tr>
                        <tr>
                    		<td>Password</td>
                        	<td><input name="Password" type="password" id="Password"></td>
                  		</tr>
                        <tr>
                        	<td colspan="2" align="right"><input name="buttonLogin" type="submit" id="buttonLogin" value="Login"></td>
                       	</tr>
                </form>
        		</table>

 

 

Thank You guys very much.

[JonnoTheDev]

Firstly you need to check that the form has been submitted before checking the fields

<?php 
    session_start(); 

// form has been submitted
if($_POST['buttonLogin'] == 'Login') {
	$errors = array();
	$fields = array('UserId' => 'username', 'Password' => 'password');
	foreach($fields as $key => $name) {
		if(!strlen(trim($_POST[$key]))) {
			$errors[] = $name;
		}
	}

	// check for errors
	if(count($errors)) {
		print "The following fields must be complete: ".implode(", ", $errors);
	}
	else {

	}
}
?>

[cunoodle2]

To me it looks like you have it backwards.  Try this...

 

<?php

//if both fields are set with values
if (isset($_POST['UserId']) && isset($_POST['Password'])) 
{
        $errorMessage = 'Thanks =)';
}

//if either of the fields is empty.
else
{
        $errorMessage = 'Sorry, fields are empty';
}

echo $errorMessage;

[JonnoTheDev]

isset() is such a poor function to use!

[cunoodle2]

isset() is such a poor function to use!

Yes, poor just by itself.  I'd use it in conjunction with a clean function and many other verify options.  Are you saying you don't use it at all?  If so why?

 

I often start pages off like...

<?php

//get all variables
$Password = isSet($_POST['Password']) ? $_POST['Password'] : NULL;
?>

 

From there I move to the fact that IF there is something in there THEN do all my checking/cleaning on the variables.  Otherwise I don't find the need to call unnecessary functions if the variables are non existent.  What are your thoughts though?  I'm always looking to learn more/get more insight. 

[Ken2k7]

Isn't that the same as:

$Password = $_GET['Password'];

?

[nepzap2]

neil.johnson

 

Thank you so much....

 

Is it possible for you to break the code down for me so I can understand it more clearly. I don't just want to cut and paste although I can do that....

 

I just like to learn

 

Thanks much.

[cunoodle2]

Isn't that the same as:

$Password = $_GET['Password'];

?

I think to some extent yes.  I did go through a big discussion about this a long time ago on your site and one of your big mods (I think his name is "toplay") discussed the added benefit of doing it the way I had it versus the way you had it.  He justified it as being more secure and I honestly haven't looked back since and never even gave it a second thought.  I wish I still had the discussion saved somewhere.

[JonnoTheDev]

Is it possible for you to break the code down for me so I can understand it more clearly

 

No problem. I have added comments to make clear.  If you want to make it more advanced then things like usernames/passwords should be a certain length and contain no spaces. Rather than checking if the fields are just empty you may want to check that the correct number of characters and type are present.

 

<?php 
    session_start(); 

// form has been submitted
if($_POST['buttonLogin'] == 'Login') {
	// create array. hold any errors in the $errors array
	$errors = array();
	// create an array of the form field names that should not be empty
	$fields = array('UserId' => 'username', 'Password' => 'password');
	// loop through each field
	foreach($fields as $key => $name) {
		// if the field is empty then store its name in the errors array
		if(!strlen(trim($_POST[$key]))) {
			$errors[] = $name;
		}
	}

	// check for errors by counting the number of elements in the array
	if(count($errors)) {
		// display the name of each empty field
		print "The following fields must be complete: ".implode(", ", $errors);
	}
	else {	
		// there are no errors
	}
}
?>

[JonnoTheDev]

I'd use it in conjunction with a clean function and many other verify options.  Are you saying you don't use it at all?  If so why?

 

It is a poor function to use for validation as a variable can be set with anything. Think of url params. You could exectute code by adding them to the url i.e.

if(isset($_GET['name'])) {

}

I could execute the code using http://www.xyz.com?name=123

You should really check the data type or if the variable contains a certain string i.e.

$names = array('neil', 'john', 'paul');
if(strlen($_GET['name']) && in_array($_GET['name'], $names)) {
   // name is valid
}