form validation

[CyberShot]

I have a form that i can enter a name and it inserts the name into a database. I am trying to add validation now. right now, if i push the submit button, it puts in an empty value into the list. So I tried two things

 

if(isset($_POST[name])){
insert name into database
}
else
{
echo "you must put in a name"
}

I also tried 

[code]
if(!isset($_POST[name]))
return false;
[code]

neither worked. It still inserts a null value. What am I doing wrong?

[cags]

if(isset($_POST['name'] && !empty($_POST['name'])){
   //insert name into database
} else {
   echo "you must put in a name"
}

[CyberShot]

I keep getting an error from that

 

Parse error: parse error, expecting `','' or `')'' in C:\wamp\www\dbtest\insert.php on line 5

 

if(isset($_POST['name'] && !empty($_POST['name'])){
$sql="INSERT INTO mytable (names)
VALUES
('$_POST[name]')";
}
else
{
echo "you must put in a name";
}

[cags]

Sorry, typo, I missed a closing bracket.

 

if(isset($_POST['name']) && !empty($_POST['name'])) {

[CyberShot]

I just cought on to that. But now it creates a new problem, the code errors out on the sql check.

 

if(isset($_POST['name']) && !empty($_POST['name'])){
$sql="INSERT INTO mytable (names)
VALUES
('$_POST[name]')";
}
else
{
echo "you must put in a name";
}

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

 

now, if I just push the submit button, it gives me the echo error, but it also says

 

Undefined variable: sql

 

the mysql_query is not part of the else statement, so why would it now error out?

[mrMarcus]

no, it's not part of the else statement, but it's part of this statement:

 

if (!mysql_query($sql,$con))
{
  die('Error: ' . mysql_error());
}

 

where is $sql defined?  inside the first IF.

[CyberShot]

You lost me. The sql is defined in the above insert statement. To insert the name into the database. then if if works, it shows the name in the list. The code worked fine until I added the check to see if the name field was empty. So I don't understand why it would error out now.

 

Thanks for your help by the way.

[cags]

$sql will only have a value if $_POST['name'] is not empty. You use mysql_query regardless of whether $_POST['name'] is empty meaning if $_POST['name'] is empty you are calling mysql_query("");

[mrMarcus]

let's have a look at your form.

 

you are getting the 'Undefined variable: sql' error because if the condition isn't met (if $_POST['name'] has no value or has not been set), $sql doesn't get defined.  so, when you throw in this code with $_POST['name'] not being set:

 

if (!mysql_query($sql,$con))
{
  die('Error: ' . mysql_error());
}

 

the system will try and execute: if (!mysql_query ($sql, $con)) .. but $sql hasn't been set yet.  get it?

 

post your form and i'll see what i can do.

[CyberShot]

I see, that makes sense. Well then if I throw in another check for the query to only perform if the post is set then it should work. That is my code posted above. I have all the code split up into several files, so each part is very small. There is insert, delete, connection, and index. The insert code has been posted

[cags]

A method I find usefull for handling validation is this...

 

$errors = array();

if(!isset($_POST['forename']) || empty($_POST['forename'])) {
   $errors['forename'] = "Error with forename";
}

if(!isset($_POST['surname']) || empty($_POST['surname'])) {
   $errors['surname'] = "Error with surname";
}

// ... rest of fields.

if(empty($errors)) {
   // proceed with processing
}