Jump to content

If isset statement not working

wright67uk

By wright67uk
in PHP Coding Help

 Share

Recommended Posts

wright67uk Advanced Member

wright67uk

Posted
Posted

I was expecting this code to add the users name and address to my database IF the email address existed in the first place. ELSE echo "sorry wrong email address"

 

However I'm going wrong somewhere. The form echo's regardless of there being an email address set or not.

 

Any ideas of where i'm going wrong on this one?

 

<?php


if (isset($_POST['email'])) 

       {  
           filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); 

           $hostname = "###";
           $username = "###";
           $dbname = "###";
           $password = "###!";
  $name = $_POST['name'];
  $email = $_POST['email'];
           $con = mysql_connect("$hostname","$username","$password");


           if (!$con)
                       {
                       die('Could not connect: ' . mysql_error());
                       }


          mysql_select_db("###", $con);
          $sql="INSERT INTO ### (name, email) VALUES ('$_POST[name]','$_POST[email]')";


          if (!mysql_query($sql,$con))
                       {
                       die('Error: ' . mysql_error());
                       }

    echo '
    <div id="main">
         <div id="title">Thankyou! we will be in touch soon.</div>
         <div id="subheading"></div>
         <div id="mid"></div>
         <div id="form">
         </div>
         </div>
         ';


      }

else 
      {
   echo "sorry wrong email address";
      }



mysql_close($con);
?>

Link to comment
Share on other sites
Christian F. Member

Christian F.

Posted
Posted

Your indentation is a bit out of whack, so I cleaned it up for you:

<?php

if (isset ($_POST['email']))  {
filter_var ($_POST['email'], FILTER_SANITIZE_EMAIL);

$hostname = "###";
$username = "###";
$dbname = "###";
$password = "###!";
$name = $_POST['name'];
$email = $_POST['email'];
$con = mysql_connect ("$hostname", "$username", "$password");

if (!$con) {
	die ('Could not connect: ' . mysql_error ());
}

mysql_select_db ("###", $con);
$sql = "INSERT INTO ### (name, email) VALUES ('$_POST[name]','$_POST[email]')";

if (!mysql_query ($sql, $con)) {
	die ('Error: ' . mysql_error ());
}

echo '
        <div id="main">
                 <div id="title">Thankyou! we will be in touch soon.</div>
                 <div id="subheading"></div>
                 <div id="mid"></div>
                 <div id="form">
                 </div>
                 </div>
                 ';
} else {
echo "sorry wrong email address";
}

 

Also, note that I removed the mysql_close () call: It's quite unnecessary, and can be quite detrimental in some cases.

 

Now, the problem you're facing, or rather problems:

  • isset () checks if the variable (or index, in this case) has been set. IE, that it has been given a value and that value isn't null. Whenever you submit a form element (except unchecked checkboxes and radio buttons), it will be given a value. Even if this value is an empty string.
  • You were not saving, or handling, the results from the filter_var () operation at all. Making it do nothing in terms of validation.
    Your update fixed that, but still need to remove the following line (if you haven't done so already):
    $email = $_POST['email'];


  • Validating the username should also be done, to ensure that the user has actually written something in there, and that it follows the pattern of what you consider to be a legit username.
  • There is a complete lack of output escaping on the values that goes into your SQL query, which means you're wide open for SQL injection attacks.
  • Use a header () call to redirect the user to the "welcome" page instead. That way you prevent the refresh-resubmit problem.
  • Your error message for the e-mail is inaccurate. At this point we only know if the form has been submitted, or rather that it hasn't; $_POST['email'] isn't set, thus the form has not been submitted.

 

It's the first and last items on that list which causes the behaviour which you're witnessing, and you'll need to sort out the logic to get it to do what you want. What I can tell you, however, is that the "wrong e-mail" error message is a validation error.

Should make it quite obvious to where it belong then. ;)

 

Link to comment
Share on other sites
wright67uk Advanced Member

wright67uk

Posted
  • Author
Posted

Thanks for your advice Christian, I've done a bit of reading, and decided to have the processing and form on the same page.

I think I'm now validating both the email and name field, however I'm not having any entries in my MySQL database.

 

Am I still really wrong in my approach?

 

<div id="form">
<form name="form1" method="post" action="form-email.php">  
<input type="text" onclick="this.value=''" name="name"   class="round" value="name"  size="20" />    
<input type="text" onclick="this.value=''" name="email"  class="round" value="email" size="20"/> 
<input type="submit" class="round" name="Submit" value="Register Your interest"/> 
</form>  
</div>


<?php  
   if (isset($_POST['Submit'])) {  

       if ($_POST['name'] != "") {  
           $name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);  
           if (!filter_var($name, FILTER_SANITIZE_STRING)) {  
               $errors .= '* Please enter a valid name.<br/><br/>';  
           }  
       } else {  
           $errors .= '* Please enter your name.<br/>';  
       } 

       if ($_POST['email'] != "") {  
           $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);  
           if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {  
               $errors .= "* $email is <strong>NOT</strong> a valid email address ";  
           }  
       } else {  
           $errors .= '* Please enter your email address.<br/>';  
 }

       if (!$errors) {  

 $hostname = "###";
       $username = "###";
       $dbname = "###";
       $password = "###";
       $con = mysql_connect ("$hostname", "$username", "$password");

       if (!$con) {
               die ('Could not connect: ' . mysql_error ());
       }

       mysql_select_db ("###", $con);
       $sql = "INSERT INTO NLCUP (name, email) VALUES ('$name', '$email')";

       echo '<p style="color: white; margin-left:105px; font-size:22px; padding-top:15px">* Thankyou, we will be in touch soon!<br></p>';   
       } 

 else {  
           echo '<p style="color: white; margin-left:105px; padding-top:15px">' . $errors . 'please try again.</p></div>';  
            }  
   }  
?> 
</div>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.