spanner206 Posted November 7, 2013 Share Posted November 7, 2013 <!DOCTYPE HTML> <html> <head> <style> .error {color: #FF0000;} </style> </head> <body> <?php $con = mysqli_connect("localhost","root","","nib"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } // define variables and set to empty values $companynameErr = $firstnameErr = $genderErr = $address1Err = $address2Err = $areaErr = $cityErr = ""; $companyname = $firstname = $gender = $comment = $address1 = $address2 = $area = $city = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["companyname"])) {$companynameErr = "companyname is required";} else {$companyname = test_input($_POST["companyname"]);} if (empty($_POST["firstname"])) {$firstnameErr = "firstname is required";} else {$firstname = test_input($_POST["firstname"]);} if (empty($_POST["address1"])) {$address1 = "";} else {$address1 = test_input($_POST["address1"]);} if (empty($_POST["address2"])) {$address2 = "";} else {$address2 = test_input($_POST["address2"]);} if (empty($_POST["area"])) {$area = "";} else {$area = test_input($_POST["area"]);} if (empty($_POST["city"])) {$city = "";} else {$city = test_input($_POST["city"]);} } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?> <h2>PHP Form Validation</h2> <p><span class="error">* required field.</span></p> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <table border = "0"> <tr> <td>company name:</td><td> <input type="text" name="companyname"></td> <td><span class="error">* <?php echo $companynameErr;?></span></td> <tr> <tr> <td>First Name:</td><td> <input type="text" name="firstname"></td> <td><span class="error">* <?php echo $firstnameErr;?></span></td> </tr> <tr> <td>address1:</td><td> <input type="text" name="address1"></td> <td><span class="error">*<?php echo $address1Err;?></span></td> </tr> <tr> <td>address2:</td><td><input type="text" name="address2"></td> <td><span class="error">* <?php echo $address2Err;?></span></td> </tr> <tr> <td>area:</td> <td><input type="text" name="area"></td> <td><span class="error">* <?php echo $areaErr;?></span></td> </tr> <tr> <td>city:</td> <td><input type="text" name="city"></td> <td><span class="error">* <?php echo $cityErr;?></span></td> </tr> <tr> <td><input type="submit" name="submit" value="Submit"></td> </tr> <?$sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City) VALUES ('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } mysqli_close($con); ?> </form> </body> </html> right ive been doing this for a while now and i really wana get this out the way what i wana do is check fields if they are empty if they are empty a message will appear saying that all fields need to be filled and if all are filled it will send the data filled in to a database please help im getting bored of this now. Quote Link to comment Share on other sites More sharing options...
.josh Posted November 7, 2013 Share Posted November 7, 2013 It would be easier to put your error messages into an array so that you don't have to check for each individual error variable. For example: // init error array $errors = array(); if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["companyname"])) {$errors['companyname'] = "company name is required";} else {$companyname = test_input($_POST["companyname"]);} // do the same thing as above for the rest of your fields } Then in your form, do like this: <td><span class="error">* <?php if (isset($errors['companyname'])) echo $errors['companyname']; ?></span></td> Then wrap your sql query stuff in this: if (count($errors)==0) { // do query stuff } Also, you should move your database connection stuff inside that last condition, just before the query stuff, so that you don't use resources and time connecting to the database unless the form is actually validated. Quote Link to comment Share on other sites More sharing options...
spanner206 Posted November 7, 2013 Author Share Posted November 7, 2013 right i did all of that but im now getting this error message. ( ! ) Parse error: syntax error, unexpected end of file in C:\wamp\www\AddLeads\addeadstemplate.php on line 117 updated code aswell <!DOCTYPE HTML> <html> <head> <style> .error {color: #FF0000;} </style> </head> <body> <?php error_reporting(E_ALL); $con = mysqli_connect("localhost","root","","nib"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } // define variables and set to empty values $companynameErr = $firstnameErr = $address1Err = $address2Err = $areaErr = $cityErr = ""; $companyname = $firstname = $address1 = $address2 = $area = $city = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $errors = array(); if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["companyname"])) {$errors['companyname'] = "company name is required";} else {$companyname = test_input($_POST["companyname"]);} if (empty($_POST["first name"])) {$errors['first name'] = "frst name is required";} else {$firstname = test_input($_POST["first name"]);} if (empty($_POST["address1"])) {$errors['address1'] = "address 1 name is required";} else {$address1 = test_input($_POST["address1"]);} if (empty($_POST["address2"])) {$errors['address2'] = "address 2 name is required";} else {$address2 = test_input($_POST["address2"]);} if (empty($_POST["area"])) {$errors['area'] = "area is required";} else {$area = test_input($_POST["area"]);} if (empty($_POST["city"])) {$errors['city'] = "city is required";} else {$city = test_input($_POST["city"]);} } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?> <h2>PHP Form Validation</h2> <p><span class="error">* required field.</span></p> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <table border = "0"> <tr> <td><span class="error">* <?php if (isset($errors['companyname'])) echo $errors['companyname']; ?></span></td> <tr> <tr> <td><span class="error">* <?php if (isset($errors['firstname'])) echo $errors['firstname']; ?></span></td> </tr> <tr> <td><span class="error">* <?php if (isset($errors['address1'])) echo $errors['address1']; ?></span></td> </tr> <tr> <td><span class="error">* <?php if (isset($errors['address2'])) echo $errors['address2']; ?></span></td> </tr> <tr> <td><span class="error">* <?php if (isset($errors['area'])) echo $errors['area']; ?></span></td> </tr> <tr> <td><span class="error">* <?php if (isset($errors['City'])) echo $errors['City']; ?></span></td> </tr> <tr> <td><input type="submit" name="submit" value="Submit"></td> </tr> <?if (count($errors)==0) {$sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City) VALUES ('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')"; } if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } mysqli_close($con); ?> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
Solution .josh Posted November 7, 2013 Solution Share Posted November 7, 2013 That error usually means your opening/closing brackets don't match up, as in you have more { than } or visa versa. You have this twice, lines 23/24 and then 28/29 if ($_SERVER["REQUEST_METHOD"] == "POST") { But there's a few other issues here: First, where did your form fields go? I just showed you updated code for what you output in your error spans.. you still need to have your form input fields..otherwise, how is the user supposed to fix their mistake(s)? 2nd, you were supposed to wrap your query stuff around all of your query stuff, not just the query string.. what you did is just going to cause your code to attempt a query with no string whenever a user has any errors! Also as I mentioned before, you should move your database connection stuff inside the condition as well, so your script doesn't waste time and resources connecting to the database unless the form is actually validated (move lines 12-17): <?php if (count($errors)==0) { $con = mysqli_connect("localhost","root","","nib"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City) VALUES ('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } mysqli_close($con); } // end if $errors == 0 ?> Quote Link to comment Share on other sites More sharing options...
.josh Posted November 7, 2013 Share Posted November 7, 2013 Also, this should get your code "working" but there are a lot of improvements that can be made to your script. The very first thing is better form validation. Checking if the form fields are empty is great from a business perspective, but it is nowhere near secure from a coding perspective. As it stands now, your script is vulnerable to sql injection. You should read up on how to properly guard against that. Quote Link to comment Share on other sites More sharing options...
spanner206 Posted November 8, 2013 Author Share Posted November 8, 2013 thats sorted it out thanks alot josh. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.