Whitespaces in forms problem

cobusbo · March 2, 2015

Hi I'm currently developing a register page within my form I want the user to specify a name. The problem I curently have is when a user press the spacebar and submit hes name it gets accepted.

<?php
	if($_POST['formSubmit'] == "Submit") 
    {
		$errorMessage = "";
		
		if(empty($_POST['formName'])) 
        {
			$errorMessage .= "<li>You forgot to enter a name!</li>";
		}
	if($_POST['formName'] == " ") 
    {
		$errorMessage = "<li>You cant insert an empty field!</li>";
}
        
		$varName = trim($_POST['formName']);
$nick = urldecode($_SERVER['HTTP_X_MXIT_NICK']);
$phone = urldecode($_SERVER["HTTP_X_DEVICE_USER_AGENT"]);
$ip = $_SERVER["HTTP_X_MXIT_USERID_R"];
if(!isset($phone))
{
	$phone = "Other";

}
if(!isset($ip))
{
	$ip = "Debater";

}

		if(empty($errorMessage)) 
        {
			$db = mysql_connect("***********","******","*****");
			if(!$db) die("Error connecting to MySQL database.");
			mysql_select_db("********" ,$db);

			$sql = "INSERT INTO Users2 (Username, mxitid, nick, phone) VALUES (" .
							PrepSQL($varName) . ", ". PrepSQL($ip) . ", " . PrepSQL($nick) . ", " . PrepSQL($phone) . ")";
			mysql_query($sql);
			
			header("Location: thankyou.html");
			exit();
		}
	}
            
    // function: PrepSQL()
    // use stripslashes and mysql_real_escape_string PHP functions
    // to sanitize a string for use in an SQL query
    //
    // also puts single quotes around the string
    //
    function PrepSQL($value)
    {
        // Stripslashes
        if(get_magic_quotes_gpc()) 
        {
            $value = stripslashes($value);
        }

        // Quote
        $value = "'" . mysql_real_escape_string($value) . "'";

        return($value);
    }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title>PHP Form processing example</title>
<!-- define some style elements-->
<style>
label,a 
{
	font-family : Arial, Helvetica, sans-serif;
	font-size : 12px; 
}

</style>	
</head>

<body>

       <?php
		    if(!empty($errorMessage)) 
		    {
			    echo("<p>There was an error with your form:</p>\n");
			    echo("<ul>" . $errorMessage . "</ul>\n");
            }
        ?>

		<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
			
			<p>
				<label for='formName'>What is your name?</label><br/>
				<input type="text" name="formName" maxlength="50" value="<?=$varName;?>" />
			</p>
			
			<input type="submit" name="formSubmit" value="Submit" />
		</form>
		
<p>
<a href='http://www.html-form-guide.com/php-form/php-form-processing.html'
>'PHP form processing' article page</a>
</p>

</body>
</html>

As you can see I added

if($_POST['formName'] == " ") 
    {
		$errorMessage = "<li>You cant insert an empty field!</li>";
}

This works if the person only typed a whitespace(spacebar) once but if the person types it more then once it gets accepted again. Any help?

Barand · March 2, 2015

try

if(empty(trim($_POST['formName'])))

cobusbo · March 2, 2015

try

if(empty(trim($_POST['formName'])))

I tried it but got an error

Fatal error: Can't use function return value in write context in..... line 6

Here is my current code.

<?php
	if($_POST['formSubmit'] == "Submit") 
    {
		$errorMessage = "";
		
if(empty(trim($_POST['formName'])))
        {
			$errorMessage .= "<li>You forgot to enter a name!</li>";
		}

        
		$varName = trim($_POST['formName']);
$nick = urldecode($_SERVER['HTTP_X_MXIT_NICK']);
$phone = urldecode($_SERVER["HTTP_X_DEVICE_USER_AGENT"]);
$ip = $_SERVER["HTTP_X_MXIT_USERID_R"];
if(!isset($phone))
{
	$phone = "Other";

}
if(!isset($ip))
{
	$ip = "Debater";

}

		if(empty($errorMessage)) 
        {
			$db = mysql_connect("********","*******","***********");
			if(!$db) die("Error connecting to MySQL database.");
			mysql_select_db("*******" ,$db);

			$sql = "INSERT INTO Users2 (Username, mxitid, nick, phone) VALUES (" .
							PrepSQL($varName) . ", ". PrepSQL($ip) . ", " . PrepSQL($nick) . ", " . PrepSQL($phone) . ")";
			mysql_query($sql);
			
			header("Location: thankyou.html");
			exit();
		}
	}
            
    // function: PrepSQL()
    // use stripslashes and mysql_real_escape_string PHP functions
    // to sanitize a string for use in an SQL query
    //
    // also puts single quotes around the string
    //
    function PrepSQL($value)
    {
        // Stripslashes
        if(get_magic_quotes_gpc()) 
        {
            $value = stripslashes($value);
        }

        // Quote
        $value = "'" . mysql_real_escape_string($value) . "'";

        return($value);
    }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title>PHP Form processing example</title>
<!-- define some style elements-->
<style>
label,a 
{
	font-family : Arial, Helvetica, sans-serif;
	font-size : 12px; 
}

</style>	
</head>

<body>

       <?php
		    if(!empty($errorMessage)) 
		    {
			    echo("<p>There was an error with your form:</p>\n");
			    echo("<ul>" . $errorMessage . "</ul>\n");
            }
        ?>

		<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
			
			<p>
				<label for='formName'>What is your name?</label><br/>
				<input type="text" name="formName" maxlength="50" value="<?=$varName;?>" />
			</p>
			
			<input type="submit" name="formSubmit" value="Submit" />
		</form>
		

</body>
</html>

Landslyde · March 2, 2015

Here's a bit of code from my client login page. It works.

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // First brace
	
   if (empty($_POST["uname"])) {
      $unameErr = "* Username is required";
   } else {
      $uname = test_input($_POST["uname"]);
      if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
         $unameErr = "* Letters and numerals only";
      }
   }
} // Last brace
?>

Barand · March 2, 2015

to get that error you would be trying to assign a value to a function call EG

if (trim($x)='') {

So what is the real code that is giving you that error?

Landslyde · March 2, 2015

the test_input function

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

cyberRobot · March 2, 2015

I tried it but got an error...

For some reason, you can't run the trim() function inside of empty(). Try something like this:

$_POST['formName'] = trim($_POST['formName']);
if(empty($_POST['formName']))
{

cobusbo · March 2, 2015

Here's a bit of code from my client login page. It works.

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // First brace
	
   if (empty($_POST["uname"])) {
      $unameErr = "* Username is required";
   } else {
      $uname = test_input($_POST["uname"]);
      if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
         $unameErr = "* Letters and numerals only";
      }
   }
} // Last brace
?>

Ok seems like this solved my problem, just one last question how would I go if I would like to allow one space between words like for example "Jon Snow"

cyberRobot · March 2, 2015

Ok seems like this solved my problem, just one last question how would I go if I would like to allow one space between words like for example "Jon Snow"

Are you looking to replace the extra spaces for the user? If so, there are many examples here:

https://www.google.com/webhp#q=php+replace+multiple+spaces+with+one

Barand · March 2, 2015

For some reason, you can't run the trim() function inside of empty(). Try something like this:

this worked ok for me

$x= ' ';
if (empty(trim($x))) {
    echo 'empty';
}

cyberRobot · March 2, 2015

this worked ok for me

$x= ' ';
if (empty(trim($x))) {
    echo 'empty';
}

Hmm...maybe it's just a bug in PHP 5.4.37. The above code produces a fatal error for me. However, it works in PHP 5.6.5. :shrug:

Ch0cu3r · March 2, 2015

Hmm...maybe it's just a bug in PHP 5.4.37. The above code produces a fatal error for me. However, it works in PHP 5.6.5.

Nope this was a change in PHP5.5.

Landslyde · March 2, 2015

To allow a space in the code I provided you:

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // First brace
	
   if (empty($_POST["uname"])) {
      $unameErr = "* Username is required";
   } else {
      $uname = test_input($_POST["uname"]);
      if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
         $unameErr = "* Letters and numerals only";
      }
   }
} // Last brace
?>

do this

if (!preg_match("/^[a-zA-Z0-9\s]*$/",$name)) {

Just add the '\s' Simple as that.

CroNiX · March 2, 2015

Sorry to be a stickler, but functions should be named for what they do. Your "test_input()" function does not test a thing and is misleading

Landslyde · March 2, 2015

I got it off an online tutorial. Live and learn

Ch0cu3r · March 3, 2015

I got it off an online tutorial. Live and learn

One on the many gems from w3schools :facewall:

Sign In

Whitespaces in forms problem

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information