Jump to content

Whitespaces in forms problem


cobusbo
Go to solution Solved by Landslyde,

Recommended Posts

Hi I'm currently developing a register page within my form I want the user to specify a name. The problem I curently have is when a user press the spacebar and submit hes name it gets accepted.

<?php
	if($_POST['formSubmit'] == "Submit") 
    {
		$errorMessage = "";
		
		if(empty($_POST['formName'])) 
        {
			$errorMessage .= "<li>You forgot to enter a name!</li>";
		}
	if($_POST['formName'] == " ") 
    {
		$errorMessage = "<li>You cant insert an empty field!</li>";
}
        
		$varName = trim($_POST['formName']);
$nick = urldecode($_SERVER['HTTP_X_MXIT_NICK']);
$phone = urldecode($_SERVER["HTTP_X_DEVICE_USER_AGENT"]);
$ip = $_SERVER["HTTP_X_MXIT_USERID_R"];
if(!isset($phone))
{
	$phone = "Other";

}
if(!isset($ip))
{
	$ip = "Debater";

}

		if(empty($errorMessage)) 
        {
			$db = mysql_connect("***********","******","*****");
			if(!$db) die("Error connecting to MySQL database.");
			mysql_select_db("********" ,$db);

			$sql = "INSERT INTO Users2 (Username, mxitid, nick, phone) VALUES (" .
							PrepSQL($varName) . ", ". PrepSQL($ip) . ", " . PrepSQL($nick) . ", " . PrepSQL($phone) . ")";
			mysql_query($sql);
			
			header("Location: thankyou.html");
			exit();
		}
	}
            
    // function: PrepSQL()
    // use stripslashes and mysql_real_escape_string PHP functions
    // to sanitize a string for use in an SQL query
    //
    // also puts single quotes around the string
    //
    function PrepSQL($value)
    {
        // Stripslashes
        if(get_magic_quotes_gpc()) 
        {
            $value = stripslashes($value);
        }

        // Quote
        $value = "'" . mysql_real_escape_string($value) . "'";

        return($value);
    }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title>PHP Form processing example</title>
<!-- define some style elements-->
<style>
label,a 
{
	font-family : Arial, Helvetica, sans-serif;
	font-size : 12px; 
}

</style>	
</head>

<body>

       <?php
		    if(!empty($errorMessage)) 
		    {
			    echo("<p>There was an error with your form:</p>\n");
			    echo("<ul>" . $errorMessage . "</ul>\n");
            }
        ?>

		<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
			
			<p>
				<label for='formName'>What is your name?</label><br/>
				<input type="text" name="formName" maxlength="50" value="<?=$varName;?>" />
			</p>
			
			<input type="submit" name="formSubmit" value="Submit" />
		</form>
		
<p>
<a href='http://www.html-form-guide.com/php-form/php-form-processing.html'
>'PHP form processing' article page</a>
</p>

</body>
</html>

As you can see I added

if($_POST['formName'] == " ") 
    {
		$errorMessage = "<li>You cant insert an empty field!</li>";
}

This works if the person only typed a whitespace(spacebar) once but if the person types it more then once it gets accepted again. Any help?

Link to comment
Share on other sites

try

 

if(empty(trim($_POST['formName'])))

I tried it but got an error

 

 

Fatal error: Can't use function return value in write context in..... line 6

Here is my current code.

<?php
	if($_POST['formSubmit'] == "Submit") 
    {
		$errorMessage = "";
		
if(empty(trim($_POST['formName'])))
        {
			$errorMessage .= "<li>You forgot to enter a name!</li>";
		}

        
		$varName = trim($_POST['formName']);
$nick = urldecode($_SERVER['HTTP_X_MXIT_NICK']);
$phone = urldecode($_SERVER["HTTP_X_DEVICE_USER_AGENT"]);
$ip = $_SERVER["HTTP_X_MXIT_USERID_R"];
if(!isset($phone))
{
	$phone = "Other";

}
if(!isset($ip))
{
	$ip = "Debater";

}

		if(empty($errorMessage)) 
        {
			$db = mysql_connect("********","*******","***********");
			if(!$db) die("Error connecting to MySQL database.");
			mysql_select_db("*******" ,$db);

			$sql = "INSERT INTO Users2 (Username, mxitid, nick, phone) VALUES (" .
							PrepSQL($varName) . ", ". PrepSQL($ip) . ", " . PrepSQL($nick) . ", " . PrepSQL($phone) . ")";
			mysql_query($sql);
			
			header("Location: thankyou.html");
			exit();
		}
	}
            
    // function: PrepSQL()
    // use stripslashes and mysql_real_escape_string PHP functions
    // to sanitize a string for use in an SQL query
    //
    // also puts single quotes around the string
    //
    function PrepSQL($value)
    {
        // Stripslashes
        if(get_magic_quotes_gpc()) 
        {
            $value = stripslashes($value);
        }

        // Quote
        $value = "'" . mysql_real_escape_string($value) . "'";

        return($value);
    }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title>PHP Form processing example</title>
<!-- define some style elements-->
<style>
label,a 
{
	font-family : Arial, Helvetica, sans-serif;
	font-size : 12px; 
}

</style>	
</head>

<body>

       <?php
		    if(!empty($errorMessage)) 
		    {
			    echo("<p>There was an error with your form:</p>\n");
			    echo("<ul>" . $errorMessage . "</ul>\n");
            }
        ?>

		<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
			
			<p>
				<label for='formName'>What is your name?</label><br/>
				<input type="text" name="formName" maxlength="50" value="<?=$varName;?>" />
			</p>
			
			<input type="submit" name="formSubmit" value="Submit" />
		</form>
		

</body>
</html>
Link to comment
Share on other sites

Here's a bit of code from my client login page. It works.

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // First brace
	
   if (empty($_POST["uname"])) {
      $unameErr = "* Username is required";
   } else {
      $uname = test_input($_POST["uname"]);
      if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
         $unameErr = "* Letters and numerals only";
      }
   }
} // Last brace
?>
Link to comment
Share on other sites

 

Here's a bit of code from my client login page. It works.

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // First brace
	
   if (empty($_POST["uname"])) {
      $unameErr = "* Username is required";
   } else {
      $uname = test_input($_POST["uname"]);
      if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
         $unameErr = "* Letters and numerals only";
      }
   }
} // Last brace
?>

Ok seems like this solved my problem, just one last question how would I go if I would like to allow one space between words like for example "Jon Snow"

Link to comment
Share on other sites

  • Solution

To allow a space in the code I provided you:

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // First brace
	
   if (empty($_POST["uname"])) {
      $unameErr = "* Username is required";
   } else {
      $uname = test_input($_POST["uname"]);
      if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
         $unameErr = "* Letters and numerals only";
      }
   }
} // Last brace
?>

do this

if (!preg_match("/^[a-zA-Z0-9\s]*$/",$name)) {

Just add the '\s'  Simple as that.

 

  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.