phpanon Posted March 20, 2008 Share Posted March 20, 2008 Hello Everyone, there are error messages that display when the user leaves fields blank but at the moment the SQL query is still executed even though title, type and password are blank!?!? here is my code, any help with this would be brilliant.... <?php session_start(); if (isset($_SESSION['username']) == false){ header("Location: login.php"); exit(); } if (($_SESSION['type']) == 'user') { header("Location: AccessDenied.php"); exit(); } if (($_SESSION['type']) == 'manager') { header("Location: AccessDenied.php"); exit(); } require "connect.php"; $page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : ''; if ($page_mode == 'userADD') { $title = $_POST['title']; $fName = $_POST['fName']; $sName = $_POST['sName']; $jobRole = $_POST['jobRole']; $username = $_POST['username']; $password = $_POST['password']; $type = $_POST['type']; if($title == "Title") { $message1 = "* Please select the employees title"; } if($fName == "") { $message2 = "* Please enter the employees first name"; } if($sName == "") { $message3 = "* Please enter the employees surname"; } if($jobRole == "") { $message4 = "* Please enter the employees job role"; } if($username == "") { $message5 = "* Please enter the employees Username"; } if($password == "") { $message6 = "* Please enter the employees Password"; } if($type == "Access") { $message8 = "* Please enter the employees access level"; } if (is_numeric($fName)) { $message9 = "* Please ensure the Users firstname does not contain numbers"; } if (is_numeric($sName)) { $message10 = "* Please ensure the Users surname does not contain numbers"; } if (is_numeric($jobRole)) { $message11 = "* Please ensure the Users job role does not contain numbers"; } if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $username)) { $message13 = "* Please ensure the username is the persons email address"; } else if($title == !null || $fName == !null || $sName == !null || $jobRole == !null || $username == !null || $password == !null) { $username = mysql_real_escape_string($username); // protect against SQL attacks $fName = mysql_real_escape_string($fName); $sName = mysql_real_escape_string($sName); $jobRole = mysql_real_escape_string($jobRole); $query = "insert into employee values ('','".$title."','".$fName."','".$sName."','".$jobRole."','".$username."','".$password."', '".$type."','y')"; $result = mysql_query($query, $connection) or die ("Unable to perform query<br>$query"); $message7 = "The User ". basename ($username). " added successfully. "; $fName = ""; $sName = ""; $jobRole = ""; $username = ""; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Add User</title> <link rel="stylesheet" type="text/css" href="mystylelogin.css" /> <style type="text/css"> <!-- .style1 {color: #FF0000} --> </style> </head> <body> <?php include ("headerAdmin.php"); ?> <div id="Adminheader">Create User</div> <form action="userADD2.php" method="post"> <input type="hidden" name="page_mode" value="userADD"> <div id="AdminTable"> <table width="99%" border="0"> <hr /> <tr> <td width="13%">Title:</td> <td width="34%"><select name="title"> <option >Title</option> <option >Mr</option> <option >Mrs</option> <option >Ms</option> <option >Miss</option> </select></td> <td width="8%"><div align="right">*</div></td> <td width="14%">Username:</td> <td width="17%"><input name="username" type="text" value="<?php if (isset($username)) echo $username;?>" /></td> <td width="14%"> </td> </tr> <tr> <td> </td> <td><span class="style2 style1"> <?php if (isset($message1)) echo $message1; ?> </span></td> <td> </td> <td colspan="3"><span class="style2 style1"> <?php if (isset($message5)) echo $message5; if(isset($message13)) echo $message13; ?> </span></td> </tr> <tr> <td>First Name:</td> <td><input name="fName" type="text" value="<?php if (isset($fName)) echo $fName;?>" /></td> <td> </td> <td>Password:</td> <td><input name="password" type="password" /></td> <td> </td> </tr> <tr> <td> </td> <td><span class="style2 style1"> <?php if(isset($message2)) echo $message2; if(isset($message9)) echo $message9; ?> </span></td> <td> </td> <td colspan="3"><span class="style2 style1"> <?php if(isset($message6)) echo $message6; ?> </span></td> </tr> <tr> <td>Surname:</td> <td><input name="sName" type="text" value="<?php if (isset($sName)) echo $sName; ?>" /></td> <td> </td> <td>Access: </td> <td><select name="type"> <option >Access</option> <option >user</option> <option >admin</option> <option >manager</option> </select></td> <td> </td> </tr> <tr> <td> </td> <td><span class="style2 style1"> <?php if(isset($message3)) echo $message3; if(isset($message10)) echo $message10; ?> </span></td> <td> </td> <td colspan="3"><span class="style2 style1"> <?php if(isset($message8)) echo $message8; ?> </span></td> </tr> <tr> <td>Job Role:</td> <td><input type="text" name="jobRole" size="50" value="<?php if (isset($jobRole)) echo $jobRole; ?>" /></td> <td> </td> <td colspan="2"><h5>* Must be the users email address</h5></td> <td> </td> </tr> <tr> <td> </td> <td><span class="style2 style1"> <?php if(isset($message4)) echo $message4; if(isset($message11)) echo $message11; ?> </span></td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> <td><input name="Save" type="submit" value="Create User" /></td> <td> </td> </tr> <tr> <td> </td> <td><?php if(isset($message7)) echo $message7; ?></td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> </table> </div> </form> </body> </html> Thank you ??? Link to comment https://forums.phpfreaks.com/topic/97159-error-somewhere-in-if-loop/ Share on other sites More sharing options...
clown[NOR] Posted March 20, 2008 Share Posted March 20, 2008 what i do is that i make a error array if (empty($var)) { $error[] .= "Error message goes here"; } then i do this if (empty($error)) { execute sql code here } else { foreach ($error as $err) { echo "$err<br />"; } } Link to comment https://forums.phpfreaks.com/topic/97159-error-somewhere-in-if-loop/#findComment-497173 Share on other sites More sharing options...
phpanon Posted March 21, 2008 Author Share Posted March 21, 2008 hi, But I want the each error message placed specifcally on the page.rather than displaying all the messages in one place. Link to comment https://forums.phpfreaks.com/topic/97159-error-somewhere-in-if-loop/#findComment-497247 Share on other sites More sharing options...
phpanon Posted March 21, 2008 Author Share Posted March 21, 2008 Does anyone know why this is happening and how i can correct it?? Link to comment https://forums.phpfreaks.com/topic/97159-error-somewhere-in-if-loop/#findComment-497459 Share on other sites More sharing options...
BlueSkyIS Posted March 21, 2008 Share Posted March 21, 2008 you're else if is doing the opposite of what you intended. You're using double pipes, ||, which is OR. so if ANY of the conditions is true, the code is executed. You probably need to switch || to &&. to put the errors where they belong, just echo each error where it belongs in the HTML. if there is no error, nothing will appear there, but the error will appear where it belongs if there is an error. Link to comment https://forums.phpfreaks.com/topic/97159-error-somewhere-in-if-loop/#findComment-497516 Share on other sites More sharing options...
BlueSkyIS Posted March 21, 2008 Share Posted March 21, 2008 here is how i would change this piece of code: if ($page_mode == 'userADD') { $title = trim($_POST['title']); $fName = trim($_POST['fName']); $sName = trim($_POST['sName']); $jobRole = trim($_POST['jobRole']); $username = trim($_POST['username']); $password = trim($_POST['password']); $type = trim($_POST['type']); if($title == "Title") { $message1 = "* Please select the employees title"; } if($fName == "") { $message2 = "* Please enter the employees first name"; } if($sName == "") { $message3 = "* Please enter the employees surname"; } if($jobRole == "") { $message4 = "* Please enter the employees job role"; } if($username == "") { $message5 = "* Please enter the employees Username"; } if($password == "") { $message6 = "* Please enter the employees Password"; } if($type == "Access") { $message8 = "* Please enter the employees access level"; } if (is_numeric($fName)) { $message9 = "* Please ensure the Users firstname does not contain numbers"; } if (is_numeric($sName)) { $message10 = "* Please ensure the Users surname does not contain numbers"; } if (is_numeric($jobRole)) { $message11 = "* Please ensure the Users job role does not contain numbers"; } if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $username)){ $message13 = "* Please ensure the username is the persons email address"; } if ($title > "" && $fName > "" && $sName > "" && $jobRole > "" && $username > "" && $password > "") { $username = mysql_real_escape_string($username); // protect against SQL attacks $fName = mysql_real_escape_string($fName); $sName = mysql_real_escape_string($sName); $jobRole = mysql_real_escape_string($jobRole); $query = "insert into employee values ('','".$title."','".$fName."','".$sName."','".$jobRole."','".$username."','".$password."', '".$type."','y')"; $result = mysql_query($query, $connection) or die ("Unable to perform query<br>$query"); $message7 = "The User ". basename ($username). " added successfully. "; $fName = ""; $sName = ""; $jobRole = ""; $username = ""; } } Link to comment https://forums.phpfreaks.com/topic/97159-error-somewhere-in-if-loop/#findComment-497517 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.