php validation correct but allowing data entry even when flagged .

Could you explain more clearly because it is hard to understand what you are asking for. From what I can tell you want to check if all values in $_POST are not empty. If that is correct then you would use the following.

if ((!empty($_POST['hour']) || $_POST['hour']===0) && (!empty($_POST['minute'])  || $_POST['minute']===0)) {

And remember to add the rest of the post variables.

Could you explain more clearly because it is hard to understand what you are asking for. From what I can tell you want to check if all values in $_POST are not empty. If that is correct then you would use the following.

if ((!empty($_POST['hour']) || $_POST['hour']===0) && (!empty($_POST['minute'])  || $_POST['minute']===0)) {

And remember to add the rest of the post variables.

Ok, you got part of what i am trying to say. if you look at the if else statement and switch/case code block, you will see that it does a couple of test then echos the correct error message. So if the validation is set to test if a variable is empty, a flag is raised and stops any data going into the DB. Now, that works correcty error messages are being raised. Now, the problem is it only stops two values , one from $age the other from $nofl which holds int values. the rest goes into the DB even if flags are raised as being empty, thats why i have posted only this segment of code because thats where the problem is located. I hope this clarifys my problem.

Do you mean that if age=0 should pass true well the reason why it currently doesn't is because of a bug or feature in the empty function. The work around is as follows.

if (empty($_POST['age']) || $_POST['age']===0) {

Do you mean that if age=0 should pass true well the reason why it currently doesn't is because of a bug or feature in the empty function. The work around is as follows.

if (empty($_POST['age']) || $_POST['age']===0) {

$age isn't a problem nor is $nofl to validate or flag just the rest. if you look at the comments that i have written it should explain more.
If i have a bug would downloading and re-installing xampp again help? or may be there is a patch i could download? Thanks.

if (empty($_POST['age']) )  // int value. Validates correctly and returns to page
    {
      header("Location: " . $config_basedir . "/newitem.php?error=age");
    } 
    if (empty($_POST['grade']) )      // string
    {
      header("Location: " . $config_basedir . "/newitem.php?error=grade");
    } 
    if (empty($_POST['style']) )      // string
    {
      header("Location: " . $config_basedir . "/newitem.php?error=style");
    } 
    if (empty($_POST['nofl']) )      // int value. Validates correctly and returns to page
    {
     header("Location: " . $config_basedir . "/newitem.php?error=nofl");
    } 
    if (empty($_POST['adres']) || $_POST['adres']==" ")      // string value. Validates correctly and returns to page but allows value of 
// the above variables to go into DB, this shou;d not happen.
    {
     header("Location: " . $config_basedir . "/newitem.php?error=adres");
    }
}

else {
	require("header.php");
?>
	<table  width="447"class="abc">   
	<strong>Step 1- Add your project details. </strong> 
</table>
<?php    // All messages flags correctly
switch($_GET['error']) {                
	case "date":
echo "<strong>Invalid date - please choose another!</strong>";
	break;
	case "age": // flags as empty
echo "<strong>Invalid age - please enter the age of the property!</strong>";
	break;
	case "grade": // flags as empty
echo "<strong>Invalid grade - please enter the grade of the property!</strong>";
	break;
	case "style": // flags as empty
echo "<strong>Invalid style - please enter the style of the property!</strong>";
	break;
	case "nofl": // flags as empty
	echo "<strong>Invalid nofl - please enter the nofl of the property!</strong>";
	break;
	case "adres": // flags as empty
	echo "<strong>Invalid nofl - please enter the adres of the property!</strong>";
	break;
}
?>

Do you mean when you input empty strings or strings only containing spaces then it should pass. Then I would suggest using the isset() function instead of the empty() function at problem areas.

Do you mean when you input empty strings or strings only containing spaces then it should pass. Then I would suggest using the isset() function instead of the empty() function at problem areas.

I mean if the adres textfield is empty, there is nothing in it, it is completely blank. and the rest of the textfields are not empty, there is some type of value in the textfield waiting to be submitted into the DB. an error message is flagged identifying that the adres textfield is empty,blank. I am then re-directed back to the form page to re-enter the missing value in the adres textfield. this happens but the values including the blank ,empty space still goes into the DB. This should not happen because the textfield was flagged as empty, nothing should go into the DB.

isset() doesn't work. I don't know what else to try.

if(!isset($adres) || $adres == "")  
{                  		
 header("Location: " . $config_basedir . "/newitem.php?   error=adres"); 
}

.

Try the following

if(isset($adres) || $adres == "")  
{                  		
 header("Location: " . $config_basedir . "/newitem.php?   error=adres"); 
}

Try the following

if(isset($adres) || $adres == "")  
{                  		
 header("Location: " . $config_basedir . "/newitem.php?   error=adres"); 
}

error message comes up. which it should do. but still creates a new row in DB with empty field.

if(isset($adres) || $adres == "")  {                  		 header("Location: " . $config_basedir . "/newitem.php?   error=adres"); }if(isset($adres) || $adres == "")  
{                  		
 header("Location: " . $config_basedir . "/newitem.php?   error=adres"); 
}

Could you post the file with your insert mysql querys because at the moment it is like if I'm blindfolded not being able to see the related code. I suspect you will need to add an if statement around your mysql query.

Could you post the file with your insert mysql querys because at the moment it is like if I'm blindfolded not being able to see the related code. I suspect you will need to add an if statement around your mysql query.

This is everything

<?php
session_start();
     
require("config.php");
require("functions.php");
                                          
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);

$propertytype = $POST['propertytype'];
$age = $_POST['age'];  
$style = $_POST['style']; 
$nofl = $_POST['nofl'];      
$address = $_POST['address'];

if(isset($_SESSION['USERNAME']) == FALSE) {
header("Location: " . $config_basedir . "/login.php?ref=newitem");
}      
 
if(isset($_POST['submitted'])) { 
$validdate = checkdate($_POST['month'], $_POST['day'], $_POST['year']
); 
   
 if($validdate == TRUE) {
$concatdate = $_POST['year']
. "-" . sprintf("%02d", $_POST['month'])
. "-" . sprintf("%02d", $_POST['day'])  			
. " " . $_POST['hour']
. ":" . $_POST['minute']
. ":00";
   
$itemsql = "INSERT INTO items(user_id,propertytype,age,grade,style,nofl,address,startingprice,dateends)
 VALUES
(
". $_SESSION['USERID'].
 ",'" . addslashes($_POST['propertytype'])	
. "', " . $_POST['age'] 
. ", '" . addslashes($_POST['grade']) 
. "', '" .addslashes( $_POST['style'])
 . "', " . $_POST['nofl']	
. ",'" . addslashes($_POST['address']) 
. "', " . $_POST['startingprice'] 
. ", '" . $concatdate	
. "');";
mysql_query($itemsql);
$itemid = mysql_insert_id();
 header("Location: " . $config_basedir . "/addimages.php?id=" . $itemid);   
       
}
else 
{
header("Location: " . $config_basedir . "/newitem.php?error=date");
}
                     
 if (empty($_POST['age']))
  {                  		
 header("Location: " . $config_basedir . "/newitem.php?error=age"); 
 } 
if (empty($_POST['nofl']))
  {                  		
 header("Location: " . $config_basedir . "/newitem.php?error=nofl"); 
 	     
  } 
 if (empty($_POST['address']))
  {                  		
 header("Location: " . $config_basedir . "/newitem.php?error=address"); 
}
}
     
else {
	require("header.php");
?>             
<?php    
	switch($_GET['error']) {
	
	case "date":
	echo "<strong>Invalid date - please choose another!</strong>";
	break;
                case "age":   
	echo "<strong>Please provide age of property!</strong>";
	break;
	case "nofl":
	echo "<strong>Please provide number of floor levels!</strong>";
	break;
               case "address":
               echo "<strong>Please provide address of property!</strong>";
	break; 
	    
			
}	      
?>                         
 
<table  width="447"class="abc"> 
  
<strong>Step 1- Add your project details. </strong>

</table>                               // content of pf_script_with_get($SCRIPT_NAME) if at the bottom
<form name="myform"action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post">  
  <table width="347" class="table1">   
<tr>
    <td>Property type</td>
<td>
<select name="propertytype">
  <option>Detached</option>
  <option>Semi-Detached</option>
  <option>Flat / Appartment</option>
</select>
</tr>
<tr>
<td width="180">Property age</td>
<td ><input type="text"name="age"id="age"value="0"onfocus="clearMe(this)"/></td>
</tr>
<tr>
<td>Property grade listing</td>
<td>
<select name="grade">
 <option>NONE</option>
   <option>Heritage/option>
</select>
</tr>
<tr>
<td>Style</td>
<td>
<select name="style">
  <option>Contemporary</option>
  <option>Periodic</option> 				  <option>Not sure</option>
</select>
</tr>
<tr>
<td>Number of floor level(s)</td>
<td><input type="text" name="nofl" id="nofl"value="0" onfocus="clearMe(this)"></td>
</tr>
</table>
<table width="360" class="table2">
<tr>
<td width="190">Address</td>
<td><input type="text" name="address" id="address"value="address" onfocus="clearMe(this)"></td>
</tr>
<tr>
</table>
<table  width="347" class="table37">
<tr>
   <td width="180">Closing date</td>
  <td>
<table >
			<tr >
				<td>Day</td>
				<td>Month</td>
				<td>Year</td>
				<td>Hour</td>
				<td>Minute</td>
			</tr>
			<tr>
				<td>
				<select name="day">
				<?php
					for($i=1;$i<=31;$i++) {
						echo "<option>" . $i . "</option>";
					}
				?>
				</select>
				</td>
				<td>
				<select name="month">
				<?php
					for($i=1;$i<=12;$i++) {
						echo "<option>" . $i . "</option>";
					}
				?>
				</select>
				</td>
				<td>
				<select name="year">
				<?php
					for($i=2010;$i<=2020;$i++) {
						echo "<option>" . $i . "</option>";
					}
				?>
				</select>
				</td>
				<td>
				<select name="hour">
				<?php
					for($i=0;$i<=23;$i++) {
						echo "<option>" . sprintf("%02d",$i) . "</option>";
					}
				?>
				</select>
				</td>
				<td>
				<select name="minute">
				<?php
					for($i=0;$i<=60;$i++) {
						echo "<option>" . sprintf("%02d",$i)  . "</option>";
					}
				?>
				</select>
				</td>
			</tr>
		</table>
		</td>
	</tr>
	<tr>
		<td>Cost</td>
		<td><?php echo $config_currency; ?><input type="text" name="startingprice" id="startingprice"value="000.00"onfocus="clearMe(this)"></td>
	</tr>
	<tr>
		<td></td>
		<td><input type="submit" name="submitted" value="Post!"></td>
	</tr>
	</table>
	</form>

<?php
 }
require("footer4.php");

?>

// contained in the require("header.php");
<?php

	session_start();

	require("config.php");
	
	$db = mysql_connect($dbhost, $dbuser, $dbpassword);
	mysql_select_db($dbdatabase, $db);


?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
	<title><?php echo $config_sitename; ?></title>
	<link rel="stylesheet" href="stylesheet.css" type="text/css" />
</head>
<body>
<div id="header">
<h1>Site name</h1>
</div>
<div id="menu">
<a href="index.php">Home</a> &bull;
<?php

if(isset($_SESSION['USERNAME']) == TRUE) {
	echo "<a href='logout.php'>Logout</a> &bull;";
}
else {
	echo "<a href='login.php'>Login</a> &bull;";
}

?>

<a href="newitem.php">New Item</a>
</div>
<div id="container">
<div id="bar">
	<?php require("bar.php"); ?>
</div>
<div id="main">

// contained in the require("config.php");
<?php

$dbhost = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbdatabase = "seller";

// Add your name below
$config_admin = "";
$config_adminemail = "";

// Add the location of your seller below
$config_basedir = "http://localhost/site/seller/";

// The currency used on the seller site
$config_currency = "£";
?>
// contained in the require("function.php");
<?php

function pf_script_with_get($script) {
	$page = $script;
	$page = $page . "?";
	
	foreach($_GET as $key => $val) {
		$page = $page . $key . "=" . $val . "&";  
	}
	
	return substr($page, 0, strlen($page)-1);
}

function pf_validate_number($value, $function, $redirect) {
	if(isset($value) == TRUE) {
		if(is_numeric($value) == FALSE) {
			$error = 1;
		}
	
		if($error == 1) {
			header("Location: " . $redirect);
		}
		else {
			$final = $value;
		}
	}
	else {
		if($function == 'redirect') {
			header("Location: " . $redirect);
		}
		
		if($function == "value") {
			$final = 0;
		}
	}
	
	return $final;
}
?>

On what line in your script is your mysql_query('INSERT...'); That is where the problem lies. Around that mysql query you should have the following

if (!isset($_GET['error'])) {
mysql_query('INSERT...');
}

On what line in your script is your mysql_query('INSERT...'); That is where the problem lies. Around that mysql query you should have the following

if (!isset($_GET['error'])) {
mysql_query('INSERT...');
}

You mean something like this.

if(isset($_POST['submitted'])) 
 { 
 $validdate = checkdate($_POST['month'], $_POST['day'], $_POST['year']);   
 if($validdate == TRUE) {$concatdate = $_POST['year']
 . "-" . sprintf("%02d", $_POST['month'])
 . "-" . sprintf("%02d", $_POST['day'])  			
 . " " . $_POST['hour']
 . ":" . $_POST['minute']
 . ":00"; 
 
 $itemsql = "INSERT INTO items(user_id,propertytype,age,grade,style,nofl,address,startingprice,dateends) 
 VALUES(". $_SESSION['USERID']
 . ",'" . addslashes($_POST['propertytype'])	
 . "', " . $_POST['age'] 
 . ", '" . addslashes($_POST['grade']) 
 . "', '" .addslashes( $_POST['style']) 
 . "', " . $_POST['nofl']	
 . ",'" . addslashes($_POST['address']) 
 . "', " . $_POST['startingprice'] 
 . ", '" . $concatdate	. "');";

 // From your suggestion

if (!isset($_GET['error'])) {
 mysql_query($itemsql);
}
 $itemid = mysql_insert_id(); 
 
 header("Location: " . $config_basedir . "/addimages.php?id=" . $itemid);    
 }
 else 
 {
 header("Location: " . $config_basedir . "/newitem.php?error=date");
 }
 }

On what line in your script is your mysql_query('INSERT...'); That is where the problem lies. Around that mysql query you should have the following

if (!isset($_GET['error'])) {
mysql_query('INSERT...');
}

Doesn't work.

if (!isset($_GET['error'])) {
 mysql_query($itemsql); 
 $itemid = mysql_insert_id();	
} 
// Nor does this work 
if (!isset($_GET['error'])) {
 mysql_query($itemsql); 	
}

Then it means you have "error=<something>" in the url. Try removing that then the problem should be solved.

Doesn't work.

if (!isset($_GET['error'])) {
 mysql_query($itemsql); 
 $itemid = mysql_insert_id();	
} 
// Nor does this work 
if (!isset($_GET['error'])) {
 mysql_query($itemsql); 	
}

Then it means you have "error=<something>" in the url. Try removing that then the problem should be solved.

Got it working, thanks for your time.