if(empty($_POST['txtEmail']))
{
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$page='SignUp.php';
header('Location:'.$page);
}
else
{
$page='SignUp.php?emptyusr=1';
header('Location:'.$page);
}
ElaineTeo 0 Newbie Poster
broj1 356 Humble servant Featured Poster
Syntacticaly code is OK. What error do you get? What do you want to achieve?
jstfsklh211 79 Light Poster
please post more detail
ElaineTeo 0 Newbie Poster
if(empty($_POST['txtEmail']))
{
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$page='SignUp.php';
header('Location:'.$page);
}
else
{
$page='SignUp.php?emptyusr=1';
header('Location:'.$page);
}
if (isset($_REQUEST['emptyusr']))
{
echo "<font color=red>Please fill in email</font>";
}
If the filed is blank, should be cant add into database and will show msg "Please fill in email".. But I still can add data into database and din show and error msg... Thank for help...
ericnmk80 0 Newbie Poster
if(empty($_POST['txtEmail']))
I think you should make the first line to check as NOT EMPTY like this:-
if ($_POST['txtEmail'] != "")
Try and see... Please let me know if it didn't help. Thanks
ericnmk80 0 Newbie Poster
And this Block of code should be in another PHP file called "Signup.php". Not over here...
if (isset($_REQUEST['emptyusr']))
{
echo "<font color=red>Please fill in email</font>";
}
Please try and see if it helps....
Thanks
ElaineTeo 0 Newbie Poster
Yes, I already change to
if ($_POST['txtEmail'] != "")
But still the same... Din show any error msg..
if (isset($_REQUEST['emptyusr'])){echo "<font color=red>Please fill in email</font>";}
Ya, this code is inside SignUp.php
broj1 356 Humble servant Featured Poster
I do not understand why you run the query if the field is blank. What is the $sql query? Maybe you should negate the condition (if $_POST['txtEmail'] is not empty then...):
if(!empty($_POST['txtEmail']))
You actually have to tell what to achieve or maybe post the whole script.
ElaineTeo 0 Newbie Poster
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$_POST[txtEmail]','$_POST[txtPassword]','$_POST[txtRePassword]','$_POST[txtFirstName]','$_POST[txtLastName]','$_POST[cboNationality]','$_POST[cboGender]')";
if ($txtEmail != '')
{
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$page='SignUp.php';
header('Location:'.$page);
}
else
{
$page='SignUp.php?emptyusr=1';
header('Location:'.$page);
}
if($_POST['txtPassword'] == $_POST['txtRePassword'])
{
//Passwords Matched, so proceed with code
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$page='SignUp.php';
header('Location:'.$page);
}
else
{
$page='SignUp.php?wrongpwd=1';
header('Location:'.$page);
}
mysql_close($con)
broj1 356 Humble servant Featured Poster
Sorry to keep you waiting so long for reply, I've been away.
You have an error in your SQL statement. The associative indexes of the $_POST array have to be enclosed in quotes and in addition to that $_POST elements have to be enclosed in curly braces since they are composite variables. So the correct syntax for the query would be:
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('{$_POST['txtEmail']}','{$_POST['txtPassword']}','{$_POST['txtRePassword']}','{$_POST['txtFirstName']}','{$_POST['txtLastName']}','{$_POST['cboNationality']}','{$_POST['cboGender']}')";
But there is a better and safer way. Firstly it is a very bad idea to include values form POST directly to your query without cleaning them first. Someone can input a SQL injection code in one of your textboxes and run her query with bad intentions on your database. So you better clean the values first (at least escape them using i.e. mysql_real_escape_string - http://php.net/manual/en/function.mysql-real-escape-string.php). Secondly using quotes and curly braces as above is correct but can lead to errors. So better, safer and cleaner approach would be:
// clean values, I used trim and mysql_real_escape_string,
// you can also use filters or your functions, also depending on values
$txtEmail = mysql_real_escape_string(trim($_POST['txtEmail']), $con);
$txtPassword = mysql_real_escape_string(trim($_POST['txtPassword']), $con);
$txtRePassword = mysql_real_escape_string(trim($_POST['txtRePassword']), $con);
$txtFirstName = mysql_real_escape_string(trim($_POST['txtFirstName']), $con);
$txtLastName = mysql_real_escape_string(trim($_POST['txtLastName']), $con);
$cboNationality = mysql_real_escape_string(trim($_POST['cboNationality']), $con);
$cboGender = mysql_real_escape_string(trim($_POST['cboGender']), $con);
// use clean values in the query
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$txtEmail','$txtPassword','$txtRePassword','$txtFirstName','$txtLastName','$cboNationality','$cboGender')";
broj1 356 Humble servant Featured Poster
Another error (and probably the main reason to not working) is in line 7 of your code:
if ($txtEmail != '')
$txtEmail has probably not been declared yet. You probably meant $POST['txtEmail'].
ElaineTeo 0 Newbie Poster
Thank you.. Your suggestion is great!!
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.