Problem on notifying/alerting the user if the textbox is empty

Question

RascelleGrepo 0 Newbie Poster

10 Years Ago

I am having a problem on notifying the user when he/she submit a empty form. When I submit an empty form, the system doesn't notify or alert the user that the form is empty. And when I put a title and I leave the content textbox empty its still add to the database and notify that it successfully added. Same goes when I leave the title textbox empty. The two textboxes should have contain texts before submitting. Here is my code...

<?php

        extract($_POST);
        if($submit=='submit' || strlen($service_name)>0 )
        {
            $rs=mysql_query("select * from tblservices where service_name='$service_name'");
            if (mysql_num_rows($rs)>0)
            {
                echo '<div class="n_error"><p>Opps! Service Already Exist.</p></div>';
                echo '<button type="submit" href="add_service.php">Try again.</button>';
                exit;
            }
        mysql_query("insert into tblservices(service_name, service_content) values ('$service_name', '$service_content')") or die(mysql_error());
            echo '<div class="n_ok"><p>Success! Service has been added.</p></div>';

        $submit="";
        }
        ?>

                    <form method="post">
                    <div class="element">
                        <label for="service_name">Service Title <span class="red">(required)</span></label>
                        <input name="service_name" id="service_name" type="text" class="text err" />
                    </div>

                    <div class="element">
                        <label for="content">Page content <span class="red">(required)</span></label>
                        <textarea name="service_content" id="service_content" class="textarea" rows="10"></textarea>
                    </div>
                    <div class="entry">
                        <button type="submit">Preview</button> <button type="submit" class="add">Save page</button> <button class="cancel">Cancel</button>
                    </div>
                </form>

Please, help me. Advance Happy new year.. :D

mysql php

3 Contributors
4 Replies
260 Views
5 Days Discussion Span
Latest Post 10 Years Ago Latest Post by RascelleGrepo

broj1 356 Humble servant

10 Years Ago

@broj1 sorry, I didn't saw your answer, bye!

No worries, mate. Two answers are better than one :-)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

broj1 356 Humble servant Featured Poster · Answer 1 · 2013-12-29T19:16:26+00:00

Your condition is wrong since it checks if either submit is set (which always is after submitting) or $service_name has some text. The condition is always true and the values are inserted (if they do not exist). The correct condition would be using && (and):

if($submit=='submit' && strlen($service_name) > 0 && strlen($service_content > 0)) {
    ...
}

or a bit simpler one (without using slow-performing strlen):

if($submit=='submit' && $service_name != '' && $service_content != '') {
    ...
}

And I have to take your attention to two more things not related to your question but quite important:

do not insert user input you received from a web form directly into database without cleaning it first! Bad guys (and gals) might enter a nasty sql into an input or textarea fields and you will transfer that politely and directly to your database server. It is called an sql injection. To fight against it you have to at least clean the user input by disabling characters that are potentionally dangerous (especially the ' which is the pandora's box opener). You do that by escaping user input string using mysql_real_escape_string function. You can add to that some black / white listing and other checking and validating methods.

mysql_query("insert into tblservices(service_name, service_content) values ('" . mysql_real_escape_string($service_name) . "', "' . mysql_real_escape_string($service_content) . "')") or die(mysql_error());
You use mysql extension to handle database related stuff. This extension is old and is about to be kicked out of this world. If you can, switch to mysqli or PDO as soosn as possible to be on the safer side.

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 2 · 2013-12-29T19:23:01+00:00

Change the IF statement to:

if($submit == 'submit' && strlen($service_name) > 0 && strlen($service_content) > 0)

@broj1 sorry, I didn't saw your answer, bye!

RascelleGrepo 0 Newbie Poster · Answer 3 · 2014-01-03T18:43:03+00:00

Thank you.. for some reason, the and(&&) doesnt work. That's why i chose to use or(||). Anyways, I already fixed it. Thank youuu again. :D happy new year. :D