Reputation: 1313
PHP - PDO - Form Validation - Insert statement gets executed even when errors exist
I didn't notice it until I finished the validation but I realized that even when my errors appear on top of my form box I then go to phpmyadmin and I look at the data, and even if I purposely added errors the form will be submitted.
Then my second problem including the one stated above, no matter what I do the student Id or "anum" is not posting. it continues to give me a "0" value in the students table in my database.
This is the entire code:
<?php
//Starting session
session_start();
// Validation starts here
if (empty($_POST) === false) {
$errors = array();
$anum = $_POST['anum'];
$first = $_POST['first'];
$last = $_POST['last'];
$why = $_POST['why'];
$comments = $_POST['comments'];
if (empty($anum) === true || empty($first) === true || empty($last) === true) {
$errors[] = 'Form is incomplete please revise it!';
} else {
if (ctype_alnum($anum) === false) {
$errors[] = 'A number can only consist of alphanumeric characters!';
}
if ((strlen($anum) < 9) && (strlen($anum)) > 9) {
$errors[] = 'A number is incorrect!';
}
if (ctype_alpha($first) === false) {
$errors[] = 'First mame must only contain alphabetical characters!';
}
if (ctype_alpha($last) === false) {
$errors[] = 'Last name must only contain alphabetical characters!';
}
if (empty($why))
$errors[] = 'Please make sure to select the proper reasoning for your vistit today!';
elseif ($why === 'Other') {
if (empty($comments))
$errors[] = 'Please explain the nature of your visit in the comments box!';
else {
if (strlen($comments) < 15)
$errors[] = 'Your explaination is short, please revise!';
if (strlen($comments) > 45)
$errors[] = 'Your explaintion is to long, please revise!';
}
}
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
// Validations ends here
$host = "localhost"; // Host name
$username = "root"; // Mysql username
$password = "testdbpass"; // Mysql password
$db_name = "test"; // Database name
// Connect to server via PHP Data Object
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$query = $dbh->prepare("INSERT INTO `students` (anum, FIRST, LAST, why, comments)
VALUES (:anum, :FIRST, :LAST, :why, :comments)");
$query->execute(
array(
'anum' => $_POST['anum'],
'first' => $_POST['first'],
'last' => $_POST['last'],
'why' => $_POST['why'],
'comments' => $_POST['comments']
));
} catch (PDOException $e) {
error_log($e->getMessage());
die($e->getMessage());
}
$dbh = null;
}
}
?>
<html>
<body>
<title>Student Signin Form</title>
<table width="300" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<?php
if (empty($errors) === false) {
echo '<h3>';
foreach ($errors as $error) {
echo '<center><li>', $error, '</li></center>';
}
echo '<h3>';
}
?>
<form action="" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<tr colspan="3">
<center></center>
<strong>Student Signin Form</strong></tr>
<p>Student ID Number: <input type="text" name="anum" <?php if (isset($_POST['anum']) === true) {
echo 'value="', $_POST['anum'], '"';
} ?> />
<p>First Name: <input type="text" name="first" <?php if (isset($_POST['first']) === true) {
echo 'value="', $_POST['first'], '"';
} ?> />
<p>Last Name: <input type="text" name="last" <?php if (isset($_POST['last']) === true) {
echo 'value="', $_POST['last'], '"';
} ?> />
<p>How may we help you? <select name="why"/>
<option value=""></option>
<option value="Appeal">Appeal</option>
<option value="Other">Other: Please specify the nature of your visit bellow</option>
</select>
</tr>
<br>
<P>If other please describe the issue you are having.</P>
<textarea rows="10" cols="50" name="comments" <?php if (isset($_POST['comments']) === true) {
echo 'value="', $_POST['comments'], '"';
} ?>></textarea>
<input type="submit" name="submit" value="Send"/>
</form>
</table>
</body>
</html>
Upvotes: 0
Views: 5159
Answers (2)
Reputation: 1313
After more digging up and more understanding of what I was actually doing (the wrong way) I came up with my solution. Pretty much I had to make it so that the Mysql insert statements were a part of the error validation not stand-a-lone. If you look at my prior code the PDO statements had no real place in the code, it was just there. The cause of this was
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
What this was doing was even if there were errors I had to still redirect to the "signedin.php" that is not the desired affect. What had to be done was first change it from false to true.
if (empty($errors) === true) {
header('location: signedin.php');
exit();
}
Then after doing so you must then input your PDO statements in between the {}.
So then what this means is that if the script has picked up errors it will NOT run the PDO insert.
However if it is TRUE that there are no errors it will run the insert script with a error check for that script, then if it inserts correctly it will then redirect the user to the next page.
Example :
if (empty($errors) === true)
{
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="testdbpass"; // Mysql password
$db_name="test"; // Database name
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try
{
$query = $dbh->prepare("INSERT INTO `students` (anum, first, last, why, comments)
VALUES (:anum, :first, :last, :why, :comments)");
$query->execute(
array(
'anum' => $_POST['anum'],
'first' => $_POST['first'],
'last' => $_POST['last'],
'why' => $_POST['why'],
'comments' => $_POST['comments']
));
}
catch (PDOException $e)
{
error_log($e->getMessage());
die($e->getMessage());
}
$dbh = null;
header('location: signedin.php');
exit();
}
Hopefully some one will find this of any use.
Upvotes: 1
Reputation: 197554
Well it looks like you are writing some code without actually testing it if it works or not. Take a look for example at these lines (around ca. line 50):
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
You are filling the $errors array with error messages. Then you're doing the redirect if there were errors. Doesn't make sense because this does also remove the error messages.
Upvotes: 0
Related Questions
- PHP PDO does not throw exception on duplicate key insert
- PHP PDO MySQL: Insert statement runs without error, no insert occurs
- PDO INSERT statement silently failing
- PHP PDO insert operation failing
- PDO Insert doesn't work, but other yes
- PDO Insert SQL not executing with no errors
- PHP PDO Mysql Insert fails, throws no exception or error
- insert form data with PDO not work
- Why PDO Exception Error Not Caught?
- PDO Insert Doesn't Throw Error or Insert Form Data