PHP, display message if one or more fields is empty

Question

What I want is to show the error (message), only if the user do a false action. For example, if the field is empty, it will show (Please fill all the fields). I've already done that, but the problem that I have is that it shows also if the user enter to the page for the first time, meaning it does NOT respects the (if condition) that I have written !

The question :

How to show the message only if one of the fields is empty ?

Any ideas on how I can solve it ?

Here is my code :

   <?
   $conn = mysqli_connect('localhost', 'db', 'db_pass', 'db_name') or die("Error " . mysqli_error($conn)); 
   $email = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
   $old_password = trim($_POST['old_pass']);
   $new_password = trim($_POST['new_pass']);
   $email = mysqli_real_escape_string($conn,$email);
   $old_password = mysqli_real_escape_string($conn,$old_password);
   $new_password = mysqli_real_escape_string($conn,$new_password);
   if(empty($email) || empty($old_password) || empty($new_password)){
   echo 'Please fill all the fields !<br>';
   }
   else{
   $sql="UPDATE users SET pass='$new_password' WHERE email='$email' AND pass='$old_password'" or     die("Error " . mysqli_error($conn));
   $result = mysqli_query($conn,$sql);
   mysqli_close($conn);
   }
   if($result){
   echo'Password changed successfully !';
   }
   elseif(!$result) {
   echo 'The email/password you provided is false !';
   }
   ?>

Answer 1

Validation of any form happens in the "action" file within a condition i.e. the validation should be subjected to the event of user clicking the submit button. For this to work you should check that

  1. Your form has a submit button with a name property set to say submit (can be anything)

eg: <input type="submit" name="submit" id="someid" value="Submit" />

  2. The form must have action property pointing to a processor file

eg: <form action = "somefile.php" method = "post">

  3. In the somefile.php file the validation code must be within a condition which checks for the event of form been submited

eg://somefile.php

<?php
  if(isset($_POST['submit']{
      //all the validation code goes here
  }else{
  //for a single page form and validation
  // the code for displaying the form can go here
?>

Answer 2

The solution is to check for a variable that you know will always be set if the form is submitted, usually the submit button. For example, if your form ends like this:

  ... 
  <input type="submit" name="change_password" value="Change password" />
</form>

then in the PHP code you could check

if(isset($_POST['change_password'])) {
  // The submit button was in the POSTed data, so this is a form submit
} else {
  // This is a new page load
}

Alternatively, if you are POSTing the data, you can check which HTTP method was used to call the form:

if($_SERVER['REQUEST_METHOD'] == 'POST') {
  // Form was posted
} else {
  // $_SERVER['REQUEST_METHOD'] == 'GET'
}

The pattern I commonly use is:

$showForm = true;
if( is_form_postback() ) { 
  if( data_is_valid() ) {
    redirect_to_thank_you_page();
  } else {
    show_validation_errors();
    $showForm = false;
  }
}

if($showForm) {
  // Print the form, making sure to set the value of each input to the $_POSTed value when available.
}

Answer 3

I suggest you to do this:

• First define a variable with plain $_POST[] for eg $name = $_POST['name'];
• Then, check if all the vatiables you've define are empty or not.
• Lastly, Use escape_string() or whatever you want.