CODEWITHSUNDEEP
php
Benny
Benny

Reputation: 3

A text form field needs to be required

I've been struggling to have a text form field required. So when some one doesn't fill his name he will receive an error like 'No title filled!'

I got this now but it doesn't work that well cause when I submit it insert into the db.

if(isset($_POST['submit'])) {
    $update = "UPDATE post SET `title`='$_POST[title]', `pic`='$_POST[pic]', `youtube`='$_POST[youtube]' WHERE id = $_POST[id]";
    $db->query($update) or die($db->error);

        if($_POST['title'] == "") {
            $error = "Title is required!";
        }
        if ($_POST['pic'] == "") {
            $error = "Picture is required!";
        }
        if(isset($error)){
            echo $error;
        } else {
        echo '<p>Your post has been updated!</p>';
        } 

 }

Upvotes: 0

Views: 42

Answers (2)

SharkofMirkwood
SharkofMirkwood

Reputation: 12621

You need to stop your code from being executed if an error is found, not just echo the error. All your other code that submits the data to the database should ONLY be executed if there is no error. Try something like this:

Edit: Upon seeing the update to your code, this is what you need to do:

if(isset($_POST['submit'])) {
    if(!isset($_POST['title']) || trim($_POST['title']) == "") {
        $error = "Title is required!";
    }
    if (!isset($_POST['pic']) || trim($_POST['pic']) == "") {
        $error = "Picture is required!";
    }
    if(isset($error)){
        echo $error;
    } else {
        $update = "UPDATE post SET `title`='" . mysql_real_escape_string($_POST['title']) . "', `pic`='" . mysql_real_escape_string($_POST['pic']) ."', `youtube`='" . mysql_real_escape_string($_POST['youtube']) ."' WHERE id = " . mysql_real_escape_string($_POST['id']);
        $db->query($update) or die($db->error);
        echo '<p>Your post has been updated!</p>';
    } 
}

The problem is, your data was being submitted to the database no matter what happened after with the validation - by the time you checked for errors it was too late, as the SQL had already been executed. If you do it the way shown above, it will only submit if the $error variable is not set, which is what you want.

Upvotes: 4

Colum
Colum

Reputation: 986

I wouldn't just rely on 

if($_POST['title'] == "")

because it will not work if someone enters a space into the text field. For one thing, a title shouldn't be too long? So you can set a max-length for it?

Also maybe run a few more checks such as:

I wouldn't just rely on 

if(!isset($_POST['title'] || $_POST['title'] == "" || $_POST['title'] == " ")
{
   // Error
}
else
{
    // Database query
}

You want the else, otherwise it will always execute the database query, whether or not they haven't filled out the form properly.

Upvotes: 0

Related Questions