CODEWITHSUNDEEP
phpforms
jerneva
jerneva

Reputation: 465

PHP - Form error alerts displays on page load

i am a newbee and just learning along the way. I have two forms on a page (I have only shown one of them as the other form is the same code with different variables). Both their error messages display on page load. How can I stop this?

I have read multiple posts regarding this but I still cannot find a solution.

<?php

    if(isset($_POST['Update'])) {
        $c_fname = $_POST['fname'];
        $c_lname = $_POST['lname'];
        $c_email = $_POST['email'];
        $c_phone = $_POST['phone'];

        // Save $_POST to $_SESSION
        //query

        $insert_det = "INSERT INTO  Cus_acc_details(CUS_Fname,CUS_Lname,Cus_Email,CUS_Phone) 
            VALUES (?,?,?,?)
            ON DUPLICATE KEY 
            UPDATE
            Cus_acc_details.CUS_Fname = '$c_fname',
            Cus_acc_details.Cus_Lname = '$c_lname',
            Cus_acc_details.Cus_Email = '$c_email',
            Cus_acc_details.CUS_Phone = '$c_phone'";

        $stmt = mysqli_prepare($dbc, $insert_det);
        //new
        // $stmt = mysqli_prepare($dbc, $insert_c);
        //debugging
        //$stmt = mysqli_prepare($dbc, $insert_c)  or die(mysqli_error($dbc));

        mysqli_stmt_bind_param($stmt, 'sssi', $c_fname, $c_lname, $c_email, $c_phone);

        /* execute query */
        $r = mysqli_stmt_execute($stmt);

        // if inserted echo the following messges
        if ($r) {
            echo "<script> alert('Saved')</script>";
        }
    } else {
        echo "<b>Oops! we have an issu </b>";
    }
?>

Upvotes: 2

Views: 607

Answers (2)

Keeleon
Keeleon

Reputation: 1422

You have an else after your if (isset($_POST['Update'])). Inside that else you are displaying errors as if the user tried to submit the form. $_POST['Update'] will only be set if the user tried to submit the form. Move that else inside your if:

if (isset($_POST['Update'])) {

    /* a bunch of code to insert into the DB */
    // if inserted echo the following messges
    if ($r) {
        echo "<script> alert('Saved')</script>";
    }else{
        echo "<b>Oops! we have an issu </b>";
    }
}

In Addition:

The commenter is right. You are at risk for SQL Injection. Please use prepared statements instead.

Upvotes: 2

ak_
ak_

Reputation: 2815

The problem is your else statement is running every time the variable $_POST['Update'] is not set.

One way to fix this is to move your error message inside your form checking code. Something like this would work:

if (isset($_POST['Update'])) {

    /* unchanged code snipped */

    if ($r) {
        echo "<script> alert('Saved')</script>";
    } else {
        echo "<b>Oops! we have an issu </b>";
    }
}

Hope that helps!

Upvotes: 1

Related Questions