0

Hi :) This is my first time posting on here but I can't figure it out and it should be simple. I think I have just been looking at it for too long. So I have a form for which I am carrying out form validation, all the validation works and it sends to the database.

The small issue I have is when it comes to the email and confirm email validation, the first if statement checks if the textbox is empty and if it is I should get the "Email is required" message. But due to the second if statement, I think the $emailErr variable gets overwritten by the second error message which should appear only if the email syntax is invalid.

Therefore, if i leave the textbox empty, i still get the "syntax invalid" message rather than the "email is required" message.

My confusion comes from the fact that, for example, my "firstname" validation (and all other validation) is pretty much the same idea but they do not get overwritten by the second error message which is also presented by using a second if statement.

I will copy the code for my firstname validation and the code for my email validation so you can get an idea of what I am talking about. Any help would be greatly appreciated. If not, im sure ill figure it out eventually :) Thanks!

FIRST NAME VALIDATION - if I leave the textbox blank I get error message "First name is required" - which is correct.

//Check if the firstname textbox is empty
  if (empty($_POST['fname']))
//Show error message
{
$fnameErr = "First name is required";
}
//Check if fname is set
elseif (isset($_POST['fname']))
//Check the text using the test_input function and assign it to $fname
{$fname = test_input($_POST['fname']);}
//Check if first name contains letters and whitespace
  if (!preg_match("/^[a-zA-Z ]*$/",$fname))
 //Show error message & unset the fname variable
  {
  $fnameErr = "Only letters and white space allowed";
  unset($_POST['fname']);
  } 
  else  
  //Check the text using the test_input function and assign it to $fname
  {$fname = test_input($_POST['fname']);}

EMAIL VALIDATION - if I leave the textbox empty I get the error message "Invalid Email Format" - it should be "Email is required" - why is this?

//Check if the email textbox is empty
if (empty($_POST['email']))
//Show error message
{
$emailErr = "Email is required";
}
//Check if email is set
elseif (isset($_POST['email']))
//Check the text using the test_input function and assign it to $email
{$email = test_input($_POST['email']);}
//Check if e-mail syntax is valid
  if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
  //Show error message & unset the email variable
  {
  $emailErr = "Invalid email format";
  unset($_POST['email']);
  }
  else
  //Check the text using the test_input function
  {$email = test_input($_POST['email']);}
user3266484
  • 125
  • 1
  • 2
  • 12
  • 4
    Really speaking, cut down the code and come to point else people will just run away – Mr. Alien Feb 04 '14 at 15:55
  • in reality the email format is incorrect since its blank so is this an issue? – KyleMassacre Feb 04 '14 at 15:57
  • 2 things, 1. Why don't you check if `stringlength > 0` (which will eliminate possible blank strings. 2. [Validating email addresses with regex is opening a whole can of worms](http://stackoverflow.com/questions/201323/using-a-regular-expression-to-validate-an-email-address) – Jamie Taylor Feb 04 '14 at 15:57
  • You might want to consider validating firstnames with `\p{L}` instead of `a-zA-z` cuz of names like Björn, Paweł etc... – Moak Feb 04 '14 at 15:58
  • Do you know what front-end validation is? Most of the things you have here can be done on front end utilizing javascript or jquery or the js library of your preference. Only validate the format of the email (regular expresisons) – CodeTrooper Feb 04 '14 at 15:58
  • 1
    @Yisera OP still needs to validate server-side, front-end can not be trusted since javascript can be turned off. – Ant Feb 04 '14 at 16:05
  • What I meant is that he should Validate everything on client side, and be sure to validate only the format in server side as that is what really matters. Now, I wouldn't really be using regular expressions to validate email addresses. See this post for reference. http://stackoverflow.com/questions/201323/using-a-regular-expression-to-validate-an-email-address?page=1&tab=votes#tab-top – CodeTrooper Feb 04 '14 at 16:12

3 Answers3

3

The proper way to validate an email is by using filter_var

$email = filter_var(filter_var($_POST['email'],FILTER_SANITIZE_EMAIL),FILTER_VALIDATE_EMAIL)

if(!$email) 
    $invalidemailMessage = 'You have entered an invalid email address!';

End of story.

If you really,really,really need to output "Email required":

if($_POST['email'] == "" || preg_match('/^\s+$/', $_POST['email']) == true) { 
    $invalidemailMessage = 'Email required.';
} else {
    $email = filter_var(filter_var($_POST['email'],FILTER_SANITIZE_EMAIL),FILTER_VALIDATE_EMAIL)
    if(!$email) 
        $invalidemailMessage = 'You have entered an invalid email address!';
}
tftd
  • 16,203
  • 11
  • 62
  • 106
0

with some adjustment to your current code you can keep it, ALTHOUGH what @tftd said is absolutely correct with regard to Sanitisation and Validation.

$error = array();

if (empty($_POST['email'])) {
    $error[__LINE__] = "Email is required";
} elseif (isset($_POST['email'])) {
    $email = test_input($_POST['email']);
}

if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) {
    $error[__LINE__] =  "Invalid email format";
    unset($_POST['email']);
} else {
    $email = test_input($_POST['email']);
}

if ($error){
    print_r($error);
}
Pwner
  • 791
  • 5
  • 16
0

Part of your problem with your code is your last if is still being ran so you will always get the error if the email field is empty.

Change this

if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))

To this

if (isset($email) && !preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
Ant
  • 118
  • 3