Insert Validation foreach loop trouble

Question

So, I have the following code: (Don't worry about SQL injections/mysql depreciation for now)

$required = array('uexam_id', 'usubject', 'uexam_date');

$error = false;
//VALIDATION: first check all required fields are not empty. if post has values
if(!empty($_POST))
foreach($required as $field) 
    if ( empty($_POST[$field])) 
        $error = true;
//a field was empty, show error
if ($error) {
die ("All fields required!!! <a href='examisud.php'> Back to PHP Form </a>");
}
//no error - try the query
elseif($error === false && !empty($_POST) )

{
$InsertQuery = "INSERT INTO Exam (exam_id, subject, exam_date) VALUES ('$_POST[uexam_id]','$_POST[usubject]','$_POST[uexam_date]')";
$result = mysql_query($InsertQuery, $con) or die('query Failure:'. mysql_error());
}

So when I navigate to this php form (examisud.php), I am first greeted by "All Fields required". I can then navigate back to the form and it works as normal inserting data and displaying errors if not all fields are filled in. *How can I get the "All fields required" to not display on form page load and only when I need it to (when a field is left blank). When I also update or delete fields I also get the "All fields required" error display. However everything updates/gets deleted as normal apart from the error popping up.

So basically I just need it to show up when a field is left blank in the insert query! Thanks in advance for any help you can give me!

*Edit My form:

{
echo "<form action=examisud.php method=post>"; //HTML FORM ECHOED OUT BY PHP
echo "<tr>";
echo "<td>" . "<input type=text name=exam_id value=" . $record['exam_id'] . " </td>";
echo "<td>" . "<input type=text name=subject value=" . $record['subject'] . " </td>";
echo "<td>" . "<input type=text name=exam_date value=" . $record['exam_date'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['exam_id'] . " </td>";
echo "<td>" . "<input type=image name=update value=update id=submit src=images/update.png" . " </td>";
echo "<td>" . "<input type=image name=delete value=delete id=submit src=images/delete.png" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=examisud.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uexam_id></td>";
echo "<td><input type=text name=usubject></td>";
echo "<td><input type=text name=uexam_date></td>";
echo "<td>" . "<input type=image name=insert value=insert id=submit src=images/insert.png" . " </td>";
echo "</form>";
echo "</table>";

just put any hidden field on the form, and check for the hidden variable's presence in your code - if it's there, the form was submitted, otherwise it is a "first time visit" — Steve Horvath, Mar 31 '14 at 03:21
`Don't worry about SQL injections/mysql depreciation for now`: It's not us who have to worry, *you* do :) — Hanky Panky, Mar 31 '14 at 03:23

score 0 · Answer 1 · answered Mar 31 '14 at 03:20

0

you have to check whether the form is submitted or not

for example if you have form submit like this

<input type="submit" name="submit">

then in your php check it like this

if(!empty($_POST['submit']))//means the form is submitted
{
//your code
}
else
{
//no form is submitted here display your form normally
?>

<form action="" method="POST">
......
......
<input type="submit" name="submit">

</form>

<?php
}

hope it helps you,all the best

answered Mar 31 '14 at 03:20

ɹɐqʞɐ zoɹǝɟ

4,342
3
22
35

No, I have my form echoed out by the PHP, it wouldn't work in this format :/ Thanks for your input though! – user3473793 Mar 31 '14 at 03:40
yeah you can also echo your form in else part – ɹɐqʞɐ zoɹǝɟ Mar 31 '14 at 04:06

score 0 · Answer 2 · edited May 23 '17 at 12:06

0

This code should do it, explainations below.

if ($_SERVER['REQUEST_METHOD'] == 'POST') { // check if the user submits data (POST) or just loads the page (GET)
    $error = false;
    $required = array('uexam_id', 'usubject', 'uexam_date');


    foreach($required as $field) {
        if (!isset($_POST[$field]) || empty($_POST[$field])) {
            $error = true;
            break;
        }
    }

    if ($error) {
        die("All fields required!!! <a href='examisud.php'> Back to PHP Form </a>");
    } else {
        $InsertQuery = "INSERT INTO Exam (exam_id, subject, exam_date) VALUES ('".mysql_real_escape_string($_POST["uexam_id"], $con)."','".mysql_real_escape_string($_POST["usubject"], $con)."','".mysql_real_escape_string($_POST["uexam_date"], $con)."')";
        $result = mysql_query($InsertQuery, $con) or die('query Failure:'. mysql_error());
    }
}

First off, you code has some serious security issues and should never not be used in production.

mysql_* functions are deprecated - use mysqli (which is very similar to mysql) or PDO_MYSQL.

Your code is vulnerable to SQL injection attacks, read this question on how to prevent them (either properly escaping values or using prepared statements).

Currently I used mysql_real_escape_string to escape the variables so this code should be safe.

Finally, my code should still fix your first issue since it checks if the user is actually submitting the form (by checking if the request method is POST) before running the validation, whereas your first code was running the validation (and failing) even if there was no data being submitted.

edited May 23 '17 at 12:06

Community

1
1

answered Mar 31 '14 at 03:22

You could have ***atleast*** used `mysql_real_escape_string` – Hanky Panky Mar 31 '14 at 03:25
@Hanky웃Panky yeah you're right, updated my answer. At first I didn't fix it and was hoping he'll do it himself when switching to either mysqli or PDO. – Mar 31 '14 at 03:35
@andre, I dunno what to tell ya, i'm still getting the exact same thing :/ – user3473793 Mar 31 '14 at 03:39
Also, it's just a personal project, it won'tbe going online which is why I don't need mysqli or have to worry about SQL injections =D – user3473793 Mar 31 '14 at 03:41
The code is running the way it's supposed to apart from the fact that when the page loads, values are updated/deleted I get "All fields are required-Back to form". Yet the values are inserted, the database is updated or the values are deleted, it just keeps popping up no matter what I do. :/ – user3473793 Mar 31 '14 at 03:44
@Andre, That's what i'm getting. It's more a superficial/aesthetic thing, the error message is displaying when I insert/update/delete. But it doesn't affect the values going into the database, they still get inserted, updated and deleted as normal. And ok, i'll insert my form in a bit! – user3473793 Mar 31 '14 at 03:52

Insert Validation foreach loop trouble

2 Answers2