PHP validating multiple required input fields

Question

I am validating some input fields before sending the email. I am using for each to loop through the array faster and check that every single input is not empty and return it as a response in jquery to show the errors. The problem is that email and message inputs are not being validated. Emails are being sent even if the inputs are empty.

the array elements come from the input name attributes from the html.

function e_($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

#required fields
$required = array('name', 'email','lname','message','country' , 'city' ,'adcategory','plan' ,'company');
$success = false;

#non required fields
$website = e_($_POST['website']);
$addr = e_($_POST['address']);

foreach($required as $field) {
    if (empty($_POST[$field]))
    {
        $success = false;
    }
    else if(!empty($_POST[$field])){
        $success = true;
        $name = e_($_POST['fname']);
        $email = e_($_POST['email']); #this has issue
        $lname = e_($_POST['lname']);
        $msg = e_($_POST['message']); #this has issue

        $country = e_($_POST['country']);
        $city = e_($_POST['city']);
        $adCategory = e_($_POST['adcategory']);
        $plan = e_($_POST['plan']);
        $companyName = e_($_POST['company']);
    }

}

if($success)        
    echo "success";
else if (!$success)
    echo json_encode(['errors'=>true]); #this will be manipulated in jquery

An [all-in-one sanitize function](https://stackoverflow.com/questions/4223980/the-ultimate-clean-secure-function) is not ideal and it isn't recommended either. — Script47, Aug 22 '18 at 22:18

Barmar · Accepted Answer · 2018-08-22T22:42:21.507

2

The problem is that you set $success = true; whenever you find a required field, and this undoes the $success = false; for a previous field. You also process all the fields in the else if, even though that just means that one of the required fields was found.

$success = true;
foreach ($required as $field) {
    if (empty($_POST[$field])) {
        $success = false;
        $missing_field = $field;
        break;
    }
}

if (!$success) {
    echo json_encode(['errors'=>true, 'missing' => $missing_field]);
    exit();
}

$name = e_($_POST['fname']);
$email = e_($_POST['email']); #this has issue
$lname = e_($_POST['lname']);
$msg = e_($_POST['message']); #this has issue

$country = e_($_POST['country']);
$city = e_($_POST['city']);
$adCategory = e_($_POST['adcategory']);
$plan = e_($_POST['plan']);
$companyName = e_($_POST['company']);
echo "Success";

edited Aug 22 '18 at 22:42

answered Aug 22 '18 at 22:20

Barmar

741,623
53
500
612

for some reason `$success` never returns true. I fill all the inputs in the form – csandreas1 Aug 22 '18 at 22:41
I've added code to return the missing field. What does it say when you try it? – Barmar Aug 22 '18 at 22:42
it alerts name actually – csandreas1 Aug 22 '18 at 22:45
If you do `var_dump($_POST)` do you see `name` in it? – Barmar Aug 22 '18 at 22:47
You put that in the PHP code and look at the output. – Barmar Aug 23 '18 at 01:57

score 1 · Answer 2 · answered Aug 22 '18 at 22:23

Your foreach loop is wrong. You have your if statement that checks if it's not empty inside your for loop that checks if it's empty. You need to check to see if all the values are empty first then run that if statement.

$success = true;
foreach($required as $field) {
    if (empty($_POST[$field]))
    {
        $success = false;
        break;
    }
}

if($success)
{
    // set your variables
} else {
    // don't set your variables
}

PHP validating multiple required input fields

2 Answers2