1

I'm looking for a simple PHP solution to stop empty input values at form from submitting empty input fields. The code for the form is below. I would like to use a simple PHP (non-Javascript) solution if possible.

Form.php code:

<form name="form" method="post" action="add.php">
<input type="text" name="url" id="url">
<button type="submit" id="submit">submit</button>
</form>

add.php code:

$url=$_POST['url'];
$sql= "insert into my_table set url='$url'";
mysql_query($sql) or die("query failed: $sql".mysql_error());
$msg= 'URL Added Thank You';
session_register('msg');
header("Location: form.php ");
exit;

If there any PHP solution to prevent empty input submit before form submit or after submit so it can send me back to form.php.

Thank you.

eykanal
  • 26,437
  • 19
  • 82
  • 113
Reham Fahmy
  • 4,937
  • 15
  • 50
  • 71
  • 1
    SANITIZE!! http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php – Alex Oct 10 '11 at 15:06
  • check your post value if it's empty show error message else submit form. – Punit Oct 10 '11 at 15:17

4 Answers4

5

Personally, I almost always do these things in two steps. Sanitize first, then validate.

// Step 1: Sanitize fields
$url = mysql_real_escape_string($_POST['url']);

// Step 2: Validate fields
if(empty($url))
{
    $msg = "Text can't be empty";
    session_register('msg');
    header("Location: form.php ")
}

// Step 3: Whatever
$sql= "insert into my_table set url='$url'";
mysql_query($sql) or die("query failed: $sql".mysql_error());
$msg= 'URL Added Thank You';
session_register('msg');
header("Location: form.php ");
exit;
Dan
  • 584
  • 5
  • 9
2

Use the empty function:

if (empty($_POST['query'])) {

    // Set error and return to form

}

I would highly suggest also reading up on mysql_real_escape_string.

Jesse Bunch
  • 6,651
  • 4
  • 36
  • 59
  • I also agree with @Jesse about sanitizing your data +1 – Phill Pafford Oct 10 '11 at 15:07
  • There's little risk of this being an actual problem in the context of a URL input, but `empty()`, despite its name, isn't a particularly good way to check for an empty string. – John Flatness Oct 10 '11 at 15:24
  • @JohnFlatness - It doesn't matter. Little risk is more than enough reason to sanitize. As for `empty()`, it's a great way to check for an empty string. Why? 1) It eliminates the need for `isset()` and 2) any of the possible things it checks for would be non-useful and therefore erroneous in the context of the OP's question. – Jesse Bunch Oct 10 '11 at 15:32
  • My comment was meant to be read as "There's little risk of `empty()` causing a problem in this context, but it's not always a particularly good way to check for an empty string." You're right (and I noted) that in this context, it's probably fine, but there are plenty of other contexts where `empty()` returning true for `'0'` is a real problem. – John Flatness Oct 10 '11 at 15:50
1

You can check whether the input value was filled with:

<?php
  if(!empty($_POST['url'])){
    // Do something 
  }
?>
Bas Slagter
  • 9,831
  • 7
  • 47
  • 78
1
$url=$_POST['url'];

if(empty($url)) {
    // redirect back to form
    header("Location: form.php ");
} else {
    // add record
    $sql= "insert into my_table set url='$url'";
    mysql_query($sql) or die("query failed: $sql".mysql_error());
    $msg= 'URL Added Thank You';
    session_register('msg');
    header("Location: form.php ");
    exit;
}

Little Bobby Tables

Phill Pafford
  • 83,471
  • 91
  • 263
  • 383