[RESOLVED] Form validation then insert into mysql
Results 1 to 7 of 7

Thread: [RESOLVED] Form validation then insert into mysql

  1. #1
    Member
    Join Date
    Apr 2010
    Posts
    45

    resolved [RESOLVED] Form validation then insert into mysql

    Hi everyone,

    First time poster and very new to php. I hope I posted this in the right forum. I am setting up a blogging system for a new web site and allowing users to post comments to a particular article. I want to make sure certain form fields are filled out before the data gets inserted into the database comments table. I am also using the page itself (where the article is) to process the form.

    I have managed to get the form validation to work with no problems.

    During testing however, I noticed that even when a field is left empty the data from the form still gets inserted into the database. This is not the desired effect however. I have taken the liberty to post all my php code. If you need to see the html code as well please let me know.

    PHP Code:
    <?php
    //connect to the database
    mysql_connect("localhost""root""");
    mysql_select_db("masscic");

        
    //First grab the associated article id from the index page link and display the full article on this page
        
    $id $_GET['bpid'];

        
    //Now build the sql to grab the data in the myblogposts table in mysql
        
    $sqlCommand mysql_query("SELECT * FROM myblogposts WHERE bpid='$id'");
        
        
    //now loop through the data in the myblogposts table
        
    while($row mysql_fetch_array($sqlCommand)){
        
    $id $row['bpid'];
        
    $title $row['title'];
        
    $pic $row['picURL'];
        
    $picAlt $row['picALT'];
        
    $picTitle $row['picTitle'];
        
    $content $row['article_body'];
        
    $date $row['reported_date'];
        
    $category $row['catid'];
        
        
    $formID 'single2_blog.php?bpid='.$id;//echo this variable created so that users can post comments to a particular article since the form is below
    }
    ?>
    <?php
        
    //build the sql to grab the data in the blogcomments table in mysql
        
    $sqlComments mysql_query("SELECT * FROM blogcomments WHERE postID='$id' ORDER BY cmtid ASC") or die(mysql_error());
        
    $num_rows mysql_num_rows($sqlComments); //Grab the total number of comments based on this article id
        
        //loop through the data in the blogcomments table and grab all the comments with the same id.
        
    $displayComments "";
        while(
    $row mysql_fetch_array($sqlComments)){
        
    $name $row['name'];
        
    $email $row['email'];
        
    $cmtDate $row['comments_date'];
        
    $comment $row['comments_body'];
        
        
    //echo this on the html page to display all comments
        
    $displayComments .= "<ul><li>Posted By: <span>$name</span></li><li>On: $cmtDate</li></ul><p>$comment</p>";
    }
    ?>
    <?php
    //initialize the variables for the form if users want to post a comment
    $name ='';
    $email ='';
    $website ='';
    $comments ='';
    $errorMsg ='';

    if (isset (
    $_POST['name'])){

        
    //grab the form data
        
    $name $_POST['name'];
        
    $email $_POST['email'];
        
    $website $_POST['website'];
        
    $comments $_POST['comments_body'];

    //do some injection cleaning
        
    $name stripslashes($name);
        
    $email stripslashes($email);
        
    $website stripslashes($website);
        
    $comments stripslashes($comments);
        
        
    $name strip_tags($name);
        
    $email strip_tags($email);
        
    $website strip_tags($website);
        
    $comments strip_tags($comments);

    //check for errors    
         
    if (!$name
             
    $errorMsg $errorMsg.'<span style="color:#ff0000">Your name is required</span><br />';
          if (!
    $email
             
    $errorMsg $errorMsg.'<span style="color:#ff0000">Your email address is required<br />';
             if (!
    $comments
             
    $errorMsg $errorMsg.'<span style="color:#ff0000">You need to post a comment<br />';

        
    $name mysql_real_escape_string($name);
        
    $email mysql_real_escape_string($email);
        
    $website mysql_real_escape_string($website);
        
    $comments mysql_real_escape_string($comments);     
                
    //done with error checking now perform the insert
    }else {
    $sqlInsert mysql_query("INSERT INTO blogcomments(postID, name, email, website, comments_date, comments_body) VALUES('$id','$name','$email','$website', now(), '$comments')") or die (mysql_error());
    }
    ?>
    Any help would be appreciated.
    Thanks
    Gerry

  2. #2
    Senior Member dagon's Avatar
    Join Date
    Nov 2001
    Posts
    6,178
    chevk if $errorMsg is empty before doing the insert

  3. #3
    Member
    Join Date
    Apr 2010
    Posts
    45
    Hi Dagon,

    thanks for responding, been struggling with this for 2 days. Can you give me a code example?

    Thanks
    Gerry

  4. #4
    Member
    Join Date
    Apr 2010
    Posts
    45
    Actually, I think I got it, will this work?

    if $errorMsg ==0;

    mysql_query("INSERT INTO blogcomments(postID, name, email, website, comments_date, comments_body) VALUES('$id','$name','$email','$website', now(), '$comments')")
    }

    something like that?

    Gerry

  5. #5
    Senior Member dagon's Avatar
    Join Date
    Nov 2001
    Posts
    6,178
    for a start change

    PHP Code:
    $errorMsg $errorMsg. ... 
    to

    PHP Code:
    $errorMsg .= ... 
    same thing but cleaner

    then
    PHP Code:
    if(empty($errorMsg)){
    //sql


  6. #6
    Member
    Join Date
    Apr 2010
    Posts
    45
    Thanks Dagon,

    I cannot tell you how long I've struggled with this. You have made my day. All is working.

    Thanks again!
    Gerry

  7. #7
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,420
    Don't forget to mark this thread resolved (if it is) using the link on the Thread Tools menu above.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •