Very overblown solution, but this should help - remember it's all about naming your input boxes
// assume your fields are called firstname, surname, username, password and were POSTED with a button called insertdata
if ( isset($_POST['insertdata']) )
{
$errMsgs = array();
$fields = array('firstname', 'surname', 'username', 'password');
/* do the inputs need stripping of slashes because get_magic_quotes is on? and trim them anyway
* and create an escaped version to go into the database - this might seem pointless
* stripping then slashing again, but sometimes you want a 'clean' version for output and a 'dirty' one
* for db entry
*/
foreach ($fields as $field)
{
if (empty($_POST[$field])) // check if the fields are filled
{
$errMsgs[] = "Field: $field was empty";
}
else
{
$_POST[$field] = trim($_POST[$field]);
if (get_magic_quotes_gpc())
$_POST[$field] = stripslashes($_POST[$field]);
$dbData[$field] = mysql_escape_string($_POST[$field]);
}
}
if (count($errMsgs))
{
echo "Oh no - data not filled!!<br />";
echo implode('<br />', $errMsgs);
// then return / exit here or whatever you do to warn them
}
$q = "INSERT INTO table (name, surname, username, password) VALUES ('$dbData[firstname]', '$dbData[surname]', '$dbData[username]', '$dbData[password]')";
mysql_query($q) or die('Pffft - bad insert ' . mysql_error());
}
If you've got a lot of data you can create an imploded list of fields to dynamically create your sql queries, but get to that when you come to it.
That might be bugged, as it's untested and will still allow them to type a load of spaces as valid input.
