Hi everyone,

First time poster and very new to php. I hope I posted this in the right forum. I am setting up a blogging system for a new web site and allowing users to post comments to a particular article. I want to make sure certain form fields are filled out before the data gets inserted into the database comments table. I am also using the page itself (where the article is) to process the form.

I have managed to get the form validation to work with no problems.

During testing however, I noticed that even when a field is left empty the data from the form still gets inserted into the database. This is not the desired effect however. I have taken the liberty to post all my php code. If you need to see the html code as well please let me know.

<?php
//connect to the database
mysql_connect("localhost", "root", "");
mysql_select_db("masscic");

//First grab the associated article id from the index page link and display the full article on this page
$id = $_GET['bpid'];

//Now build the sql to grab the data in the myblogposts table in mysql
$sqlCommand = mysql_query("SELECT * FROM myblogposts WHERE bpid='$id'");

//now loop through the data in the myblogposts table
while($row = mysql_fetch_array($sqlCommand)){
$id = $row['bpid'];
$title = $row['title'];
$pic = $row['picURL'];
$picAlt = $row['picALT'];
$picTitle = $row['picTitle'];
$content = $row['article_body'];
$date = $row['reported_date'];
$category = $row['catid'];

$formID = 'single2_blog.php?bpid='.$id;//echo this variable created so that users can post comments to a particular article since the form is below
}
?>
<?php
	//build the sql to grab the data in the blogcomments table in mysql
	$sqlComments = mysql_query("SELECT * FROM blogcomments WHERE postID='$id' ORDER BY cmtid ASC") or die(mysql_error());
	$num_rows = mysql_num_rows($sqlComments); //Grab the total number of comments based on this article id

//loop through the data in the blogcomments table and grab all the comments with the same id.
$displayComments = "";
while($row = mysql_fetch_array($sqlComments)){
$name = $row['name'];
$email = $row['email'];
$cmtDate = $row['comments_date'];
$comment = $row['comments_body'];

//echo this on the html page to display all comments
$displayComments .= "<ul><li>Posted By: <span>$name</span></li><li>On: $cmtDate</li></ul><p>$comment</p>";
}
?>
<?php
//initialize the variables for the form if users want to post a comment
$name ='';
$email ='';
$website ='';
$comments ='';
$errorMsg ='';

if (isset ($_POST['name'])){

//grab the form data
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website'];
$comments = $_POST['comments_body'];

//do some injection cleaning
	$name = stripslashes($name);
	$email = stripslashes($email);
	$website = stripslashes($website);
	$comments = stripslashes($comments);

$name = strip_tags($name);
$email = strip_tags($email);
$website = strip_tags($website);
$comments = strip_tags($comments);

//check for errors    

     if (!$name) 
         $errorMsg = $errorMsg.'<span style="color:#ff0000">Your name is required</span><br />';
      if (!$email) 
	 	$errorMsg = $errorMsg.'<span style="color:#ff0000">Your email address is required<br />';
	 	if (!$comments) 
         $errorMsg = $errorMsg.'<span style="color:#ff0000">You need to post a comment<br />';

$name = mysql_real_escape_string($name);
$email = mysql_real_escape_string($email);
$website = mysql_real_escape_string($website);
$comments = mysql_real_escape_string($comments);	 

//done with error checking now perform the insert
}else {
$sqlInsert = mysql_query("INSERT INTO blogcomments(postID, name, email, website, comments_date, comments_body) VALUES('$id','$name','$email','$website', now(), '$comments')") or die (mysql_error());
}
?>

Any help would be appreciated.
Thanks
Gerry

    chevk if $errorMsg is empty before doing the insert

      Hi Dagon,

      thanks for responding, been struggling with this for 2 days. Can you give me a code example?

      Thanks
      Gerry

        Actually, I think I got it, will this work?

        if $errorMsg ==0;

        mysql_query("INSERT INTO blogcomments(postID, name, email, website, comments_date, comments_body) VALUES('$id','$name','$email','$website', now(), '$comments')")
        }

        something like that?

        Gerry

          for a start change

          $errorMsg = $errorMsg. ...

          to

          $errorMsg .= ...

          same thing but cleaner

          then

          if(empty($errorMsg)){
//sql
}

            Thanks Dagon,

            I cannot tell you how long I've struggled with this. You have made my day. All is working.

            Thanks again!
            Gerry

              Don't forget to mark this thread resolved (if it is) using the link on the Thread Tools menu above.

                Write a Reply...