[RESOLVED] Need help validating empty form fields

maxwell_

I am trying to validate a form so that the user sees an alert
if any form fields are left blank.

I have added the following code

if(isset($POST['submit'])) {
$name = $POST['name'];
$email = $POST['email'];
$comment = $POST['comment'];
if (empty($name) || empty($email) || empty($comment)) {
// if at least one of the input fields is blank
echo 'Please fill out all form fields.<br />';
}

When I submit the form with any or all fields blank
a record is added to the database and no error shows.

this is the full page

try {  

$pdo = new PDO("mysql:host=$hostname;dbname=database", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  

 } 

// extract $_GET values from URL

/* 
VALIDATION

need to validate trim() white space
and mysqli_real_escape_string() and
is_numeric
also specify columns and values in 
INSERT statement 

VALIDATION
*/


$_def_soft_id = 1;
$_def_id = 9876;

 $_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;
'&amp;software_id=' . $_soft_id); 


// insert contents of form fields into the database
//$form_action = 'comment_confirm.php?id=' . $_GET['id'] . '&amp;software_id=' . $_GET['soft_id']; 

if(isset($_POST['submit'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];
if (empty($name) || empty($report) || empty($comment)) {
// if at least one of the input fields is blank 
      echo 'Please fill out all of the email information.<br />';
}

$mysql = new mysqli('local','user','pass','database') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();
$_action = 'comment_confirm.php?id=' . $_id . '&software_id=' . $_soft_id;

ini_set('display_errors', 1);
error_reporting(E_ALL);
header('Location:' . $_action);
//exit; 

//die('reached here');
//header('Location:' . $_action);
//$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id
} else {
  echo 'error: ' . $mysql->error; 
}
}
//exit; 


/* $_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;
$_action = header('Location: comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id);  */
////////////////////////////////////////////

// display database contents on in table

$dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); // assuming it's an integer    

$dbh->execute();   

$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table align="center" border="0" width="95%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels" height="40px">
          <td class="tl" width="35%">&nbsp;&nbsp;&nbsp;&nbsp;<img src="../../images/staffsmall.png" width="24" height="24" align="absmiddle" />&nbsp;&nbsp;&nbsp;By:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">

	  <img src="../../images/vcalendarsmall.png" width="34" height="34" align="absmiddle" />&nbsp;&nbsp;&nbsp;'.$row['date'].'</td>
      <td width="20%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
      </tr>
    <tr>
      <td colspan="3" class="paddcell">'.$row['comment'].'</td>
      </tr>
	  <tr bgcolor="FFFFFF" height="10px"><td colspan="3"></td></tr>
  </table>';

  }

///////////////////////////////////////////
?>

<?php

////////////////////////////////////////////////

/* echo '$_GET::<br/>';
var_dump($_GET);
echo '<br/>';

echo '$_POST::<br/>';
var_dump($_POST);
echo '<br/>'; */

////////////////////////////////////////////////
?>



<?php //echo $_action; ?>
<form method="POST" action="">
<br />
<div class="forms">
	<table border="0" align="center" cellpadding="0" cellspacing="0">
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
	  <input type="hidden" name="software_id" value="<?php echo $_GET['software_id'];?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="70" rows="8" name="comment" value="" ></textarea></td></tr>    

   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
  </div>
</form>
<br />
<br />

Bonesnap

You're checking if the fields are empty, but you're not exiting the script in any way if they are; the script continues to the MySQL statement directly below it.

If a field is empty, set a boolean to false, and then test the boolean before running the MySQL statement. If it's true, then you know the fields were filled in, otherwise, skip the MySQL statement and print the message.

maxwell_

Thanks for that I have it working now!

Best Regards Maxwell