PHP Form Error Messages Aren't Working?

scm22ri · November 7, 2012, 8:32pm

Hi Everyone,

If a user presses “submit” and does not fill in any information into the text fields they are suppose to get a error message stating “All fields Required” but if you press “submit” it says

“Please enter a valid zip.
Please enter a valid zip code
Please enter a valid email.”

I’m not sure what I’m doing wrong here. Any ideas?

http://whatsmyowncarworth.com/class-work/sign3/add-dealership-submit.php

<?php
include "connect_to_mysql3.php";

//////////////// Below is the function
  function capitalize($element)
{
  $element = strtolower($element);
  return ucwords($element);
}
//////////////// Above is the function

if (isset ( $_POST['dealership'] ) ){

   $dealership = $_POST['dealership'];
   $address = $_POST['address'];
   $state = $_POST['state'];
   $city = $_POST['city'];
   $zip = $_POST['zip'];
   $phone = $_POST['phone'];
   $website = $_POST['website'];
   $email = $_POST['email'];
   $name = $_POST['name'];

   $dealership = mysql_real_escape_string($dealership);
   $address = mysql_real_escape_string($address);
   $state = mysql_real_escape_string($state);
   $city = mysql_real_escape_string($city);
   $zip = mysql_real_escape_string($zip);
   $phone = mysql_real_escape_string($phone);
   $website = mysql_real_escape_string($website);
   $email = mysql_real_escape_string($email);
   $name = mysql_real_escape_string($name);

   $dealership = capitalize($dealership);
   $state = capitalize($state);
   $city = capitalize($city);
   $name = capitalize($name);

    if ( empty($dealership) || empty($address) || empty($state) || empty($city) || empty($zip) || empty($phone) || empty($website) || empty($email) || empty($name) ){
		
		 $errors[] = "All Fields Are Required! <br>";
		
		} else {
		
		  if (strlen($dealership) > 65){
		    $errors[] = 'Dealership name is too long. Shorten it'.'<br>';
		  }
		
          if (strlen($state) > 65){
		    $errors[] = 'State name too long. Shorten it'.'<br>';
		  }
		
		  if (!is_numeric($zip)){
		    $errors[] = 'Please enter a valid zip.'.'<br>';
		  }
		
		  if(strlen($zip) > 6 || strlen($zip) == 6){
           // If string/pass length is greater then 6 or equal to 6 it will display password okay,
           // You can do further code here, else, It will show short pass error.
           // echo"Its good mate! have atleast 5 digit pass ";
           // You can continue your login code here...
          }
          else{
            $errors[] = 'Please enter a valid zip code'.'<br>';
          }
		
		  if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE){
		    $errors[] = 'Please enter a valid email.'.'<br>';
		  }
		
		
		}


		if(!empty($errors)){
		  foreach ($errors as $error){
		    echo "$error";
		  }
		}
		
		else {
		
		
		    $insert = ("INSERT INTO dealers (name, state, city, age, email, password, time)
		    VALUES ('$name','$state','$city','$age','$email','$password', now() )");
		
		     mysql_query($insert);
		
		   /* $to = $email;
			$from = "admin@whatsmyowncarworth.com";
			$subject = "Thanks for signing up!";
			
			$message = '<html>
		     <body bgcolor="#FFFFFF">
		            Hi ' . $name . ',
		            <br /><br />
		            Thanks for signing up!
		            <br /><br />
		             <a href="http://www.yahoo.com?city='. $city .'" target="_blank">Browse through cars in your city!</a>
		            </a>
		            <br /><br />
		            Thanks!
		     </body>
		     </html>';
			
			$headers = "From: $from\\r\
";
		    $headers .= "Content-type: text/html\\r\
";
		    $to = "$to";
			mail($to, $subject, $message, $headers);
			
			echo 'Thanks for submitting your information.'; */
		  }




}



?>

<form action="add-dealership-submit.php" method="POST">
        <table>
		  <tr>
            <td width="99">Dealership Name:</td>
            <td width="112">
              <input type="text" name="dealership" value="<?php $dealership ;?> " />
            </td>
          </tr>
		  <tr>
            <td width="99">Address:</td>
            <td width="112">
              <input type="text" name="address" value="<?php $address ;?> " />
            </td>
          </tr>
		  <tr>
            <td width="99">State:</td>
            <td width="112">
              <input type="text" name="state" value="<?php $state ;?> " />
            </td>
          </tr>
		  <tr>
            <td width="99">City:</td>
            <td width="112">
              <input type="text" name="city" value="<?php $city ;?> " />
            </td>
          </tr>
          <tr>
            <td width="99">Zip:</td>
            <td width="112">
			  <input type="text" name="zip" value="<?php $zip ;?> " />
            </td>
          </tr>
          <tr>
            <td width="99">Phone:</td>
            <td width="112">
              <input type="text" name="phone" value="<?php $phone ;?> " />
            </td>
          </tr>
          <tr>
            <td width="99">Website:</td>
            <td width="112">
              <input type="text" name="website" value="<?php $website ;?> " />
            </td>
          </tr>
		   <tr>
            <td width="99">Email:</td>
            <td width="112">
              <input type="text" name="email" value="<?php $email ;?> " />
            </td>
          </tr>
		   <tr>
            <td width="99">Your Name:</td>
            <td width="112">
             <input type="text" name="name" value="<?php $name ;?> " />
            </td>
          </tr>
          <tr>
            <td width="99">
              <input type="submit" name="submit" value="Submit">
            </td>
          </tr>
        </table>
      </form>

ronalds · November 7, 2012, 9:14pm

I think you should use AND instead of OR to check the fact that all fields are empty.

kduv · November 7, 2012, 9:35pm

Try something like this:


 <?php
include "connect_to_mysql3.php";

//////////////// Below is the function
function capitalize($element)
{
    return ucwords(strtolower($element));
} 
//////////////// Above is the function

if (isset ( $_POST['dealership'] ) ){
    $errors = array();
    $formValues = array();
    $reqFields = array('dealership',
                       'address',
                       'state',
                       'city',
                       'zip',
                       'phone',
                       'website',
                       'email',
                       'name');
    
    foreach ($reqFields as $field => $val)
    {
        if ((!isset($_POST[$field])) || ($_POST[$field] == '')) {
            $errors[] = "{$field} is required.<br>";
        } else {
            if (($field == 'dealership') && (strlen($val > 65))) {
                $errors[] = 'Dealership name is too long. Shorten it.<br>';
            } else if (($field == 'state') && (strlen($val > 65))) {
                $errors[] = 'State name is too long. Shorten it.<br>';
            } else if (($field == 'zip') && ((!is_numeric($val)) || (strlen($val) > 5))) {
                $errors[] = 'Please enter a valid zip.<br>';
            } else if (($field == 'email') && (filter_var($val, FILTER_VALIDATE_EMAIL) === FALSE)) {
                $errors[] = 'Please enter a valid email.<br>';
            } else if (($field == 'age') && (!is_numeric($val))) {
                $errors[] = 'Please enter a numeric age.<br>';
            }
            $formValues[$field] = (ctype_alpha($val)) ? capitalize($val) : $val;
        }
        
    }
    
    $formValues['time'] = date('Y-m-d H:i:s');
    
    if(count($errors)){
        foreach ($errors as $error){
            echo $error;
        }
    } else {
        $fields = '(';
        $values = '(';
        foreach ($formValues as $field => $val)
        {
            $fields .= "{$field}, ";
            $values .= mysql_real_escape_string($val) . ', ';
        }
        $fields = rtrim($fields, ', ') . ')';
        $values = rtrim($values, ', ') . ')';
        
        $sql = "INSERT INTO dealers {$fields} VALUES {$values}";
        mysql_query($sql)
    }
}
?>

On a side note, I would suggest using MySQLi or PDO for your database functions. They both support prepared statements which make it much easier to protect against SQL injections.

scm22ri · November 7, 2012, 10:42pm

Thanks guys for both of your replies. I got the code working but I encountered a new problem.

Regarding, my zip code. I want the user to enter a zip code that is exactly 5 digits long. If they enter anything under or over 5 digits I want a error message to show.

I’m about half way there because as of right now if a user types in a zip that is less than 5 digits, they get an error but if they type in a zip code that’s over 5 digits then they aren’t presented with an error.

How would I account for a number that’s greater than 5?

Thanks again everyone for your responses and tips!

if(strlen($zip) > 5 || strlen($zip) == 5 ){

}
else {
  $errors[] = 'Please enter a valid zip code'.'<br>';
}

kduv · November 7, 2012, 10:46pm

if (strlen($zip) != 5)

kduv · November 7, 2012, 10:50pm

http://www.php.net/manual/en/language.operators.comparison.php

scm22ri · November 7, 2012, 10:54pm

Thank you Keith, I appreciate that!

kduv · November 7, 2012, 10:59pm

Lol I totally messed up in the first post to this thread. In the first foreach I should have replaced most $val with $_POST[$field] … it was early in the morning for me

cpradio · November 7, 2012, 11:01pm

Also, set the max length on your input field to 5. Why let the user enter more than you want (granted you still need the validation to ensure only 5 is entered, but it helps)?

scm22ri · November 8, 2012, 12:57am

Good tip cpradio. Thanks again Everyone!