Why isn't my isset and/or empty functions working? Every time I click the submit button on the html form, even when the form is empty it inserts into database. Can someone provide me with a thorough explanation of what I'm doing wrong and how I can fix it?
<?php
$host = "localhost";
$user = "root";
$db_password = "";
$database = "listings_db";
$link = mysqli_connect($host, $user, $db_password, $database) or die("Error " . mysqli_error($link));
if (isset
($_POST['user_firstname'],
$_POST['user_lastname'],
$_POST['user_email'],
$_POST['user_password'],
$_POST['user_type']))
{
$firstname = $_POST['user_firstname'];
$lastname = $_POST['user_lastname'];
$email = $_POST['user_email'];
$password = $_POST['user_password'];
$type = $_POST['user_type'];
$errors = array();
if(empty($firstname)
|| empty($lastname)
|| empty($email)
|| empty($email)
|| empty($password)
|| empty($type))
{$errors [] = '*All fields are required!';}
else {
if(filter_var($email, FILTER_VALIDATE_EMAIL) === false) {$errors[] = '*Please enter a valid email address!' ;}
if(strlen($firstname) > 25) {$errors[] = '*The email address you entered contains too many characters!';}
if(strlen($lastname) > 25) {$errors[] = '*The first name you entered contains too many characters!';}
if(strlen($email) > 40) {$errors[] = '*The last name you entered contains too many characters!';}
if(strlen($password) > 40) {$errors[] = '*The password you entered contains too many characters!';}
if(strlen($type) != true){$errors[] = '*Please select an account type!';}
}
$firstname = $_POST['user_firstname'];
$lastname = $_POST['user_lastname'];
$email = $_POST['user_email'];
$password = md5($_POST['user_password']);
$type = $_POST['user_type'];
$firstname = mysqli_real_escape_string($link, $firstname);
$lastname = mysqli_real_escape_string($link, $lastname);
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
$type = mysqli_real_escape_string($link, $type);
$query = mysqli_query($link, "INSERT INTO users (user_id, user_firstname, user_lastname, user_email, user_password) VALUES ('', '$firstname', '$lastname', '$email', '$password')");
}
?>
Edit: Here's the form:
<form action="" method="post">
<p>First Name: <br><input type="text" name="user_firstname" size="25" maxlength="25"/></p>
<p>Last Name: <br><input type="text" name="user_lastname" size="25" maxlength="25"/></p>
<p>Email Address: <br><input type="email" id="email" name="user_email" size="25" maxlength="40"/><p>
<p>Create a Password: <br><input type="password" name="user_password" size="25" maxlength="40"/></p>
<p>Account Type: <br> <select name="user_type">
<option value="seller" selected>Seller</option>
<option value="Buyer">Buyer </option>
</select>
That´s because your form fields would always be submitted. No matter if they are filled with any content, or not.
So, you don´t need to check if they are set, because they would be always set. You need to check, if they are not empty. To do so, you can use the empty PHP construct:
if (!empty($_POST['user_firstname'])
&& !empty($_POST['user_lastname'])
&& !empty($_POST['user_email'])
&& !empty($_POST['user_password'])
&& !empty($_POST['user_type']))
{
// TODO
}