Hello i have a strange problem. I have a form with PHP validation but even when the form fields are empty the form still submits. Below is my code...Can you please tell me what is going on here.
Also there are 2 forms on the same page. both using the $_SERVER['PHP_SELF'] action.
The work flow is that the user uses the first form to spin a prize wheel (Validation works fine on this form) and then after a successful submission the spinner appears.
if the spinner lands on a winning segment the second form appears (Which is the one that will submit empty) if i click submit on the second form the first form appears again and ignores the second forms validation. Im sure its safe to assume that it is because the page is refreshing. Is there a way to get around this?
$nameErr = $lNameErr = $pCodeErr = $successMessage = $errorMessage = "";
$name = $lName = $pCode = "";
$errors = 0;
$regex = '^[a-zA-Z0-9]{3}( )?[a-zA-Z0-9]{3}$^';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "First Name is required";
$errors++;
}else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["lName"])) {
$lNameErr = "Last Name is required";
$errors++;
}else {
$lName = test_input($_POST["lName"]);
}
if (empty($_POST["pCode"])) {
$pCodeErr = "Postal Code is required";
$errors++;
}else {
$pCode = test_input($_POST["pCode"]);
// check if e-mail address is well-formed
if (!preg_match($regex, $_POST["pCode"])) {
$pCodeErr = "Invalid Postal Code format";
$errors++;
}
}
if($errors == 0){
$duplicate = $conn->prepare( "SELECT `Pcode` FROM `winners` WHERE `Pcode` = ?" );
$query->bindValue( 1, $email );
$query->execute();
if( $duplicate->rowCount() > 0 ) {
$errorMessage = "Sorry this user is already in our database!";
} else {
$successMessage = "Form Submission Successful!";
$sql = "INSERT INTO winners (Fname, Lname, Pcode) VALUES (:fName, :lName, :pCode)";
$stmt = $conn->prepare($sql);
// $stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':fName', $name, PDO::PARAM_STR);
$stmt->bindParam(':lName', $lName, PDO::PARAM_STR);
$stmt->bindParam(':pCode', $pCode, PDO::PARAM_STR);
$stmt->execute();
}
}
}
and here is my form
<form id="winner-form" class="spin-form" method = "post" action = "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<p>To claim your prize please fill in the form below.</p>
<div class="form-group">
<label>Name:</label>
<input class="form-control" placeholder="Please enter your First Name" value="<?php echo $name;?>" type = "text" name = "name">
<span class = "error">* <?php echo $nameErr;?></span>
</div>
<div class="form-group">
<label>Last Name:</label>
<input class="form-control" placeholder="Please enter your Last Name" value="<?php echo $lName;?>" type = "text" name = "lName">
<span class="error">* <?php echo $lNameErr;?></span>
</div>
<div class="form-group">
<label>Postal Code:</label>
<input class="form-control" placeholder="Please enter your Postal Code" value="<?php echo $pCode;?>" type = "text" name = "pCode">
<span class="error">* <?php echo $pCodeErr;?></span>
</div>
<td>
<input class="btn btn-lg btn-success" type="submit" name="sub" value="Submit">
</td>
<?php if($successMessage != "") { ?>
<span class ='alert alert-success'><?php echo $successMessage; ?></span>
<?php } ?>
<?php if($errorMessage != "") { ?>
<span class ='alert alert-danger'><?php echo $errorMessage; ?></span>
<?php } ?>
</form>
Sorry I can't comment cause i have lesser reputation, burr you can prevent user from submitting empty values if you set an SQL Null check to NO. Or On Php's End.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["name"]) == "") {
$nameErr = "First Name is required";
$errors++;
}
}
Or
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["name"]) == Null) {
$nameErr = "First Name is required";
$errors++;
}
}
But It's Often Best To Write a Form Validation Function using, Javascript or Jquery. Which ever you prefer. I hope my Supposed Comment was helpful. :)