$_POST values are not getting checked by my function Code Answer

Hello Developer, Hope you guys are doing great. Today at Tutorial Guruji Official website, we are sharing the answer of $_POST values are not getting checked by my function without wasting too much if your time.

The question is published on by Tutorial Guruji team.

This is my first PHP project so please guide how to debug effectively :

I created this form:

<form action="<?php $self ?>" method="post">
<div class="fname">
  <label for="name"><span> Name: </span>
  <input name="name" value= "<?php 
  if($error_count != 0) {
  echo $name;
  }// To avoid filling name again in case of error?>"
  type="text" cols="20" />
  </label>
</div>
<div class="femail">
  <label for="email"><span> Email: </span>
  <input name="email" value= "<?php 
  if($error_count != 0) {
  echo $email;
  }// To avoid filling email again in case of error?>" 
  type="text" cols="20" />
  </label>
</div>
<br/>
<textarea name="post" rows="5" cols="40"><?php 
  if($error_count != 0) {
  echo $post;
  }// To avoid filling textarea again in case of error?>
  </textarea>
<input name="send" type="hidden" />
<p>
  <input type="submit" value="shout" />
</p>

and following function to validate form (in a seperate file form_validation.php):

    <?php
function validate_shout($vmail,$vname,$vpost)
{

$error_count = 0; 

// To check email.
if(!preg_match('/^[.w-]+@([w-]+.)+[a-zA-Z]{2,6}$/',$vmail)) {
echo "<p class ="error"> Please enter valid email address </p><br/>";
$error_count++;
}

// To check required fields
if($vname == NULL) {
echo "<p class ="error"> Oops!! You forgot to enter your name </p><br/>";
$error_count++;
}

if($vpost == NULL) {
echo "<p class ="error"> I guess your shout was blank </p><br/>";
$error_count++;
}

return $error_count;
}

?>

And used it in this way

if(isset($_POST['send'])) {

if(!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['post'])) {
echo "<p class="error">Unable to connect to the database server at this time.</p>";
}
else {
 $name = htmlspecialchars(mysql_real_escape_string($_POST['name'])); 
 $email = htmlspecialchars(mysql_real_escape_string($_POST['email'])); 
 $post = htmlspecialchars(mysql_real_escape_string($_POST['post']));


$error_count = validate_shout($email,$name,$post);
//PHP code to add shout to database
if ($error_count == 0) 
{
$query = "INSERT INTO shouts SET name='$name', email='$email', post='$post';";
  • Now the problem is that it is not validating the textarea. other two are working fine. Code was working fine few days ago. but today when i opened it i found this problem.

One more thing i noticed was in phpMyadmin, as listed below

The additional features for working with linked tables have been deactivated. To find out why click here.

on click it displayed this:

$cfg['Servers'][$i]['pmadb'] ...    not OK [ Documentation ]
$cfg['Servers'][$i]['relation'] ...     not OK [ Documentation ]
General relation features: Disabled

$cfg['Servers'][$i]['table_info'] ...   not OK [ Documentation ]
Display Features: Disabled

$cfg['Servers'][$i]['table_coords'] ...     not OK [ Documentation ]
$cfg['Servers'][$i]['pdf_pages'] ...    not OK [ Documentation ]
Creation of PDFs: Disabled

$cfg['Servers'][$i]['column_info'] ...  not OK [ Documentation ]
Displaying Column Comments: Disabled
Browser transformation: Disabled

$cfg['Servers'][$i]['bookmarktable'] ...    not OK [ Documentation ]
Bookmarked SQL query: Disabled

$cfg['Servers'][$i]['history'] ...  not OK [ Documentation ]
SQL history: Disabled

$cfg['Servers'][$i]['designer_coords'] ...  not OK [ Documentation ]
Designer: Disabled

$cfg['Servers'][$i]['tracking'] ...     not OK [ Documentation ]
Tracking: Disabled 

I guess both the problems appeared together without any change in any settings or code by me. Although they look separate from each other.

Please help..

Main problem is why $post is not getting validated and why phpMyadmin is suddenly showing the above mentioned message

Answer

The == NULL comparison will fail. Normally an empty string can also “equal” NULL. (You should preferrably write == "" anyway). But your textarea is unlikely to contain an really empty string. Just from your template I would assume it contains at least an newline, or a few more spaces even.

In that case you don’t want to campare it against the empty string, but probe that it contains anything but spaces. To do so:

if (strlen(trim($vpost))) {

Anyway, to probe if a string contains anything, prefer strlen(). The trim() here is for filtering out whitespace prior to checking that.

Some other notes about your code:

  • htmlspecialchars(mysql_real_escape_string( is the wrong order. The escape function is for the database. It must be applied immediately before concating it into SQL. Applying another encoding (html) afterwards might undo the SQL escaping.
  • <form action="<?php $self ?>" won’t work without some echo
  • And the email regex is just braindamaged. Use filter_var and the builtin FILTER_VALIDATE_EMAIL regex
We are here to answer your question about $_POST values are not getting checked by my function - If you find the proper solution, please don't forgot to share this with your team members.

Related Posts

Tutorial Guruji