4

I'm new to php and I don't quite understand why this form is submitting under all circumstances... So my question is:

How do I fix this so the form only submits when the user fills out all fields?

if (!$_POST['username'] && !$_POST['password'] && !$_POST['repassword'] 
&& !$_POST['user_firstname'] && !$_POST['user_lastname'] ){
header('Location: register.php?msg=You did not complete all of the required fields');
}

I used both && and || operators however it always submits no matter what field you filled out. 

<form action="createuser.php" method="post" name="registration_form" id="registration_form">
<label>Email</label>
<input name="username" type="text" id="username" size="50" maxlength="50" /><br />
<label>First Name</label>
<input name="user_firstname" type="text" id="user_firstname" size="50" maxlength="50" /><br />
<label>Last Name</label>
<input name="user_lastname" type="text" id="user_lastname" size="50" maxlength="50" /><br />
<label>Password</label>
<input name="password" type="password" id="password" size="50" maxlength="100" /><br />
<label>Re-type Password</label>
<input name="repassword" type="password" id="repassword" size="50" maxlength="100" /><br />


<input type="submit" value="Register" name="submit" />

Thanks in advance for any help, and this seems like an awesome community to be involved in!

VKen
  • 4,964
  • 4
  • 31
  • 43
thedullmistro
  • 382
  • 7
  • 20
  • A form will submit no matter what. Sounds like you need to add validation, see: http://bassistance.de/jquery-plugins/jquery-plugin-validation/ – Mike Robinson Oct 10 '12 at 21:15
  • use empty($_POST['some_value']) rather !$_POST['some_value'] than to check if the field is actually empty – kalpaitch Oct 10 '12 at 21:15

6 Answers6

3
if (empty($_POST['username'])
    || empty($_POST['password'])
    || empty($_POST['repassword'])
    || empty($_POST['user_firstname'])
    || empty($_POST['user_lastname'])
    ){
header('Location: register.php?msg=You did not complete all of the required fields');
}

EDIT: True, as the comments suggest, the validation needs to be more substantial than this. redirecting after checking is not a good idea, instead try posting the form to itself. If there aren't any errors then continuing with processing the form data, if there are errors set them in a variable/object/array and display them on the form/repopulate the form with the post data.

kalpaitch
  • 5,193
  • 10
  • 43
  • 67
  • and I think you need || not && if you're checking for a single empty value that would invalidate the form – kalpaitch Oct 10 '12 at 21:20
  • 1
    Note that when using `header('Location')` you should **always** use the full URI as per the spec. – PeeHaa Oct 10 '12 at 21:30
  • 2
    Not only that, if there is a query string, write it as one. Space is a reserved character in an URI that needs special treatment. Not speaking that redirect removes all input, so in case of an error, the form has to be filled again from zero. That actually is driving users away. You should give better answers to user with these basic questions, or they come back in no time with their *next* problem. – hakre Oct 10 '12 at 21:31
  • maybe using `urlencode();` for the uri? Would be that useful too or not? – rsz Oct 10 '12 at 21:47
3

The ! (not) operator works best with booleans, but all your values are strings. Instead of:

!$_POST['username']

try:

!empty($_POST['username'])

This is the codi if you want to execute something when all fields are full:

if (!empty($_POST['username']) && 
   !empty($_POST['password']) && 
   !empty($_POST['repassword']) && 
   !empty($_POST['user_firstname']) &&
   !empty($_POST['user_lastname']) ){
    header('Location: register.php?msg=You completed all of the required fields');
}

If you want to execute something when at least one field is empty, try:

if (empty($_POST['username']) || 
       empty($_POST['password']) || 
       empty($_POST['repassword']) || 
       empty($_POST['user_firstname']) ||
       empty($_POST['user_lastname']) ){
        header('Location: register.php?msg=You did not complete all of the required fields');
    }
Giuppe
  • 434
  • 3
  • 7
0

Because you are using && (and) which means all of the conditions must be true. Use || (or) and this will work.

Jonathan Eckman
  • 2,071
  • 3
  • 23
  • 49
0

You're using && which is only true if all the conditions are true - that is to say that you do your redirect only in the case where none of your values are set. If you want to back it if any of them are unset, you'd say !A || !B || !C ||... or !(A && B && C && ...).

Sean McSomething
  • 6,376
  • 2
  • 23
  • 28
-1

The form is behaving exactly as it was designed to do.

You need to use JavaScript to validate your form:

<input type="button" onclick="val()" value="Register" name="submit" />

JS:

function val() {
    ///your validation code.

}

There are many form validation scripts and plug-ins available out in the wild.

Diodeus - James MacFarlane
  • 112,730
  • 33
  • 157
  • 176
  • his point is that he is trying to validate with php and redirect back to the form if it doesn't validate. – kalpaitch Oct 10 '12 at 21:16
  • 1
    It is a better user experience to do the validation client-side first. – Diodeus - James MacFarlane Oct 10 '12 at 21:17
  • 2
    @Diodeus Yes, but server-side validation is absolutely critical. You can't trust client-side validation any. – ceejayoz Oct 10 '12 at 21:19
  • 1
    it doesn't answer the question... sorry I meant, "we should stick to the question asked" – kalpaitch Oct 10 '12 at 21:19
  • @Diodeus You only said "first" when called on it, and even then it's not an answer to the OP's question. – ceejayoz Oct 10 '12 at 21:21
  • so just asking, one should do a pre-validation in JS (for not losing all your content if it's rejected) and then another validation in php to make sure we don't send/save bad data, and validate password for ex? –  Oct 10 '12 at 22:09
-1

Try 

if(empty($_POST['item'])) && ...
John Conde
  • 217,595
  • 99
  • 455
  • 496
Stacky
  • 106
  • 1
  • 8