1

So I need help with a required form field. I want the 3 fields (exam_id, subject, exam_date) to be required fields when filling out the PHP form. So when the insert button is hit, if a field is left blank and error will display or the action won't complete unless every field is filled in. I'm using all php, no HTML and no, I don't want to redo my form as HTML calling the php, I want it like this. There's no security problems either, this is just a simple project. My code:

<?php
echo '<link rel="stylesheet" type="text/css" href="css/tables.css" />';

$con = mysql_connect("localhost","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("StudentExams", $con);

if (isset($_POST['update']))
{
$UpdateQuery = "UPDATE Exam SET exam_id='$_POST[exam_id]', subject='$_POST[subject]', exam_date='$_POST[exam_date]' WHERE exam_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};

if (isset($_POST['delete']))
{
$DeleteQuery = "DELETE FROM Exam WHERE exam_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};

if (isset($_POST['insert']))
{
$InsertQuery = "INSERT INTO Exam (exam_id, subject, exam_date) VALUES ('$_POST[uexam_id]','$_POST[usubject]','$_POST[uexam_date]')";
mysql_query($InsertQuery, $con);
};

$sql = "SELECT * FROM Exam";

$Data = mysql_query($sql,$con);

echo "<table id='size' border='1'>
<tr>
<th>Exam_ID</th>
<th>Subject</th>
<th>Exam_Date</th>
</tr>";
while($record = mysql_fetch_array($Data))
{
echo "<form action=examisud.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=exam_id value=" . $record['exam_id'] . " </td>";
echo "<td>" . "<input type=text name=subject value=" . $record['subject'] . " </td>";
echo "<td>" . "<input type=text name=exam_date value=" . $record['exam_date'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['exam_id'] . " </td>";
echo "<td>" . "<input type=image name=update value=update id=submit src=images/update.png" . " </td>";
echo "<td>" . "<input type=image name=delete value=delete id=submit src=images/delete.png" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=examisud.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uexam_id></td>";
echo "<td><input type=text name=usubject></td>";
echo "<td><input type=text name=uexam_date></td>";
echo "<td>" . "<input type=image name=insert value=insert id=submit src=images/insert.png" . " </td>";
echo "</form>";
echo "</table>";



echo "<a href='ExamForm.html'> Back to main page </a>";

mysql_close($con);

?>

Thanks in advance for anyone who can help me out! I feel there is either a very simple solution i'm missing or it's very convoluted due to the absence of a generic HTML form.

Improve this question
4
  • 2
    You are wide open to SQL injection attacks, and you will be hacked if you haven't been already. Please use prepared / parameterized queries to prevent this from happening. See also: How can I prevent SQL injection in PHP? Commented Mar 28, 2014 at 18:30
  • 1
    I see lots of HTML. Just because it is wrapped in PHP echo statements does not mean you are not using it Commented Mar 28, 2014 at 18:32
  • I'm using all php, no HTML you are using a bunch of html you are just having your php echo it for some reason. Commented Mar 28, 2014 at 18:32
  • Amal, this is a personal project, it will stay all on my own wamp server. And I meant that i'd have the HTML wrapped in PHP without the form being entered on a HTML page. I looked up lots of solutions here and all of them had the html form filled in on a html page whereas I have my html page take me to the php page where all the fields can be inserted, updated and deleted. Commented Mar 28, 2014 at 20:20

2 Answers 2

Reset to default
1

Just do a check on the top with isset

if(!isset($_POST['exam_id'],$_POST['subject'],$_POST['exam_date']))
{
 echo "These fields are required ! Please fill it up";
 header("location:backtoform.php");exit;
}

Warning : Since you are passing the $_POST parameters directly onto your query, you are prone to SQL Injection attacks.

This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I won't be attacked, it's simple a personal project which won't go any further than my own wamp server at home! And as for your answer, i'm not sure where to put this in my file? I'm a newb as you probably know, would I just post it directly at the top above the if issset update statement? Thanks!
Yes exactly after the echo '<link rel="stylesheet" type="text/css" href="css/tables.css" />'; line
1

isset( ... ) is only used to see if a field is set or not. It doesn't care if the value of the field is empty.

You need to use empty( .. ) instead. It would return true only if the field was ever set and is not empty. Two apples with one shot.

Across all your if statements, use !empty. Maintain an $error variable and initialize it to FALSE. Whenever an error occurs, set $error to TRUE. In the end, perform the required operation only when $error == FALSE.

$error = false;
    if (  !empty($_POST['update']   ){
    // stuff
    }
    else {
    // display error message
    $error=true;
    }

if(!$error){
// operations
}

This way you can neatly separate validations from operations.

Improve this answer

2 Comments

Simply checking empty is sufficient. the isset check is redundant. if(!empty($_POST['update']))
@SasankaPanguluri Hey, i'm a newb to all of this as you can probably tell, could you maybe take one of my if statements and wrap it around these empty validations for just a guideline please? Thanks for your help anyway if you can't.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.