Home/ Questions/Q 7990787
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T13:06:52+00:00

I am validating an HTML Form with PHP. All of my code is fine,

  • 0

I am validating an HTML Form with PHP. All of my code is fine, except the message field. If I put something in the message field and the other fields are displaying errors, it still submits. But, if I put something into the other fields and the other fields have errors, it won’t submit, which is correct. I suspect it has something to do with the last if-else of my code. Thank you in advance. 

contact.php
<?php

include 'includes/config.php';
$errors = FALSE;
$displayErrors = NULL;

if (isset($_POST['submit'])) {

$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];

//Connect to MYSQL Database server
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect to MYSQL Database.");
$result = mysql_select_db(DB_NAME, $connect) or die("Could not connect to MYSQL table.");

//Clean Data to prevent malicous injections
mysql_real_escape_string(strip_tags(stripcslashes(trim($first))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($last))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($email))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($subject))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($message))));

if (empty($first)) {
    $errors = TRUE;
    $displayErrors .= 'First name is invalid.<br/>';
}
if (empty($last)) {
    $errors = TRUE;
    $displayErrors .= 'Last name is invalid.<br/>';
}
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $errors = TRUE;
    $displayErrors .= 'Email is invalid.<br/>';
}
if (empty($subject)) {
    $errors = TRUE;
    $displayErrors .= 'Subject is invalid.<br/>';
}
if (empty($message)) {
    $errors = TRUE;
    $displayErrors .= 'Message is invalid.<br/>';
} else {
    $errors = FALSE;
          //Database insertion goes here
    echo 'Form submission successful. Thank you ' . $first . '.';

}

}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First off, Don’t use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLithis article will help you decide which. If you choose PDO, here is a good tutorial.

    I’ve tidied your logic, instead of using $error=true ect you should build an error array (containing your error text) and then check if thats empty at the end, I also cleaned up the magic quotes problem it seems your having, and the horrid multiple mysql_real_escape_string’s, hope it helps

    contact.php

    <?php
include 'includes/config.php';
//Connect to MYSQL Database server
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect to MYSQL Database.");
$result = mysql_select_db(DB_NAME, $connect) or die("Could not connect to MYSQL table.");

$errors = array();

if ($_SERVER['REQUEST_METHOD']=='POST') {

    function clean(&$value){
        if (get_magic_quotes_gpc()){
            $value = mysql_real_escape_string(strip_tags(trim($value)));
        }else{
            $value = mysql_real_escape_string(trim($value));
        }
    }
    array_walk($_POST,'clean');


    if (empty($_POST['first'])) {
        $errors['first']= 'First name is invalid.<br/>';
    }else{
        $first = $_POST['first'];
    }

    if (empty($_POST['last'])) {
        $errors['last']= 'Last name is invalid<br/>';
    }else{
        $last = $_POST['last'];
    }

    if (empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        $errors['email'] = 'Email is invalid.<br/>';
    }else{
        $email = $_POST['email'];
    }

    if (empty($_POST['subject'])) {
        $errors['subject']= 'Subject is invalid.<br/>';
    }else{
        $subject = $_POST['subject'];
    }

    if (empty($_POST['message'])) {
        $errors['message']= 'Message is invalid.<br/>';
    }else{
        $message = $_POST['messsage'];
    }

    if(empty($errors)){
        //Database insertion goes here
        echo 'Form submission successful. Thank you ' . htmlentities($first) . '.';
    }else{
        //Errors, so your have $errors['name'] ect to output
        //so somthing like:
        echo (isset($errors['name'])?$errors['name']:null);

    }

}
?>

    You should also perhaps add a condition that the value is a min certain length, with strlen($_POST['first']) > 2 ect.

    • 0