Home/ Questions/Q 7782637
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T19:36:15+00:00

Please help! This is my code where I am trying to set mandatory fields.

  • 0

Please help! This is my code where I am trying to set mandatory fields. If the field is empty it should display the error if its been completed, it should redirect to myaccount.php. With the code below it is just redirecting me to myaccount.php all the time. the field in question is a large text area.
PHP:

session_start();
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$err = array();
if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
if ( ! isset($_SESSION['user_id']))
{
    exit(header("Location:login.php\r\n"));
}

{
$result = mysql_query("SELECT `id` FROM users WHERE `banned` = '0'") or 
die (mysql_error());



list($id) = mysql_fetch_row($result);

$_SESSION['user_id']= $id;
foreach($_POST as $key => $value)

if(empty($abstract))
{
$err[] = "ERROR - Enter Native Language";
//    header("Location: language.php?msg=$err[0]");
}

/// Automatically collects the hostname or domain  like example.com)
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

if(empty($err)) {
    $thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
    $abstract = mysql_real_escape_string($_POST['abstract']);

$sql_insert = "INSERT into `thesis`
    (`user_id`,`thesis_Name`,`abstract` )
VALUES
    ('$id','$thesis_Name','$abstract') ";

mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
}
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();

}
}

Login form:

$err = array();

foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}

if (@$_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users
  WHERE 
       $user_cond
        AND `banned` = '0'
        ") or die (mysql_error()); 
$num = mysql_num_rows($result);

// Match row found with more than 1 results  - the user is authenticated. 
if ( $num > 0 ) { 

list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);


//header("Location: login.php?msg=$msg");
 //exit();
 }

if(empty($err)){            

 // this sets session and logs user in  
    session_start();
   session_regenerate_id (true); //prevent against session fixation attacks.

   // this sets variables in the session 
    $_SESSION['user_id']= $id;  
    $_SESSION['user_name'] = $full_name;
    $_SESSION['user_level'] = $user_level;
    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

    //update the timestamp and key for cookie
    $stamp = time();
    $ckey = GenKey();
    mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' 
where id='$id'") or die(mysql_error());

    //set a cookie 


    header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
    exit();
     }
    }
    else
    {
    //$msg = urlencode("Invalid Login. Please try again with correct 
user email and password. ");
    $err[] = "Invalid Login. Please try again with correct user email
and password.";
    //header("Location: login.php?msg=$msg");
    }
} else {
    $err[] = "Error - Invalid login. No such user exists";
  }

}

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    • not testest but should be something like this:
    <?php
$err = array();

// if not logged in no reason to go further
if (empty($_SESSION['user_id'])) {
    header('Location: signup.php');
    // or login.php
}

// otherwise
if (isset($_POST['doThesis'])) {
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
    $user_id = intval($_SESSION['user_id']);
    // check if current user is banned
    $the_query = sprintf("SELECT COUNT(*) FROM users WHERE `banned` = '0' AND `id` = '%d'", $user_id);
    $result = mysql_query($the_query, $link);
    if ($result) {
        $user_check = mysql_num_rows($result);
        // user is ok
        if ($user_check > 0) {

            // required field name goes here...
            $required_fields = array('thesis_Name');
            // check for empty fields
            foreach ($required_fields as $field_name) {
                $value = trim($_POST[$field_name]);
                if (empty($value)) {
                    $err[] = "ERROR - $field_name is left blank!";
                }
            }
            // no errors
            if (empty($err)) {

                $thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
                $abstract = mysql_real_escape_string($_POST['abstract']);

                // insert into the database
                $the_query = sprintf("INSERT INTO `thesis` (`user_id`,`thesis_Name`,`abstract`) VALUES ('%d','%s','%s')", $user_id, $thesis_Name, $abstract);

                // query is ok?
                if (mysql_query($the_query, $link)) {

                    // redirect to user profile
                    header('Location: myaccount.php?id=' . $user_id);
                } else {
                    echo mysql_error();
                }
            }
        }
    } else {
        echo mysql_error();
    }
}
?>
    • 0