Zachary Gover Zachary Gover - 5 months ago 23
PHP Question

PHP Post Parameter Passing Validation When the Value is Empty

I'm having an issue when the posting a selection value for server side validation. When the user does not make a selection, therefore it is still selected on "Select...". It still passes the empty() method, although the value is empty.

<?php

// Email Properties
$email_to = "user@domain.com";
$email_subject = "3DMark3t Contact:";
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$telephone = $_POST['telephone'];
$comments = $_POST['comments'];
$select = $_POST['select'];

function formError($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}

// Make sure all fields are not empty
if(empty($first_name) || empty($last_name) || empty($email) ||
empty(telephone) || empty($comments) || empty($select)) {
// Return error
formError('Please fill in all of the fields.');
}

// Regex Tests
$error_message = "";

// Expressions
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$string_exp = "/^[A-Za-z .'-]+$/";

if(!preg_match($email_exp, $email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
if(!preg_match($string_exp, $first_name)) {
$error_message .= 'The First Name you entered does not appear to be valid.<br />';
}
if(!preg_match($string_exp, $last_name)) {
$error_message .= 'The Last Name you entered does not appear to be valid.<br />';
}
if(!empty($error_message)) {
formError($error_message);
}

$email_message = "3DMark3t Contact: \n";
$email_message .= "First Name: {$first_name} \n";
$email_message .= "Last Name: {$last_name} \n";
$email_message .= "Email: {$email} \n";
$email_message .= "Telephone: {$telephone} \n";
$email_message .= "Select One: {$select} \n";
$email_message .= "Comments: {$comments} \n";

// Create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);

header("Location /");


HTML:

<form name="htmlform" method="post" action="php/html_form_send.php">
<table width="450px">
<tr>
<td valign="top">
<label for="first_name">First Name *</label>
</td>
<td valign="top">
<input type="text" name="first_name" maxlength="30" size="30">
</td>
</tr>
<tr>
<td valign="top">
<label for="last_name">Last Name *</label>
</td>
<td valign="top">
<input type="text" name="last_name" maxlength="30" size="30">
</td>
</tr>
<tr>
<td valign="top">
<label for="email">Email Address *</label>
</td>
<td valign="top">
<input type="text" name="email" maxlength="30" size="30">
</td>
</tr>
<tr>
<td valign="top">
<label for="telephone">Telephone Number</label>
</td>
<td valign="top">
<input type="text" name="telephone" maxlength="30" size="30">
</td>
</tr>
<tr>
<td valign="top">
<label for="select">Select One *</label>
</td>
<td valign="top">
<select name="select">
<option value="">Select...</option>
<option value="3DModels">3DModels</option>
<option value="Graphic Design">Graphic Design</option>
<option value="Web Design">Web Design</option>
<option value="Tutorials">Tutorials</option>
<option value="Report">Report</option>
<option value="Requests">Requests</option>
</select>
</td>
</tr>
<tr>
<td valign="top">
<label for="comments">Comments *</label>
</td>
<td valign="top">
<textarea name="comments" maxlength="1000" cols="32.5" rows="6"></textarea>
</td>
</tr>
<tr>
<td colspan="2" style="text-align:center">
<input type="submit" value="Submit">
</td>
</tr>
</table>
</form>

Answer

You are testing if $_POST['formGender'] is set, but PHP will return TRUE for isset() on an empty string. No selection on your form means that $_POST['formGender'] == "", and that is considered to be "set" in the isset() check.

Instead test if it is empty() which will both verify if the variable is defined like isset() and if it has a non-empty value.

if(empty($_POST['formGender']))
{
  $errorMessage .= "<li>You forgot to select your Gender!</li>";
}

Also test for empty() here instead of !isset()

 if(!isset($_POST['first_name']) ||
    !isset($_POST['last_name']) ||
    !isset($_POST['email']) ||
    !isset($_POST['telephone']) ||
    !isset($_POST['comments'])) {
 if(empty($_POST['select']) )

Update

I'm not really sure what you are trying to accomplish with this. But, 3DModels, Graphic Design, etc will not be part of the $_POST array. They are potential values of $_POST['select']. I don't understand what your intent is here.

if(empty($_POST['select']) )
{
  $var3dmodels = $_POST['3DModels'];
  $vargraphic_design = $_POST['Graphic Design'];
  $varweb_design = $_POST['Web Design'];
  $vartutorials = $_POST['Tutorials'];
  $varreport = $_POST['Report'];
  $varrequests = $_POST['Requests'];
}

The source of your problem:

I finally see where your error is. Instead of $error_message, you are using $errorMessage for $_POST['select']:

if(empty($_POST['select']))
{
  // Oops...
  $errorMessage .= 'The selection you made does not appear to be valid.<br />';

  // Should be
  $error_message .= 'The selection you made does not appear to be valid.<br />';
}

You should turn on error_reporting and display_errors in PHP.ini for development and testing only. An uninitialized variable used like $errorMessage .= ... would issue a notice, and you'd see the error on screen. Turn this off for production code.

// Report all errors and notices
error_reporting(E_ALL);
ini_set('display_errors', 1);