Skip to content
Advertisement

Form validation doesn’t work after adding the database in the add.php page (A project from net ninja)

I’ve checked it too many times but I couldn’t find anything wrong with the codes but one thing that seems wired to me is that, when I disable database from the page then the form validation works fine and right after adding the database again the whole form validation collapses and the datas gets submitted without any validation.
Here’s the code that I’ve used:

    <?php
    // connect to the databsae
    include('config/db_connect.php');

    $title = $email = $ingredients = '';
    $errors = array('email' => '', 'title' => '', 'ingredients' => '');
    
    if(isset($_POST['submit'])) {
    // check email
        if (empty($_POST['email'])) {
            $errors['email'] = "An email is required <br />";
        }else{
            $email = ($_POST['email']);
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                $errors['email'] = "email must be a valid email address";
            }
        }
    // check title
        if (empty($_POST['title'])) {
            $errors['title'] = "An title is required <br />";
        }else{
            $title = ($_POST['title']);
            if(!preg_match('/^[a-zA-Zs]+$/', $title)){
                $errors['title'] = "Title must be letter and spaces only";
            }
        }
    // check ingredients
        if(empty($_POST['ingredients'])){
            $errors['ingredients'] = 'At least one ingredient is required <br />';
        } else{
            $ingredients = $_POST['ingredients'];
            if(!preg_match('/^([a-zA-Zs]+)(,s*[a-zA-Zs]*)*$/', $ingredients)){
                $errors['ingredients'] = 'Ingredients must be a comma separated list';
            }
        }

        if (array_filter($errors)){
            echo "There are errors in the form";
        }else{
            // to make sure the data incerted inside the database is safe
            $email = mysqli_real_escape_string($conn, $_POST['email']);
            $title = mysqli_real_escape_string($conn, $_POST['title']);
            $ingredients = mysqli_real_escape_string($conn, $_POST['ingredients']);
        }
        // create sql to add data to the database
        $sql = "INSERT INTO pizzas(title,email,ingredients) VALUES ('$email', '$title', '$ingredients')";

        // save to database and check
        if (mysqli_query($conn, $sql)){
            // success
            header('Location: index.php');
        }else{
            // error
            echo 'query error: ' . mysqli_error($conn);
        }

}

Advertisement

Answer

You have not set an exit point from the script and the script continues to run, even if errors are found. You can add die or etc. like this:

if (array_filter($errors)) {
    echo "There are errors in the form";
    die(1); //or exit or return if it is function
} else {
    // to make sure the data incerted inside the database is safe
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $title = mysqli_real_escape_string($conn, $_POST['title']);
    $ingredients = mysqli_real_escape_string($conn, $_POST['ingredients']);
}
User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement