Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Error checking!

Status
Not open for further replies.
CliffLandin

CliffLandin

Programmer
Nov 14, 2004
81
US
Okay, I was practicing my postgresql dbase programming when I ran into a problem. Not postgres problem a php problem.

The problem is:
Using php/html I create a form with the user information. So I check to see that all required fields are filled in using something similar to

<code>
$user = $_POST['uname'];

// verify USERNAME is valid

// if USERNAME BLANK redirect with error #4
if (empty($user))
header("Location: index.php?err=4");
</code>

No matter whether their is something posted or not this check never gets done. It does the next check, which is to check the dbase usernames. It comes back as 'User not found!'

Why doesn't this work? This is the example of empty from the PHP site:

<code>
$var = 0;

// Evaluates to true because $var is empty
if (empty($var)) {
echo '$var is either 0, empty, or not set at all';
}
</code>


Thanks for any help,

When in doubt, go flat out!

 
Sort by date Sort by votes
This line:

$user = $_POST['uname'];

is problematic to begin with. If $_POST['uname'] does not exist (the value was not submitted from the form), the above line will generate a warning. You may not see it, but the warning is generated.

I generally use isset() or array_key_exists() to detect whether a value was submitted.

Code: 
// if USERNAME BLANK redirect with error #4
if (! array_key_exists('uname', $_POST))
    header("Location: index.php?err=4");

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
No, you do not need the space. That's just my programming style.

I've used isset() and array_key_exists() in situation like this for years without problem. When you say, "isset didn't work", how did you use it?

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
No, you can't do "isset($user)". If somewhere you've done:

$user = <something>;

Then $user is, indeed, set. You must use isset() against an element of $_POST or $_GET, not against some intermediate variable.

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Okay, nothing seems to work. I have used (!isset($_POST('uname')) and this didn't work. Just for trial and error I used (isset($_POST('uname')) and that did nothing. So here is the code at least for the log in part, I won't bore you with the sign up part.

function login()
{
// verify USERNAME/PASSWORD is valid

// if USERNAME BLANK redirect with error #4
if (isset($_POST['uname']))
header("Location: index.php?err=4");

// if PASSWORD BLANK redirect with error #5
if (isset($_POST['pword']))
header("Location: index.php?err=5");

$user = $_POST['uname'];
$pass = $_POST['pword'];

include('*connection info*');
$conn = pg_connect(*connection info*);

$result = pg_query($conn, "SELECT * FROM db WHERE username = '$user'");
$row = pg_fetch_row($result);
$useName = $row[1];
$password = $row[2];

pg_close($conn);

if ($useName=="")
header("Location: index.php?err=2");
elseif ($pass<>$password)
header("Location: index.php?err=3");
else{
$_SESSION['loggedin'] = "yes";
header("Location: index.php?li=Y");
}
}

The dbase checking works fine. The blank checking is where I am having trouble.

Thanks.

When in doubt, go flat out!

 
Upvote 0 Downvote
Okay, first get your logic right.

These two lines:

if (isset($_POST['uname']))
header("Location: index.php?err=4");

// if PASSWORD BLANK redirect with error #5
if (isset($_POST['pword']))
header("Location: index.php?err=5");

Do you want these header() invocations to happen when the array elements exist, or when they do not exist? I suspect it's the latter, which means the lines need to be:

if (! isset($_POST['uname']))
header("Location: index.php?err=4");

// if PASSWORD BLANK redirect with error #5
if (! isset($_POST['pword']))
header("Location: index.php?err=5");



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
I don't know that it is I'm supposed to be looking at.

Should your script be looking for non-set (non-existent) fields, or for non-empty fields?

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Ok,
I don't want to be a smartass I just want to get this right, so I am going to start from the beginning.
From the sign in page I want to make sure that both the username and password are filled and check to see that they are either the correct username/password or not. After you submit the login form it goes to a page called process.php. The page is attached to the url to login, logout or register. So process.php grabs the page and the executes a function based on the page using 'switch'.

To login it executes login()
This is the function login() code:
Code: 
function login()
{
// verify USERNAME/PASSWORD is valid

// if USERNAME BLANK redirect with error #4
if (!isset($_POST['uname']))
	header("Location: index.php?err=4");

// if PASSWORD BLANK redirect with error #5
if (!isset($_POST['pword']))
	header("Location: index.php?err=5");

$user = $_POST['uname'];
$pass = $_POST['pword'];
	
include('../connect info');
$conn = pg_connect(connect info);

$result = pg_query($conn, "SELECT * FROM db WHERE username = '$user'");
$row = pg_fetch_row($result);
$useName = $row[1];
$password = $row[2];

pg_close($conn);

if ($useName=="")
	header("Location: index.php?err=2");
elseif ($pass<>$password)
	header("Location: index.php?err=3");
else{
	$_SESSION['loggedin'] = "yes";
	header("Location: index.php?li=Y");
}
}

When in doubt, go flat out!

 
Upvote 0 Downvote
Will this script only be invoked from that HTML page? If so, the form-fields will always be there, just sometimes empty. This means that isset() or array_key_exists() is not the right way to check these fields.

What you want to do is to check that their lengths are not zero. Try:

// if USERNAME BLANK redirect with error #4
if ($_POST['uname'] != '')
header("Location: index.php?err=4");

// if PASSWORD BLANK redirect with error #5
if ($_POST['pword'] != '')
header("Location: index.php?err=5");


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Okay, I have tried this to no effect. But shouldn't it be =='' rather than !=''?

The root of this problem must lie elsewhere.

I have tried:

empty()
isset()
==''
==""
!=''
!==''
(! array_key_exists('uname', $_POST))

This is truly infuriating.

It seemed like the least of my problems would be checking to see if a field was set or not.


When in doubt, go flat out!

 
Upvote 0 Downvote
Oops. You're right. The logic should be:

if ($_POST['uname'] == '')

Again, array_key_exists() isn't good here. The array key will always be there if the form is submitted, even if the value is blank.

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Ok, I think I have found the problem. It isn't the syntax, it is the order in which the functions are processed.

If I call each check as a function it works fine, at least so far.

When in doubt, go flat out!

 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mervgh
  • Locked
  • Question
My own custom error handler
Replies
1
Views
288
Chris Miller
Chris Miller
Krus1972
  • Locked
  • Question
Syntax Error - Confused 1
Replies
2
Views
177
spamjim
spamjim
notsoevilgenius
  • Locked
  • Question
Error Updating From mySQL To MySQLi
Replies
2
Views
169
vacunita
vacunita
southbeach
  • Locked
  • Question
Yii 2 - Checking / testing installation
Replies
3
Views
125
southbeach
southbeach
cmayo
  • Locked
  • Question
Do PHP file uploads perform any kind of integrity checking?
Replies
7
Views
293
Borvik
Borvik

Part and Inventory Search

Sponsor

Back
Top