Hi,

If you look at how your code is structured, you are still inserting your data even if any of the validation returns true. What you should be doing is saying 'If there are errors, do not insert data'. Try settings a count:

$count = 0;

After each error, increment the count:

++$count;

Then:

if ($count==0) {
// do insert..
}

Something simple like that should work ok for you.

dc

Thanks dc, I will give it a try, and will keep you posted how it goes. Cheers!

No problem. Please do let me know how you get on.

Don`t forget to start your count before your validation checks. Then for each one, an example would be:

echo "Please enter a valid email address<br />";
++$count;

After your last validation check, check the value of count. If its still 0, there are no errors.

dc

Hi dc, no luck what ever I did. Don't really know where I am doing something silly with my validation and insert codes...Arrrgghh...it's frustrating me to the core.

First off, commonly form errors are placed onto an array and echoed all at the end of the validation process. This works well, too, if you would like to serialze [php.net] the errors array for use on another page, such as the form they came from. It would look something like this:

[b]$errors = array();[/b]
if (trim($_POST['sender_Name']) == "") 
$errors[] = "Your Name is missing<br />"; 
if (trim($_POST['sender_Location']) == "") 
$errors[] = "Your Location is missing $sender"; 
if (!preg_match("/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i", $_POST['sender_Email'])) 
$errors[] = "Please enter a valid email address"; 
if (trim($_POST['sentto']) == "") 
$errors[] = "Opss! $sender Please tell us who is this message for"; 
if (trim($_POST['Wishes']) == "") 
$errors[] = "Please select the type of message you want to send $sender"; 
if (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']) < (date('Y-m-d'))) 
$errors[] = "Publish Date cannot be in the past"; 
if (trim($_POST['message']) == "") 
$errors[] = "Please type your message content $sender";

And then when you check for the errors:

if(!empty($errors)) {
echo '<ul>';
foreach($errors as $error)
echo '<li>' . $error .'</li>';
echo '</ul>';
die;
}
# now connect to database because if you got this far you have no errors.

NOW, this I think isn't the source of your problem. My question to you is whether or not you have register globals enabled on your server. If you don't, and you aren't initializing the query variables up above where you haven't posted the code, then you are using variables that haven't been defined yet and therefore empty data is being inserted into your database. I wouldn't be surprised if you were getting many errors in your error log regarding undefined variables from this script. Check this first as this is likely the problem. Of course to fix it, you'd have to use the full version:

$_POST['var_name']

. Please remember, also, to escape your query varaibles with mysql_real_escape_string [php.net], as well, to prevent from SQL injections.

Good luck

Sorry, but I seemed to have missed something. Although this isn't the source of your problem, you should be using quotes where necessary. For instance the following:

$conn = mysql_connect(localhost, root, "password");

is missing quotes.... It should look like this:

$conn = mysql_connect("localhost", "root", "password");

The interpreter initially checks to see if those values are CONSTANTS [php.net] and if it cannot find it it throws a warning and assumes you meant a string value. For good programming practice and to get rid of those pesky notices, just put quotes around strings where it's needed. :)

Hey guys, many thanks for your excellent support, I have now succeeded in completing my form. However, I have 2 queries on this form.
1. the form does not clear off when successfully submitted. I tried to put a header for re-direction, but it didn't work. So please advise how can this be sorted out.
2. Every time the form is successfully submitted, there appears a message (I think it is by default) saying "Resource id #2". I am baffled as to what this means and I do not have anything to that effect on my form; code of which is below. Please advise if I have missed out anything or added anything that I shouldn't have.

<?php
if (isset($_POST['validate']))
{
$sender = (trim($_POST['sender_Name']));
if (trim($_POST['sender_Name']) == "")
echo "<font color=red>Your Name is missing</font><br />";
$location = (trim($_POST['sender_Location']));
if (trim($_POST['sender_Location']) == "")
$errmsg = "<font color=red>Your Location is missing " ."$sender <br />"; echo $errmsg;
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];
}
$email = (trim($_POST['sender_Email']));
if (!preg_match("/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i", $_POST['sender_Email']))
$errmsg = "<font color=red>Please enter a valid email address</font><br />"; echo $errmsg;
$today = date('Y-m-d');
$to = (trim($_POST['sentto']));
if (trim($_POST['sentto']) == "")
$errmsg = "<font color=red>Opss! " ."$sender Please tell us who is this message for</font><br />"; echo $errmsg;
$msg_type = (trim($_POST['Wishes']));
$publ_date = (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']));
if (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']) < (date('Y-m-d'))){
$errmsg = "<font color=red>Publish Date cannot be in the past</font><br />"; echo $errmsg;}
$message = (trim($_POST['message']));
if (trim($_POST['message']) == "")
$errmsg = "<font color=red>Please type your message content " ."$sender</font><br />"; echo $errmsg;

if ($errmsg == "" )
{
include_once('db.conn.php');
echo $conn;
if (!$conn)
{
die ('Sorry, Could Not make Database Connection');
}
mysql_select_db($db);
$result = "INSERT INTO wishes (wishesID, sender_Name, sender_Location, sender_IP, sender_Email,
sent_Date, sent_To, message_Type, publish_Date, message) VALUES ('NULL', '$sender', '$location',
'$ip', '$email', '$today', '$to', '$msg_type', '$publ_date', '$message')";
mysql_query($result) or
die ("Failed to update database");
mysql_close();
$post_email = "$post_email";
$subject = "$msg_type" ." Wishes to be posted on " .$publ_date;
$posted_msg = "Sender: $sender \r\n"."Email: $email \r\n"."Message: $message";
mail($post_email, $subject, $posted_msg, "From: $email\r\nReply-To: $post_email\r\nReturn-Path: $post_email\r\n");
echo "Message successfully transmitted - Thank you<br />";
}
}else
?>
<form> </form>
</body>
</html>