Hello
I'm still a beginner in PHP and I staggered by validating the contact form on my site.
It completes client-side validation using Javascript, but the server side is still not completing the task, so ask for your help.
I have the HTML form below:
<form id="form" name="contactForm" method="post" action="php/Form.php">
<div>
<label for="name">Your name</label>
<input type="text" id="name" name="name" maxlength="40" placeholder="Write your Name" >
<span class="error"><?php echo $nameError; ?></span>
</div>
<div>
<label for="email">Your email</label>
<input type="email" id="email" name="user_mail" placeholder="[email protected]">
<span class="error"><?php echo $emailError; ?></span>
</div>
<div>
<label for="topic">Select Topic</label>
<select id="topic" name="topic">
<option selected disabled hidden value="">Choose a Topic</option>
<option value="link">Site Link</option>
<option value="copyright">Copyright</option>
<option value="errors">Site/Article errors</option>
<option value="feedback">Feedback</option>
<option value="other">Other</option>
</select>
<span class="error"><?php echo $topicError; ?></span>
</div>
<div>
<label for="msg">Your message</label>
<textarea id="msg" name="user_message" placeholder="Write your message"></textarea>
<span class="error"><?php echo $msgError; ?></span>
</div>
<div class="button">
<button type="submit" id="submit" name="submit" value="true">Submit</button>
<span class="success"></span>
</div>
</form>
And in form_contacts.php I wrote the following code:
$servername = "localhost:3306";
$username = "root";
$password = "";
$dbname = "site_comboios";
$name = $_POST['name'];
$email = $_POST['user_mail'];
$topic = $_POST['topic'];
$msg = $_POST['user_message'];
if( isset( $_POST['submit'])) {
if(empty( $name) || isset($name) ) {
$nameError = "Name is required" ;
}
if(empty( $email) || isset($email)) {
$emailError = "Email is required";
} elseif(filter_var($email,FILTER_VALIDATE_EMAIL)) {
$emailError = "Please insert a correct email address";
}
if(empty( $topic) || isset($topic) ) {
$topicError = "Please choose a topic";
}
if(empty( $msg) || isset($msg) ) {
$msgError = "Let us know your opinion";
}
}
//Create connection to database
$mysqli = new mysqli($servername, $username, $password, $dbname);
//check connection
if($mysqli->connect_errno) {
echo 'Error connecting to database';
}
//Prepared Statement
$stmt = $mysqli->prepare("INSERT INTO contacts(Nome, Email, Topico, Mensagem) VALUES(?, ?, ?, ?)" );
$stmt->bind_param('ssss', $name, $email, $topic, $msg);
$stmt->execute();
What happens when you press the "Submit" button, it is submitted even without any data entered! (this test is always done with Javascript turned off, of course)
Does not do any validation and a new record is always created in the database.
What am I doing wrong in the validation part?
Thanks for the help