Trouble validating for empty string in form?

Hi guys,

i’ve built a webapp where i can upload along with description images, and then display images on the very same page. One of the things i am trying to validate is for an empty string under the Description input field. Now obviously, this is quite simple i.e checking if it is equal to " " but when i submit my form, it does not go into my validation check. Here is a list of what i’ve been doing:


// Check if description bar is blank
    $descriptionbar = mysqli_real_escape_string($link, $_POST['description']);
    if($descriptionbar = " " )
    {
        $error = 'Sorry you must enter a description inorder to submit image' + print($description);
        
        include 'error.html.php';
        exit();
    }

On submission of my form with my file and leaving a blank, it submits and outputs a value of 1


   $descriptionbar = mysqli_real_escape_string($link, $_POST['description']);
    if(!isset($descriptionbar) )
    {
        $error = 'Sorry you must enter a description inorder to submit image' + print($description);
        
        include 'error.html.php';
        exit();
    }


On submission, again leaving the description blank, the image is displayed with no text


 $descriptionbar = mysqli_real_escape_string($link, $_POST['description']);
    if(empty($descriptionbar) )
    {
        $error = 'Sorry you must enter a description inorder to submit image' + print($description);
        
        include 'error.html.php';
        exit();
    }

On submission, it simply outputs the value of 1.

I thought by simply testing for " ", would work, but clearly it does not.
My only guess is that there is an issue with my form:


<form enctype="multipart/form-data" action=" " method="POST">        
        <div>
        <label for="description"> Description: </label> <input type="text" name="description" id="description" /> <br >
        </div>
        
        <div>
            <label for="category"> Category </label>
            <select name="category" id="category">
                    <option value="Cheng_Huang_Temple">Cheng Huang Temple </option>
                    <option value="Shanghai_Zoo">Shanghai Zoo </option>
            </select> <br />
        </div>
        
        <div>
            <label for="uploadimg"> Upload Photo: </label>
         <input type="file" id="photo" name="photo"/> <br >
        </div>
        
        <div>
        <input type="hidden" name="action" value="upload"/>
        <input type="submit" value="Upload" />
        </div>
    </form>


index.php



if(!isset($_FILES['photo']))
{
    include 'imageuploadform.html.php';
        
}
if(isset($_POST['action']) and $_POST['action'] == 'upload')
{  
    $description = mysqli_real_escape_string($link, $_POST['description']);
    $category = mysqli_real_escape_string($link, $_POST['category']);
    $file = ($_FILES['photo']['name']);
    
    $target = './images/';
    $target .= basename($_FILES['photo']['name']);
    
    //print_r($_FILES['photo']);
    
    // Check if file was uploaded
    if(!is_uploaded_file($_FILES['photo']['tmp_name']))
    {
        $error = 'There was no file uploaded';
        include $_SERVER['DOCUMENT_ROOT'] . '/includes/error.html.php';
        exit();
    }
    
    // Check if file exists
    if(file_exists($target))
    {
        $error = 'This file already exists on the server';
        include 'error.html.php';
        exit();
    }
    
    // Check if description bar is blank
    $descriptionbar = mysqli_real_escape_string($link, $_POST['description']);
    if(empty($descriptionbar) )
    {
        $error = 'Sorry you must enter a description inorder to submit image' + print($description);
        
        include 'error.html.php';
        exit();
    }

... rest of code skiped



If somebody can give me some assistant on this that would be greate.

Yaa Sillysoft is right

single equal sing(=) assigns value to the variable not compare

To compare == is used

like

if($description == ""){
// do some thing

}

$description ="" is incorrect...

i also did:


/ Check if description bar is blank
    $description = mysqli_real_escape_string($link, $_POST['description']);
    if($description = "") 
...

just to be safe but doing this means that it would submit my image and display it along with no text.

Here is my complete index.php file:



<?php
/**
 *File name:index.php is a controller to help load the description of each image file from db onto the browser
 *Date Created: 1st June 2010
 *Last modified 19th August 2010
 *
 */
 

include $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
include $_SERVER['DOCUMENT_ROOT'] . '/includes/shanghai_db.inc.php';

if(!isset($_FILES['photo']))
{
    include 'imageuploadform.html.php';
        
}
if(isset($_POST['action']) and $_POST['action'] == 'upload')
{  
    $description = mysqli_real_escape_string($link, $_POST['description']);
    $category = mysqli_real_escape_string($link, $_POST['category']);
    $file = ($_FILES['photo']['name']);
    
    $target = './images/';
    $target .= basename($_FILES['photo']['name']);
    
    //print_r($_FILES['photo']);
    
    // Check if file was uploaded
    if(!is_uploaded_file($_FILES['photo']['tmp_name']))
    {
        $error = 'There was no file uploaded';
        include $_SERVER['DOCUMENT_ROOT'] . '/includes/error.html.php';
        exit();
    }
    
    // Check if file exists
    if(file_exists($target))
    {
        $error = 'This file already exists on the server';
        include 'error.html.php';
        exit();
    }
    
    // Check if description bar is blank
    $description = mysqli_real_escape_string($link, $_POST['description']);
    if($description = "") 
    {
        $error = 'Sorry you must enter a description inorder to submit image' + print($description);
        
        include 'error.html.php';
        exit();
    }
  
  
     if(move_uploaded_file($_FILES['photo']['tmp_name'],$target))
      { 
          // Get information from the form
          $uploaddesc = $_POST['description'];
          $uploadcat = $_POST['category'];  
          $uploadname = $_FILES['photo']['name'];  
          
           
           //Prepare for user submitted for safe database insert
          $uploaddesc = mysqli_real_escape_string($link, $uploaddesc);
          $uploadcat = mysqli_real_escape_string($link, $uploadcat);
          $uploadname = mysqli_real_escape_string($link, $uploadname);
          
         include $_SERVER['DOCUMENT_ROOT'] . '/includes/shanghai_db.inc.php';
          $sql = "INSERT INTO  image_detail SET Filename = '$uploadname',
                              Category = '$uploadcat', Description = '$uploaddesc'";
          
          
          
          if(!mysqli_query($link, $sql) )
          {
            $error = 'Database error storing file information';
            include 'error.html.php';
            exit();
          }
          else
          {
            
            $output = 'The file and information has been stored successfully';      
            include 'success.html.php';
          }
           
      }
      else
      {
        die("Error moving file");
      } 
      

    include $_SERVER['DOCUMENT_ROOT'] . '/includes/shanghai_db.inc.php';
       $result = mysqli_query($link, "SELECT * FROM image_detail");
       
 
        
   if(!$result )
    {
        $error = 'Error fetching image data from database';
        include 'error.html.php';
        exit();    
    }
          
    while ($row = mysqli_fetch_array($result))
    {
        $images[] = array('Filename' => $row['Filename'], 'Description' => $row['Description'], 'Category' => $row['Category']);
    }
 

    include 'homepage.html.php';
    exit();

 
}

?>


and my form:


<form enctype="multipart/form-data" action=" " method="POST">        
        <div>
        <label for="description"> Description: </label> <input type="text" name="description" id="description" /> <br >
        </div>
        
        <div>
            <label for="category"> Category </label>
            <select name="category" id="category">
                    <option value="Cheng_Huang_Temple">Cheng Huang Temple </option>
                    <option value="Shanghai_Zoo">Shanghai Zoo </option>
            </select> <br />
        </div>
        
        <div>
            <label for="uploadimg"> Upload Photo: </label>
         <input type="file" id="photo" name="photo"/> <br >
        </div>
        
        <div>
        <input type="hidden" name="action" value="upload"/>
        <input type="submit" value="Upload" />
        </div>
    </form>

 

hope that helps

Yeah that might help, might have some underlying issue going on. BTW checking if empty with " " would not check empty would it? Because there is a space between " and ". Wouldnt it be “”?

aah yes, i’m such a noob, i changed the compare to == and it works. It seems to work even with the ‘and’ keyword when i compare for the action variables.

Thanks again,

Hi thanks for the assist, i updated the code but after submitting with a blank description input, it still does not go into my error state. It simply displays a value of 1.


   // Check if description bar is blank
    $description = trim($_POST['description']);
    if(empty($description) )
    {
        $error = 'Sorry you must enter a description inorder to submit image' + print($description);
        
        include 'error.html.php';
        exit();
    }

Doing a check for blanks in a input field should be quite easy right? because i REALLY thought by doing a simple check for " " would work, Would it help if i displayed my whole index.php file?

Changes off the bat:



if($description = "")


Should be this:



if($description == "")


Also:


if(isset($_POST['action']) and $_POST['action'] == 'upload')

change to:


if(isset($_POST['action']) && $_POST['action'] == 'upload')

I would trim it first, might have some space in there:



$description = trim($_POST['desc']);

if(empty($description))
{

//do something

}