Why isn't my isset and/or empty functions working? Every time I click the submit button on the html form, even when the form is empty it inserts into database. Can someone provide me with a thorough explanation of what I'm doing wrong and how I can fix it?
<?php
$host = "localhost";
$user = "root";
$db_password = "";
$database = "listings_db";
$link = mysqli_connect($host, $user, $db_password, $database) or die("Error " . mysqli_error($link));
if (isset
($_POST['user_firstname'],
$_POST['user_lastname'],
$_POST['user_email'],
$_POST['user_password'],
$_POST['user_type']))
{
$firstname = $_POST['user_firstname'];
$lastname = $_POST['user_lastname'];
$email = $_POST['user_email'];
$password = $_POST['user_password'];
$type = $_POST['user_type'];
$errors = array();
if(empty($firstname)
|| empty($lastname)
|| empty($email)
|| empty($email)
|| empty($password)
|| empty($type))
{$errors [] = '*All fields are required!';}
else {
if(filter_var($email, FILTER_VALIDATE_EMAIL) === false) {$errors[] = '*Please enter a valid email address!' ;}
if(strlen($firstname) > 25) {$errors[] = '*The email address you entered contains too many characters!';}
if(strlen($lastname) > 25) {$errors[] = '*The first name you entered contains too many characters!';}
if(strlen($email) > 40) {$errors[] = '*The last name you entered contains too many characters!';}
if(strlen($password) > 40) {$errors[] = '*The password you entered contains too many characters!';}
if(strlen($type) != true){$errors[] = '*Please select an account type!';}
}
$firstname = $_POST['user_firstname'];
$lastname = $_POST['user_lastname'];
$email = $_POST['user_email'];
$password = md5($_POST['user_password']);
$type = $_POST['user_type'];
$firstname = mysqli_real_escape_string($link, $firstname);
$lastname = mysqli_real_escape_string($link, $lastname);
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
$type = mysqli_real_escape_string($link, $type);
$query = mysqli_query($link, "INSERT INTO users (user_id, user_firstname, user_lastname, user_email, user_password) VALUES ('', '$firstname', '$lastname', '$email', '$password')");
}
?>
Edit: Here's the form:
<form action="" method="post">
<p>First Name: <br><input type="text" name="user_firstname" size="25" maxlength="25"/></p>
<p>Last Name: <br><input type="text" name="user_lastname" size="25" maxlength="25"/></p>
<p>Email Address: <br><input type="email" id="email" name="user_email" size="25" maxlength="40"/><p>
<p>Create a Password: <br><input type="password" name="user_password" size="25" maxlength="40"/></p>
<p>Account Type: <br> <select name="user_type">
<option value="seller" selected>Seller</option>
<option value="Buyer">Buyer </option>
</select>
