validation help

[spanner206]

hi i really need your help what im trying to do is check if form fields are empty and then if so stop users from going any further i got the jist sorted e.g. send data to a database and 

this is the main code

<?php

$con=mysqli_connect("","","","");

if (mysqli_connect_errno())

  {

  echo "Failed to connect to MySQL: " . mysqli_connect_error();

  }

 

$sql="INSERT INTO tbl_club_contacts (CompanyName)

VALUES

('$_POST[CompanyName]')";

 

if (!mysqli_query($con,$sql))

  {

   die('Error: ' . mysqli_error($con));

  }

echo "record added";

 

mysqli_close($con);

?>

<html>

<body>

 

<form action="copyofaddleads2.php" method="post">

<input type="submit", value = "go back">

</form>

 

</body>

</html>

 

heres the insert document

<?php

$con=mysqli_connect("","","","");

if (mysqli_connect_errno())

  {

  echo "Failed to connect to MySQL: " . mysqli_connect_error();

  }

 

$sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City)

VALUES

('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')";

 

if (!mysqli_query($con,$sql))

  {

   die('Error: ' . mysqli_error($con));

  }

echo "record added";

 

mysqli_close($con);

?>

<html>

<body>

 

<form action="addleads2.php" method="post">

<input type="submit", value = "go back">

</form>

 

</body>

</html>

 

[cjtemple]

When doing form validation I like to take the following approach (most of what follows is pseudo code) :

Setup a boolean variable to toggle if any validation fails

$allValid = true;

if(validation fails) {

$allValid = false;

}

Then prior to making your database connection and inserting data check the all valid variable

if($allValid) {

// connect to db, create query, execute query

}

As for checking the values you could

if($_POST['companyname']==null || $_POST['companyname']=="") {

$allValid = false;

}

You should also ensure the user is not attempting to inject any malicious code.

Edited November 5, 2013 by cjtemple

[Stefany93]

When doing form validation I like to take the following approach (most of what follows is pseudo code) :

Setup a boolean variable to toggle if any validation fails

$allValid = true;

if(validation fails) {

$allValid = false;

}

Then prior to making your database connection and inserting data check the all valid variable

if($allValid) {

// connect to db, create query, execute query

}

As for checking the values you could

if($_POST['companyname']==null || $_POST['companyname']=="") {

$allValid = false;

}

You should also ensure the user is not attempting to inject any malicious code.

 

Good approach, but what I usually do when I write a validation script is that I declare a new array like this $errors = array(); and I append the array with any errors that arise and before doing what you wanted to do with the DB (Insert, Select, Update, whatever) I check whether the $errors array is empty, i.e. whether the validation script gave any errors. If it is empty, execute the query, if not, display the $errors array with a foreach loop to let the user know where he went wrong.

 

And instead of $_POST['field_name'] == null, you can also use the negated empty() function like this !empty($_POST['field_name'])

 

And of course, make sure you escape all use input. Vital rule in programming - all user input is considered malicious unless proven otherwise.  

[cjtemple]

Stefany93 I like your $error array approach in the past I would just append a string to the error message but I think I will go with your approach from now on. Also I haven't tested it but I wonder if !empty(trim($_POST['field_name'])) would be effective in testing to ensure the required field has something there?

[Stefany93]

Stefany93 I like your $error array approach in the past I would just append a string to the error message but I think I will go with your approach from now on. Also I haven't tested it but I wonder if !empty(trim($_POST['field_name'])) would be effective in testing to ensure the required field has something there?

 

Glad I could help. Usually, I will avoid nesting functions like hell because a) it makes the program run slower, kills readability and some functions work while nested within another and some don't which can drive ya crazy. Better approach will be:

 

 

if(isset($_POST['field_name']) and !empty($_POST['field_name'])){
    $field_name = trim($_POST['field_name']);
}

 

Now, in the past, when I was green, I would use $_POST['file_name']; without assigning it to a variable like $field_name which proved to be stupid because if at any time you want to change the name if of the input field you are fetching the information, then you'd have to change tens of $_POSTs in your code. 

 

The same in JavaScript. If you have like <h1 id="main_header"></h1> and you want to fetch it with document.getElementById('main_header');

it is better to put in a variable like this var main_header = 'main_header'; and you wouldn't have to worry about the ID being changed. You could just then change a single variable. 

[White_Lily]

In terms of error checking with arrays and checking to see if a value exists or not, could be written like this:

<?php
 $error = array();

 if(isset($_POST['send-form'])){ // check if submit button was pressed
  $countBlank = 0;
  // required fields "name" attribute
  $reqArray = array("comp-fname", "comp-addr1", "comp-town", "comp-county", "comp-post", "comp-email", "comp-hometel");
  foreach($_POST as $key => $value){
   if(in_array($key, $reqArray))
    if(empty($value))
     $countBlank++;
  }
  if($countBlank > 0)
   $error[] = "Please do not leave any required fields empty.";
 
  if(count($error) == 0){
   // do the of the code (pattern checks, database checks/inserts)
 }

?>

it is faster than checking each one individually, and it can be modified a bit to tell the user exactly which fields are empty.

Edited November 7, 2013 by White_Lily