Love2c0de

I think it would be, I have a very similar effect with an image and my navigation menu in my header and to tell the truth I used percentages. Regards, AoTB.

Used Dreamweaver for the first time at college today. What an aboslute joke.

Just wrote a little code and got the desired effect. It depends on how your div's are positioned, I had to position that div using position: relative otherwise it will align to the bottom of the browser window. Not sure if this is the standard way, but this is how I would do it. Maybe there is a better way, I'm not sure. (I hope so as I'm not a fan of absolute positioning) Also, I've only declared borders and height on the #contain div so you can see how it works. Here ya go: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>HTML Template</title> <script type="text/javascript"> </script> <style type="text/css"> #contain { border: 1px solid black; width: 80%; position: relative; height: 600px; margin: auto; } #text { position: absolute; bottom: -10px; left: 100px /*set this to a positive value of your choice, and it will move your text to the right, as far as you need */ } </style> </head> <body> <div id="contain"> <p id="text">This is some text</p> </div> </body> </html> I've not read into absolute positioning fully but from what I've been told and understand, it breaks the flow of your document, so if you inserted that text element halfway down your page (inbetween some content), any content after that element will produce funny results in terms of where they are displayed. If I ever use absolute positioning (especially when aligning to the bottom of an element or body) I always make sure it's one of the last things which are put in the html. Hope this helps. Regards, AoTB.

It still didn't work bud. The last code I posted worked when I used the preg_replace() with the preg_match() so I will stick with that I think. Seems to work ok when I use the preg_replace(). I'm also having trouble with the name validation. Could you tell me exactly how that regExp works please? //VALIDATE NAME //trim the value to compensate for the possibility the user entered nothing but whitespace characters. $_POST['name'] = trim($_POST['name']); $length = strlen($_POST['name']); $nameRegExp = '/^[a-zA-Z\\pL][\\w\\pL \\.\\-]'.$length.'\\z/u'; if(preg_match($nameRegExp,$_POST['name']) != 1){ $errors[] = "You did not enter a valid name."; } When I say it's not working, I mean it is allowing characters such as { and } into my DB. Should I just let them be entered or strip em out? I'm just cautious of people spoofing the form and entering '{}{}{}{}{}{}{}' for example. Kind regards, AoTB.

Thanks very much for your reply. I've gotta get ready for college (first day w00p w00p) so I don't really have time to play about with it but should be on after 9pm gmt+00 so i'll try to implement it then. Regards, AoTB>

Is there any chance to see any PHP code? Set your form action to index2.php. At the top of that page(above the doctype declaration, you can process the code there). if(isset($_POST['name'])){ include("process_form.php"); } Regards, AoTB.

The regular expression for the phone number doesn't seem to be working. //VALIDATE PHONE NUMBER $phoneRegExp = '/^\\d{10,11}\\z/'; if($_POST['phone'] == ''){ $errors[] = "You did not enter a phone number."; } elseif(substr($_POST['phone'], 0, 1) != "0" || preg_match($phoneRegExp,$_POST['phone']) != 1){ $errors[] = "You did not enter a valid phone number."; } If I enter 01255-711-789-, the OR part of the ifelse statement must execute as the first part is false, clearly.. When I enter 01255711789 it works. I think it worked before because I was using preg_replace('/\D/',"",$_POST['phone']) first, which strips out any NON digits, then I was using the other regExp. I thought the preg_match() code was meant to still match the number even if the entered spaces or other characters? I will use the preg_replace() code again before attempting to use the preg_match().. Regards, AoTB.

mysqli_connect(DB_HOST,DB_USER,DB_HOST,DB_NAME) or die("cant connect"); Regards, AoTB.

The image is in the same directory as your html file isn't it? Or is it in a different folder called 'images' for example? Just copied your code and used my own image and it is displaying the image. It's a little hard to debug what the problem is without a specific problem. Regards, AoTB.

if(mysqli_query($myDatabase,$sqlCommand)){ echo "table created."; } else{ echo "critical error, could not create table."; } You can use the variable $myDatabase in your products.php page because you have 'included/required' that file, so the variables become available to the calling script. Regards, AoTB.

When I changed your <td width="20%">, all the table data's seem to now have the same width. Was never aware '%20' was allowed. Regards, AoTB.

Awesome, I ended up totally removing the switch and just validated everything separately. Updated some of the validation also. Here is the new code: if(isset($_POST['name'])){ //unset $_POST['submit'], submit button. if(isset($_POST['submit'])){ unset($_POST['submit']); } //create array to hold any errors. $errors = array(); //check required fields if(empty($_POST['name']) || empty($_POST['phone'])){ $errors[] = "You must fill in the required fields marked with a RED asterix(*)."; } //VALIDATE NAME //replace any characters which are not lower/upper case letters or a space character. $_POST['name'] = preg_replace("/[^a-zA-Z ]/","",$_POST['name']); //trim the value to compensate for the possibility the user entered nothing but whitespace characters. $_POST['name'] = trim($_POST['name']); if($_POST['name'] == "") { $errors[] = "You must enter alphabetical characters for your name."; } //VALIDATE EMAIL if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)){ $errors[] = "You did not enter a valid email address.";//give an example of an email [email protected] in form } //VALIDATE PHONE NUMBER $phoneRegExp = '/^\\d{10,11}\\z/'; if($_POST['phone'] == ''){ $errors[] = "You did not enter a phone number."; } elseif(substr($_POST['phone'], 0, 1) != "0" || preg_match($phoneRegExp,$_POST['phone']) != 1){ $errors[] = "You did not enter a valid phone number."; } //VALIDATE USER COMMENTS //trim() the textarea value. $_POST['user_comments'] = trim($_POST['user_comments']); $len = strlen($_POST['user_comments']); if ($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Additional Comments' field."; } //VALIDATE PRODUCT SELECT LIST //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($_POST['product_options'], $get_values)){ header("Location: index.php?page=contact"); die(); } //VALIDATE PRODUCT REFERENCE NUMBER //replace any characters which are not digits. $_POST['product_ref'] = preg_replace("/\D/","",$_POST['product_ref']); //checks to see if the length of the string is not equal to 7 if(strlen($_POST['product_ref']) != 7) { $errors[] = "The product id you entered was not long enough, must be 7 numbers."; } else{ //prepared statement which checks the product ref no submitted against a product ref in the database. require("core/prepared_select_pref.php"); } if(isset($row) && $row != 1){ $errors[] = "Your Product ID did not match one of our products."; } //VALIDATE PRODUCT COMMENTS //trim() the textarea value. $_POST['product_comments'] = trim($_POST['product_comments']); $len = strlen($_POST['product_comments']); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Product Comments' field."; } //VALIDATE SERVICE SELECT LIST //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($_POST['service_options'], $get_values)){ header("Location: index.php?page=contact"); die(); } //VALIDATE SERVICE COMMENTS //trim() textarea value. $_POST['service_comments'] = trim($_POST['service_comments']); $len = strlen($_POST['service_comments']); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Service Comments' field."; } //++++++++++++++++++++++++++++++++++++++ //VALIDATION ENDED, CHECK FOR ERRORS //if $errors is not empty, display errors. if (!empty($errors)){ $output = "<ul>"; foreach ($errors as $err => $error_value){ $output .= "<li>".$error_value."</li>"; } $output .= "</ul>"; } else{ require("core/prepared_insert.php"); if($row >= 1){ //redirect to a confirmation page - need to create first...use the same message as below on that page. $output = "Your information has successfully sent!"; } else{ //maybe send their information to my email instead if there is an issue with insert....probably the best idea rather than displaying an error. $output = "There was an error receiving your information."; } } } Still a bit more needs to be done but it's definitely getting there! Regards, AoTB.

Hi all, just like to say that I love the forums, some good regular coders who are more than willing to help. Had some fantastic feedback/guidance so far and I've only made 44 posts. I will enjoy sharing thoughts and learning as much as I can from you pro's Kind regards AoTB.

Ok here is my code: <?php include("core/init.inc.php"); //array containing the possible values of the form select lists, also used to select a specific product to display only information relating to //that product (on the products page). $get_values = array("benches","tables","bird_housing","planters","gates","bin_stores", "sheds","pet_housing","default_product","default_service","decking", "fencing","exterior_buildings","furniture_repairs","jet_washing"); if(isset($_POST['name'])){ //if script does not die, the user submitted the form. delete last element (submit button) as we do not need it. if(isset($_POST['submit'])){ unset($_POST['submit']); } //create array to hold any errors. $errors = array(); //firstly, check to see if my required fields contain any data. if they dont we add errors to the error array. if(empty($_POST['name']) || empty($_POST['phone'])){ $errors[] = "You must fill in the required fields marked with a RED asterix(*)."; } switch ($_POST) { case "name": //replace any characters which are not lower/upper case letters or a space character. $_POST['name'] = preg_replace("/[^a-zA-Z ]/","",$_POST['name']); //trim the value to compensate for the possibility the user entered nothing but whitespace characters. $_POST['name'] = trim($_POST['name']); if($_POST['name'] == "") { $errors[] = "You must enter alphabetical characters for your name."; } continue; case "email": if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)){ $errors[] = "You did not enter a valid email address.";//give an example of an email [email protected] in form } continue; case "phone": //strip out any characters which are not digits. $_POST['phone'] = preg_replace("/\D/","",$_POST['phone']); //find length of the value which is left. $len = strlen($_POST['phone']); $phoneRegExp = '/^\\d{10,11}\\z/'; if($_POST['phone'] == ''){ $errors[] = "You did not enter a phone number."; } elseif(substr($_POST['phone'], 0, 1) != "0" || preg_match($phoneRegExp,$_POST['phone']) != 1){ $errors[] = "You did not enter a valid phone number."; } continue; case "user_comments": $len = strlen($_POST['user_comments']); if ($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Additional Comments' field."; } continue; case "product_options": //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($_POST['product_options'], $get_values)){ header("Location: index.php?page=contact"); } continue; case "product_ref": //checks to see if the length of the string is not equal to 7 if(strlen($_POST['product_ref']) != 7) { $errors[] = "The product id you entered was not long enough, must be 7 numbers."; } //checks to see if any of the characters entered were not digits. if this executes, we know that the user entered something different //than 7 digits so there is no need to carry on and check the ref no against the records so we break out of case prematurely. if(!ctype_digit($_POST['product_ref'])){ $errors[] = "Product id's can only contain numbers."; break; } //prepared statement which checks the product ref no submitted against a product ref in the database. require("core/prepared_select_pref.php"); if($row != 1){ $errors[] = "Your Product ID did not match one of our products."; } continue; case "product_comments": $len = strlen($_POST['product_comments']); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Product Comments' field."; } continue; case "service_options": //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($_POST['service_options'], $get_values)){ header("Location: index.php?page=contact"); } continue; case "service_comments": $len = strlen($_POST['service_comments']); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Service Comments' field."; } break; } //if the error array contains data, we had some errors during validation, so we display all of these error(s) to the user. if (!empty($errors)){ $output = "<ul>"; foreach ($errors as $err => $error_value){ $output .= "<li>".$error_value."</li>"; } $output .= "</ul>"; } else{//if there were no errors after all the validation, insert data to database. require("core/prepared_insert.php"); if($row >= 1){ //redirect to a confirmation page - need to create first...use the same message as below on that page. $output = "Your information has successfully sent!"; } else{ //maybe send their information to my email instead if there is an issue with insert....probably the best idea rather than displaying an error. $output = "There was an error receiving your information."; } } } if (isset($_GET['page']) && $_GET['page'] == "products") { if (isset($_GET['order'])){ if(in_array($_GET['order'],$get_values)){ require("core/get_products.php"); } else{ header("Location: index.php?page=products"); die(); } } else{ require("core/get_products.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo "Gardenable - ".$title; ?></title> <link rel="stylesheet" type="text/css" href="css/style.css" /> <script type="text/javascript" src="js/clock.js"></script> </head> <body> <div id="container"> <!--HEADER CONTENT--> <div id="header"> <img src="images/gardenable1.fw.png" alt="Gardenable Logo" title="Gardenable" id="logo" border="0" /> <div id="navigation_div"> <img src="images/flowerbed.fw.png" alt="Navigation Image" id="flowerbed_img" border="0" /> <ul> <li><a href="?page=home">Home</a></li> <li><a href="?page=about">About</a></li> <li><a href="?page=products">Products</a></li> <li><a href="?page=services">Services</a></li> <li><a href="?page=contact">Contact Us</a></li> </ul> </div> </div> <!--END HEADER CONTENT--> <div id="content"> <?php include($include_page); ?> </div> <!--FOOTER CONTENT--> <div id="footer"> <p id="copyright"><span class="yellow">Gardenable.com</span> <span style="font-size: 18px;">©</span> Copyright 2012</p> </div> <!--END FOOTER CONTENT--> </div> <p id="pageviews"><?php echo "Page Hits: ".$page_views; ?></p> </body> </html> Not sure why it isn't working? I presumed using a continue rather than a break statement in my switch would allow the cases to all be evaluated? I'm kinda sure I need some kind of loop or separate if statements? What are your thoughts? (I've clearly not followed what you said correctly but I was a little stuck last night on some parts so just did the ones I could do like adding the die() after the header().) Didn't quite understand what you were asking in the comments regarding deleting the loop and using a continue statement in that if. Because it's not looping, that if statement will only be checked once so what is the point of continue? Sorry Edit: Just had a thought, should I be using array_keys() to return all the keys then use that value within the switch's condition? Ok, no that didn't work. What about putting the switch within a while loop and "while we get values out of $_POST, keep executing"?? AoTB.

It's funny you should say that because I was on a different forum not long ago and was told I shouldn't be inserting NULL I should only insert if there is a value. I know it's not right but I thought to myself because it's my own business site, I can live with the fact it inserts NULL. Obviously I want to learn the correct way to insert information but I need to get my code working first. As soon as it's working I will take a look at the database and the insertion. I was given help with writing my query for the insert and it's a little complicated for me so I will leave it for now and come back to it later. Thanks for mentioning it though. (not overly complicated but I haven't had the time to actually site and study it, been trying to get the content finished on the site first). @Christian F - Only just got on today, going to finish editing the code which I started last night, just trying to understand the logic, not sure what you were asking me to delete and what to leave but I will edit it and post the finished product. Not sure if I need to delete the switch altogether because the whole reason I was using it was because I was looping through the array with a foreach(). Now that the foreach() is gone, i'm not sure a switch is necessary, maybe just separate if statements to check the values? Anyway, I'll play about with it and see if I can get it working on my own first. Cheers fellas. Regards, AoTB.

I am very eager to learn. I hope one day I can do this professionally. It wouldn't even be work to me, This is my passion. Getting a syntax error with using unset() instead of array_pop(): ​(isset($_POST['submit'])) ? unset($_POST['submit']) : ""; Unexpected T_UNSET.... Can't seem to find any information on unsetting superglobals. I've used unset() before on normal variables and it works fine. php.net doesn't seem to give much information on this. I thought it could have been because of a return value but unset doesn't return one. Any thoughts? Have you ever had this problem before? Regards, AoTB.

Just looked at your review of the code. Thank you very much indeed for taking the time to do this, I am more than grateful. Even the small things like using die() after a header re-direct which I had no idea about and no one else has ever mentioned it anywhere else. I'll do what you've said in the comments and re-post it just to make sure it is 100%. I will now take a look at the second link. Kind regards, AoTB.

If I post my code, it will help you understand a little more about my setup (you will probably be shocked when you see it and think 'what the hell is he doing here') but I'm very new. I've been a bit vague about my code also during this thread so i'll post it so you can see the logic. Here is the full action script: <?php include("core/init.inc.php"); //array containing the possible values of the form select lists, also used to select a specific product to display only information relating to //that product (on the products page). $get_values = array("benches","tables","bird_housing","planters","gates","bin_stores", "sheds","pet_housing","default_product","default_service","decking", "fencing","exterior_buildings","furniture_repairs","jet_washing"); if(isset($_POST['name'])){ //if script does not die, the user submitted the form. delete last element (submit button) as we do not need it. (isset($_POST['submit'])) ? array_pop($_POST) : ""; //create array to hold any errors. $errors = array(); //firstly, check to see if my required fields contain any data. if they dont we add errors to the error array. if(empty($_POST['name']) || empty($_POST['phone'])){ $errors[] = "You must fill in the required fields marked with a RED asterix(*)."; } //check to see if the errors array contains anything. if it does, we need to send the user back to the form and display the error. //do not carry on if the if statement executes because we dont want to process any more as we know we are going to have to send them back anyway regardless. if(!empty($errors)){ $output = $errors; } else{ //if the code reaches here, we have data inside the two required fields so carry on processing all of the data now. //pass a reference of the value so that if any ARE set to string NULL, it also changes the original $_POST value which is what we insert. foreach ($_POST as $post => &$value) { if($value == ""){ $value = ""; } else{ switch ($post) { case "name": //replace any characters which are not lower/upper case letters or a space character. $value = preg_replace("/[^a-zA-Z ]/","",$value); //trim the value to compensate for the possibility the user entered nothing but whitespace characters. $value = trim($value); if($value == "") { $errors[] = "You must enter alphabetical characters for your name."; } break; case "email": if(!filter_var($value,FILTER_VALIDATE_EMAIL)){ $errors[] = "You did not enter a valid email address.";//give an example of an email [email protected] in form } break; case "phone": //strip out any characters which are not digits. $value = preg_replace("/\D/","",$value); //find length of the value which is left. $len = strlen($value); $phoneRegExp = '/^\\d{10,11}\\z/'; if($value==''){ $errors[] = "You did not enter a phone number."; } elseif(substr($value, 0, 1) != "0" || preg_match($phoneRegExp,$value) != 1){ $errors[] = "You did not enter a valid phone number."; } break; case "user_comments": $len = strlen($value); if ($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Additional Comments' field."; } break; case "product_options": //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($value, $get_values)){ header("Location: index.php?page=contact"); } break; case "product_ref": //checks to see if the length of the string is not equal to 7 if(strlen($value) != 7) { $errors[] = "The product id you entered was not long enough, must be 7 numbers."; } //checks to see if any of the characters entered were not digits. if this executes, we know that the user entered something different //than 7 digits so there is no need to carry on and check the ref no against the records so we break out of case prematurely. if(!ctype_digit($value)){ $errors[] = "Product id's can only contain numbers."; break; } //prepared statement which checks the product ref no submitted against a product ref in the database. require("core/prepared_select_pref.php"); if($row != 1){ $errors[] = "Your Product ID did not match one of our products."; } break; case "product_comments": $len = strlen($value); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Product Comments' field."; } break; case "service_options": //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($value, $get_values)){ header("Location: index.php?page=contact"); } break; case "service_comments": $len = strlen($value); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Service Comments' field."; } break; } } } } //if the error array contains data, we had some errors during validation, so we display all of these error(s) to the user. if (!empty($errors)){ $output = "<ul>"; foreach ($errors as $err => $error_value){ $output .= "<li>".$error_value."</li>"; $output .= "<hr>"; } $output .= "</ul>"; } else{//if there were no errors after all the validation, insert data to database. require("core/prepared_insert.php"); if($row >= 1){ $output = "Your information has successfully sent!"; } else{ //maybe send their information to my email instead if there is an issue with insert....probably the best idea rather than displaying an error. $output = "There was an error receiving your information."; } } } if (isset($_GET['page']) && $_GET['page'] == "products") { if (isset($_GET['order'])){ if(in_array($_GET['order'],$get_values)){ require("core/get_products.php"); } else{ header("Location: index.php?page=products"); } } else{ require("core/get_products.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo "Gardenable - ".$title; ?></title> <link rel="stylesheet" type="text/css" href="css/style.css" /> <script type="text/javascript" src="js/clock.js"></script> </head> <body> <div id="container"> <!--HEADER CONTENT--> <div id="header"> <img src="images/gardenable1.fw.png" alt="Gardenable Logo" title="Gardenable" id="logo" border="0" /> <div id="navigation_div"> <img src="images/flowerbed.fw.png" alt="Navigation Image" id="flowerbed_img" border="0" /> <ul> <li><a href="?page=home">Home</a></li> <li><a href="?page=about">About</a></li> <li><a href="?page=products">Products</a></li> <li><a href="?page=services">Services</a></li> <li><a href="?page=contact">Contact Us</a></li> </ul> </div> </div> <!--END HEADER CONTENT--> <div id="content"> <?php include($include_page); ?> </div> <!--FOOTER CONTENT--> <div id="footer"> <p id="copyright"><span class="yellow">Gardenable.com</span> <span style="font-size: 18px;">©</span> Copyright 2012</p> </div> <!--END FOOTER CONTENT--> </div> <p id="pageviews"><?php echo "Page Hits: ".$page_views; ?></p> </body> </html> As you can see, the functions which are defined within the cases will only ever be set/used once in any looping of the code. Kind regards, AoTB.

Just changed my phone validation to this: case "phone": //strip out any characters which are not digits. $value = preg_replace("/\D/","",$value); //find length of the value which is left. $len = strlen($value); $phoneRegExp = '/^\\d{10,11}\\z/'; if($value==''){ $errors[] = "You did not enter a phone number."; } elseif(substr($value, 0, 1) != "0" || preg_match($phoneRegExp,$value) != 1){ $errors[] = "You did not enter a valid phone number."; } break; Seems to work perfectly, thanks very much indeed for the regExp Noticed another issue with auto-filling the form. When there are errors and I send them back to the form and fill in their data again into the fields, the fields which were not filled out before the initial submit display 'NULL' in the fields. Any tips on how to deal with this? I use this code to re-display: <?php if(isset($_POST['product_comments']) && !empty($errors)){print($_POST['product_comments']);} ?> Edit: Just realized why it does that, because when I loop through the values, if some of the fields weren't filled out, I set the value to string NULL (this is for database insertion). When I set it to type NULL, I received errors from the insert. I have set it to be equal to an empty string if any weren't filled out and it works ok now. Works with the insert too, although it's inserting nothing, got blank fields, but I can live with this. Regards, AoTB.

Wow that is a very complicated looking expression Seems there is a lot more to it than first expected. You know, that's the reason I came back here to post again lol. The logic doesn't work right as you stated as one of those OR statements will ALWAYS return true which is what I just found out after implementing that code! That regular expression looks quite simple though, thank you for the code. Very helpful indeed. I'll definitely give that a read! That's one of my most common pitfalls is user data. Don't seem to know how to use it for the correct purposes, as you've realized if you've been following this thread Kind regards AoTB.

Thanks very much for clarification. Yup that seems a lot more logical to use an if and ifelse rather than breaking out of the switch prematurely (which i'm not sure is 'proper' practice)? Thanks for all your tips and guidance, I will keep going through the topic digesting what you've told me. Regards, AoTB.

Sorry to post another but it wouldn't let me Edit for some reason.... Just to clarify, the only data that will possibly be displayed from the database is their Name and any products or services they enquired about. Their name because I want to greet them by name in the confirmation email. Their product/service enquiry just so I can confirm what they have wrote actually has been received my end (this would only be sent on successful insert).

Agreed, I have used Notepad++ for the last couple years or so. Netbeans was slow to load and while using it. Prefer highlighted syntax which is also why I don't use Notepad. Having said that, Notepad 2 is similar to Notepad++ but the latter is by far superior. AoTB.

You know, considering my surname uses a hyphen, you would have thought I would have realized. I need to stop sitting up so late! There is no business reason why they cannot enter such characters. To be honest, I'm shocked I haven't picked up on this, speechless infact. Thanks for the help.

Ah right, so for example in the 'name' field I am looking for just alphabetical characters so I use the preg_replace function like: $value = preg_replace("/[^a-zA-Z ]/","",$value); In this case, it would be ok to use this function because a name should not contain anything but alphabetical characters? I allow the space to let them enter spaces in the name field. I was using !ctype_alpha() before but as you can guess it didn't allow them to enter a space (which allows the surname). So if they did enter special characters, it's ok to edit their input in this case or not? BUT In the case of say an email address, we wouldn't want to strip any tags because some characters are allowed in email addresses? (not sure of the exact characters which are allowed in an email address). for the email I use: filter_var($value,FILTER_VALIDATE_EMAIL); This seems to work on every eventuality. I've always struggled with understanding when to use certain functions. Usually the ones which deal with input and database storage/retrieval. Kind regards, AoTB.