simcoweb

Alas, pretty much the same thing

<? if (isset($_POST['submit'])) { foreach ($_POST as $fld => $val) { switch($fld) { case 'first_name': case 'last_name': case 'email': case 'day_phone': if (strlen(trim(stripslashes($val))) == 0) $err_message[] = 'Your first name, last name, email address and daytime phone number are required. Please complete those fields and resubmit.'; else { $clean_data[$fld] = trim(stripslashes($val)); $qtmp[] = $fld . " = '" . mysql_real_escape_string($clean_data[$fld]) . "'"; } break; case 'address': case 'city': case 'state': case 'zip': if (strlen(trim(stripslashes($val))) == 0) $err_message[] = 'Please complete ALL fields in the property information section and resubmit'; else { $clean_data[$fld] = trim(stripslashes($val)); $qtmp[] = $fld . " = '" . mysql_real_escape_string($clean_data[$fld]) . "'"; } break; case 'email': if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) $err_message[] = $email. ' is not a valid email address. Please enter a valid email address.'; else { $clean_data[$fld] = trim(stripslashes($val)); $qtmp[] = $fld . " = '" . mysql_real_escape_string($clean_data[$fld]) . "'"; } break; case 'submit': break; default: $clean_data[$fld] = trim(stripslashes($val)); $qtmp[] = $fld . " = '" . mysql_real_escape_string($clean_data[$fld]) . "'"; } } } ?>

Good call. The array is empty:

This is all it shows:

I'm getting this: There were numerous other miscellaneous syntax errors I had to clean up as well... some missing $'s and a couple of other tweaks. But after all those, this is the one that's left and i'm not familiar with that method you're using for the INSERT. Ideas?

Cool, that's what i've been inserting while I was awaiting your response. A good guess On the $today, yes...I counted on using that as is since it's a separate variable not created by the form. I'll set that value above your code. I'll report back, and thanks again!

kenrbnsn, you rock this place Ok, i'll adapt what you've posted and report back. Also, i'll save this as a 'snippet' to utilize in the future. Hopefully I won't screw it up and be back here in 15 mins. posting bugs If you could do me a favor, provide me with a quick example of the right syntax for the clean_data array field names?

Sorry, boo.. but I think we're off track here. The error messages are displaying fine using the code that I just posted. That's not the problem. The problem, in sequence, is this: 1. when I first go to the page http://www.wahomesaver.com/response.php it displays all the error messages as if the form has been submitted, which, of course, it hasn't yet since you just got there. It also executes the mail() function part of the code as well as the query. So, I get blank email and a blank entry into the database 2. say I fill out the form but leave a required field blank. When the page refreshes it will display the field error only, not all the validation errors like when you first arrived there. Plus it emails again AND enters into the database again. 3. What I need to do is tweak the code so that it doesn't automatically submit the form/data/mail on arrival (like, waits for a submit confirmation if(isset($_POST['submit'])) for example). So, the form needs to: display on arrival display errors AFTER submissions IF there are errors if no errors, parse the query and the mail Just an FYI, and I don't know WHY this happens, but if I place that if(isset tag in the code it will produce a 500 server error. It depends, though, on where I put the closing }. If I place it in front of the closing ?> tag with the opening if(isset blah blah { ahead of the error checking then it doesn't crash. But, that doesn't stop the code for the mail() and query to run. So, if I put it right after the last error check then it crashes. I even tried rewriting using an 'else' statement instead of the if($err_message=="") { and that caused a 500 error. Not sure what that's all about. So, in summary, I need help tweaking this code to do what i've outlined above. Thanks in advance!

Actually error.php doesn't contain any of the errors from the array. That's an error page that is produced only if the query code doesn't work. So, it's insignificant. The validation errors are all displayed in the main body of the web page above the form itself in red and in a bulleted list using this code: <?php if(!empty($err_message)) { echo "<strong id='errorTitle'>One or more input fields on the form has not been completed</strong>"; echo "<ul>"; foreach ($err_message as $value) { echo "<li>$value</li>"; } echo "</ul>"; } ?> So, once again, the error.php isn't involved in the matter. My problem is validating the form input, displaying the errors, not allowing the other code to run (query, mail, etc.) until all fields being validated are completed properly.

boo_lolly, I interpreted that line: if(!$err_message) to mean that if that variable/array is empty then proceed with the following. Isn't that the same as saying: if(empty($err_message)) { do this } ? If there's no errors in validation then the query and mailing should take place. I'm trying to resolve that problem since the code gets run regardless. Hughesy, that's pretty much what I have except for the 'else' statement. However, in your example it echoes the error message whereas i'm stuffing them into an array to be displayed in the page in a bullet list. So, I think what I need is the 'if' statement for the validation and the 'else' statement for running the code IF there's no errors Ideas? Thoughts? Am I off track?

thorpe, I need some further guidance here. Or, from anyone .. Ok, I added the if(isset($_POST['submit'])) { line ( and did, by the way, change the T1 name to 'submit' so now I DO have a submit field name ) and placed it around the errors and code that follows like so: <?php if(isset($_POST['submit'])) { // set error message variable for later use $err_message = array(); // validate the form input if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email']) || empty($_POST['day_phone'])) { $err_message[] = "Your first name, last name, email address and daytime phone number are required. Please complete those fields and resubmit."; } // validate email address format if ($email) { if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { $err_message[] = $email. " is not a valid email address. Please enter a valid email address."; } } if (empty($_POST['address']) || empty($_POST['city']) || empty($_POST['state']) || empty($_POST['zip'])) { $err_message[] ="Please complete ALL fields in the property information section and resubmit"; } if (!$err_message) { $link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $link) or die(mysql_error()); // run our query to insert the record $sql = "INSERT INTO leads (first_name, last_name, email, day_phone, alt_phone, best_time, address, city, state, zip, type_mortgage, first_company, months_behind, back_payments, notice_of_foreclosure, auction_date, date_of_auction, second_company, combined_balances, combined_payments, in_bankruptcy, situation, keep_property, referred_by, date ) VALUES ('$fname', '$lname', '$email', '$dayphone', '$altphone', '$besttime', '$address', '$city', '$state', '$zip', '$mortgage', '$first_mtg', '$months_behind', '$back_payments', '$notice', '$auction', '$auction_date', '$second_mortgage', '$balances', '$payments', '$bankruptcy', '$situation', '$keep_sell', '$referred', '$today')"; $results = mysql_query($sql, $link) or die(mysql_error()); $new_id = mysql_insert_id(); // start mail process $mailContent="--------CONTACT--------\n" ."Name: ".$fname." ".$lname."\n" ."Date: ".$today."\n" ."E-mail: ".$email."\n\n--------PHONE--------\n" ."Phone: ".$dayphone."\n" ."Alt Phone: ".$altphone."\n" ."Best time to call: ".$besttime."\n\n--------Details--------\n" ."Address: ".$address."\n" ."City: ".$city."\n" ."State: ".$state."\n" ."Zip: ".$zip."\n\n---------Foreclosure Info---------\n" ."Loan type: ".$mortgage."\n" ."First Mtg: ".$first_mtg."\n" ."Months behind: ".$months_behind."\n" ."Back payments: ".$back_payments."\n" ."Notice of foreclosure filed: ".$notice."\n" ."Auction date set: ".$auction."\n" ."Date of auction: ".$auction_date."\n" ."Second mortgage: ".$second_mortgage."\n" ."Combined balances: ".$balances."\n" ."Combined payments: ".$payments."\n" ."Are you in bankruptcy: ".$bankruptcy."\n" ."Situation detail: ".$situation."\n" ."Keep or Sell: ".$keep_sell."\n\n----------Other---------\n" ."Referred by: ".$referred."\n"; //---------------------------------- $toAddress="bsniff@gmail.com"; /* change this! */ $subject="WA HomeSaver Inquiry"; /* change this! */ $recipientSubject="WA HomeSaver Inquiry"; /* change this! */ $receiptMessage = "Thank you ".$fname." for inquiring at WAHomeSaver.com's website!\n\n\nHere is the contact information you submitted to us:\n\n" ."--------CONTACT--------\n" ."Name: ".$fname." ".$lname."\n" ."E-mail: ".$email."\n\n--------PHONE--------\n" ."Phone: ".$day_phone."\n" ."Alternate phone: ".$alt_phone."\n" ."Best time to contact? ".$best_time."\n"; //---------------------------------- mail($email, $subject, $receiptMessage,"From:$toAddress"); //---------------------------------- mail($toAddress,$recipientSubject,$mailContent,"From:$email"); if($results) { header("Location: success.php?id=$new_id"); exit; } else { header("Location: error.php"); } } } ?> Now, when I do this NO error message show up on page load. BUT, if I try to force errors by simply hitting submit without filling in any of the required fields the page just refreshes and no errors show up. So, I think i'm close here but what I need is for: 1. validation errors only show IF the form has been submitted 2. correct field entries to remain IF the form has been submitted Help...anyone?

Heh, well.. if I uncomment them then I can't see what's wrong. Might be the cheap hosting with Godaddy. Perhaps you can recommend another snippet of code that will supress the errors until the form is submitted?

Ok, creating two forms and they work fine. Problem is that the validation errors display immediately on page load instead of on submit. Here's the full code for the form parsing: <?php // form parser and database insertion include "db_config.inc"; // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); //if(isset($_POST['submit'])){ // post the results in variables to work with $fname = strip_tags(trim($_POST['first_name'])); $lname = strip_tags(trim($_POST['last_name'])); $email = strip_tags(trim($_POST['email'])); $dayphone = strip_tags(trim($_POST['day_phone'])); $altphone = strip_tags(trim($_POST['alt_phone'])); $besttime = strip_tags(trim($_POST['best_time'])); $address = strip_tags(trim($_POST['address'])); $city = strip_tags(trim($_POST['city'])); $state = strip_tags(trim($_POST['state'])); $zip = strip_tags(trim($_POST['zip'])); $mortgage = strip_tags(trim($_POST['type_mortgage'])); $first_mtg = strip_tags(trim($_POST['first_company'])); $months_behind = strip_tags(trim($_POST['months_behind'])); $back_payments = strip_tags(trim($_POST['back_payments'])); $notice = strip_tags(trim($_POST['notice_of_foreclosure'])); $auction = strip_tags(trim($_POST['auction_date'])); $auction_date = strip_tags(trim($_POST['date_of_auction'])); $second_mortgage = strip_tags(trim($_POST['second_company'])); $balances = strip_tags(trim($_POST['combined_balances'])); $payments = strip_tags(trim($_POST['combined_payments'])); $bankruptcy = $_POST['in_bankruptcy']; $situation = strip_tags(trim($_POST['situation'])); $keep_sell = $_POST['keep_property']; $referred = $_POST['referred_by']; $today = date("F j, Y, g:i a"); // set error message variable for later use $err_message = array(); // validate the form input if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email']) || empty($_POST['day_phone'])) { $err_message[] = "<font face='Verdana' size='2' color='#FF0000'>Your first name, last name, email address and daytime phone number are required. Please complete those fields and resubmit.</font>"; } // validate email address format if ($email) { if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { $err_message[] = $email. " is not a valid email address. Please enter a valid email address.<br/>"; } } if (empty($_POST['address']) || empty($_POST['city']) || empty($_POST['state']) || empty($_POST['zip'])) { $err_message[] ="<font face='Verdana' size='2' color='#FF0000'>Please complete ALL fields in the property information section and resubmit"; } //} if (!$err_message) { $link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $link) or die(mysql_error()); // run our query to insert the record $sql = "INSERT INTO leads (first_name, last_name, email, day_phone, alt_phone, best_time, address, city, state, zip, type_mortgage, first_company, months_behind, back_payments, notice_of_foreclosure, auction_date, date_of_auction, second_company, combined_balances, combined_payments, in_bankruptcy, situation, keep_property, referred_by, date ) VALUES ('$fname', '$lname', '$email', '$dayphone', '$altphone', '$besttime', '$address', '$city', '$state', '$zip', '$mortgage', '$first_mtg', '$months_behind', '$back_payments', '$notice', '$auction', '$auction_date', '$second_mortgage', '$balances', '$payments', '$bankruptcy', '$situation', '$keep_sell', '$referred', '$today')"; $results = mysql_query($sql, $link) or die(mysql_error()); $new_id = mysql_insert_id(); // start mail process $mailContent="--------CONTACT--------\n" ."Name: ".$fname." ".$lname."\n" ."Date: ".$today."\n" ."E-mail: ".$email."\n\n--------PHONE--------\n" ."Phone: ".$day_phone."\n" ."Alt Phone: ".$alt_phone."\n" ."Best time to call: ".$best_time."\n\n--------Details--------\n" ."Address: ".$address."\n" ."City: ".$city."\n" ."State: ".$state."\n" ."Zip: ".$zip."\n\n---------Foreclosure Info---------\n" ."Loan type: ".$mortgage."\n" ."First Mtg: ".$first_mtg."\n" ."Months behind: ".$months_behind."\n" ."Back payments: ".$back_payments."\n" ."Notice of foreclosure filed: ".$notice."\n" ."Auction date set: ".$auction."\n" ."Date of auction: ".$auction_date."\n" ."Second mortgage: ".$second_mortgage."\n" ."Combined balances: ".$balances."\n" ."Combined payments: ".$payments."\n" ."Are you in bankruptcy: ".$bankruptcy."\n" ."Situation detail: ".$situation."\n" ."Keep or Sell: ".$keep_sell."\n\n----------Other---------\n" ."Referred by: ".$referred."\n"; //---------------------------------- $toAddress="bsniff@gmail.com"; /* change this! */ $subject="WA HomeSaver Inquiry"; /* change this! */ $recipientSubject="WA HomeSaver Inquiry"; /* change this! */ $receiptMessage = "Thank you ".$fname." for inquiring at WAHomeSaver.com's website!\n\n\nHere is the contact information you submitted to us:\n\n" ."--------CONTACT--------\n" ."Name: ".$fname." ".$lname."\n" ."E-mail: ".$email."\n\n--------PHONE--------\n" ."Phone: ".$day_phone."\n" ."Alternate phone: ".$alt_phone."\n" ."Best time to contact? ".$best_time."\n"; //---------------------------------- mail($email, $subject, $receiptMessage,"From:$toAddress"); //---------------------------------- mail($toAddress,$recipientSubject,$mailContent,"From:$email"); if($results) { header("Location: success.php?id=$new_id"); exit; } else { header("Location: error.php"); } } ?> Now, notice the lines i've commented out: if(isset($_POST['submit'])) { } If I uncomment this I get a 500 error. But, to me, this bit of code is telling the validation to occur IF the form was submitted. How can I stop the page from displaying the error messages until after submit? If you want to see: http://www.wahomesaver.com/response.php

Ok, latest update. Basically I took all the function code and stuck it into the form page to see if the code was working. Everything chimes in just fine doing it that way. In other words, the query works (inserts the form data), and the mail works (sends me the results). Question is... WHY won't those work when I summon them as functions? Anyone? ??? Also, the redirect using the 'header' function is producing an error (premature blah blah) so if there's a better way to redirect to the results page then that would be a welcome site. Thanks!

boo_lolly, I made that suggested change to this: <?php // run our insert query if no errors and redirect to download page global function ebook_insert($name, $phone, $email, $facing_foreclosure, $referred_by, $comments, $today) { $sql = "INSERT INTO ebook (name, phone, email, facing_foreclosure, referred_by, comments, date) VALUES ('$name', '$phone', '$email', '$facing_foreclosure', '$referred_by', '$comments', '$today')"; $results = mysql_query($sql) or die(mysql_error()); if ($results){ header("Location: download.php?actionflag=registered"); exit(); } } ?> All I did, actually,was add the word 'global' in front of the 'function'. In doing this it produced this error: Which is the 'global function insert_ebook(); line. Also, a quick note on the header/redirect. I think I may have misled you with the code you are using to post your changes as it states: if(!results) when it should be if($results). I changed it to (!results) to see if I could force the redirect if the insert query failed. Alas, it didn't do anything. That was to see if the query was failing but the redirect would succeed. If that was the case then it would isolate the query as the problem. However, neither are working.

hey there freakstyle. Thanks for the post! Couple of questions: 1. on the mysql_real_escape_string(), obviously I want to protect against some bozo abusing the form. What would I use in its place? Possibly stripslashes ? 2. The change in the function, would that be in defining the function or calling the function? Or both?

Actually i'm checking both. The priority check is the database. No records have been inserted. Once I figure that out i'm sure i'll get the redirect done. But, if you spot an error there let me know. If we can get one of these two functions working then that would be encouraging. Thanks!

Bummer, that didn't work. It's not inserting the data. But in the same token it's not producing an error either. Here's the code I have now for the function that's contained in the include file: <? // run our insert query if no errors and redirect to download page function ebook_insert($name, $phone, $email, $facing_foreclosure, $referred_by, $comments, $today) { // post variables $sql = "INSERT INTO ebook (name, phone, email, facing_foreclosure, referred_by, comments, date) VALUES ('$name', '$phone', '$email', '$facing_foreclosure', '$referred_by', '$comments', '$today')"; $results = mysql_query($sql) or die(mysql_error()); if ($results){ header("Location: download.php?actionflag=registered"); exit(); } } ?>

Ok, I ran that function to check the existence of the other two functions and both exist. So, apparently they are present....but why they aren't performing the code is the question ???

It's this line at the top of my first post: include 'db_config.inc'; Which includes a whole host of stuff including a bunch of functions i'm summoning up.

I have a form that, when no errors are present, is set to perform two functions. One is to insert the data into a database and the other is to email the results. Right now neither are happening even though I do not get an error message. The functions are contained in an 'include' file. Here's the code i'm using to execute the form parsing: <? include 'db_config.inc'; // make database connection $link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname) or die(mysql_error()); // post our variables from the registration form $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $email = mysql_real_escape_string($_POST['email']); $facing_foreclosure = $_POST['name']; $referred_by = mysql_real_escape_string($_POST['referred_by']); $comments = mysql_real_escape_string($_POST['comments']); $today = date("F j, Y, g:i a"); // $secure = strtoupper(trim(strip_tags($_POST['secure']))); // $match = $_SESSION['secure']; // the code on the image $err = array(); // input error checking if ($name=="") { $err[] = "Please enter your name.<br/>"; } if ($phone==""){ $err[] = "Please enter your phone number.<br/>"; } if ($email=="") { $err[] = "Please provide your email address<br>"; } if ($email) { if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { $err[] = $email. " is not a valid email address.<br/>"; } } if ($err=="") { // mail the results to admin send_ebook_mail(); // run the query ebook_insert(); } ?> The ebook_insert(); code is: <? // run our insert query if no errors and redirect to download page function ebook_insert() { // post variables global $name; global $phone; global $email; global $facing_foreclosure; global $referred_by; global $comments; global $today; $sql = "INSERT INTO ebook (name, phone, email, facing_foreclosure, referred_by, comments, date) VALUES ('$name', '$phone', '$email', '$facing_foreclosure', '$referred_by', '$comments', '$today')"; $results = mysql_query($sql) or die(mysql_error()); if (!$results){ header("Location: download.php?actionflag=registered"); exit(); } } ?> With my understanding of the basic premise, IF there's no errors reported in the form fields then it should run this function which would insert the data into the database. I didn't post the mail function simply because I feel that if I get this to work then the other will automatically work as it's probably something stupid that I don't know or didn't code properly ??? Thanks in advance!

Ok, got that worked out. Learn more each day! Thanks, guys.

First, thanks for the posts My logical mind tells me that $err is set IF there's an error in one of the fields being validated. In other words: if ($name=="") { $err.= "Please enter your name.<br/>"; Would that not set a value for $err?

I'm trying to validate the fields in a simple contact form (about 6 fields) and using this code to display the errors: <div align='center'><font color='red'><strong id='errorTitle'><?= !empty($eg_error) ? 'One or more input fields on the form has not been correctly completed.' : '' ?></strong> <? // Loop through all errors if(!empty($err)) { ?> <ul> <? foreach($err as $value) { ?> <li id='errorMess'><? echo $value ?></li> <? } ?> </ul> <? } ?> And using this to check the fields: <? // input error checking if ($name=="") { $err.= "Please enter your name.<br/>"; } if (!$phone==""){ $err.= "Please enter your phone number.<br/>"; } if (!$email) { $err.= "Please provide your email address<br>"; } if ($email) { if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { $err.= $email. " is not a valid email address.<br/>"; } } /* if (!$secure) { $err.= "No security code entered<br/>"; } if (($secure!=$match) && ($secure!="")) { $err.= "Security code mismatch. Please re-enter.<br/>"; } */ if ($err=="") { // mail the results to admin send_ebook_mail(); // run the query ebook_insert(); } ?> I get this error: Which is, of course, the foreach statement line. Help?

Gentlemen, thanks again for your help! I added the LIMIT 1 just as additional precaution. The WHERE clause should prohibit multiples on its own but extra protection is a good thing.