vailidating

[runnerjp]

hey guys i have this

 

  if($_POST["birthday"]=="-YEAR-") {
        $error['birthday'] = true;
         $print_again = true;
        $message="Please select a dob<br>";

but it does not work... how can i have it so -YEAR- is not selected in my drop down menu and submitted only dates like 2008 ect

[thebadbad]

You really should use a label instead:

 

<label for="box">Year:</label>
<select id="box">
</select>

 

I guess the problem with your code is, that the value for the "-YEAR-" option isn't set. Remember that $_POST['birthday'] will contain what's defined with the value attribute in <option value="-YEAR-">-YEAR-</option>.

[thebadbad]

Or try disabling the -YEAR- option with <option disabled="disabled">-YEAR-</option>.

[runnerjp]

ok i suppose thats a way around it

ok what about this

 

    if($_POST["first_name"]=="") {

        $error['first_name'] = true;

        $print_again = true;

        $message="The first name field is empty<br>";

 

how can i make this so you can only have text and it be between 3 and 15 char long :S

 

i thought maybe

 

  if($_POST["first_name"]=="" ||  !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i") {
        $error['first_name'] = true;
         $print_again = true;
        $message="The first name field is empty<br>";

 

but i get unexpected {

[runnerjp]

bmp

[msimonds]

ok i suppose thats a way around it

ok what about this

 

    if($_POST["first_name"]=="") {

        $error['first_name'] = true;

        $print_again = true;

        $message="The first name field is empty<br>";

 

how can i make this so you can only have text and it be between 3 and 15 char long :S

 

i thought maybe

 

  if($_POST["first_name"]=="" ||  !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i") {
        $error['first_name'] = true;
         $print_again = true;
        $message="The first name field is empty<br>";

 

but i get unexpected {

 

You had an error in your if statement

 

try this

if (($_POST["first_name"] == "") || (!preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i")))
{
    $error['first_name'] = true;
    $print_again = true;
    $message = "The first name field is empty<br>";
}

 

that should clean up the error you are getting

 

 

[runnerjp]

ok with this

 

global $HTTP_POST_VARS, $error, $print_again;
$error['error'] = false;
if (($_POST["first_name"] == "") || !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i"))
{
    $error['first_name'] = true;
    $print_again = true;
    $message = "The first name field is empty<br>";
} 
   if($_POST["last_name"]=="") {
        $error['last_name'] = true;
         $print_again = true;
        $message="The last name field is empty<br>";
    }
  if($_POST["club"]=="") {
        $error['club'] = true;
         $print_again = true;
        $message="Please select a club<br>";
    }
  if($_POST["birthyear"]=="-DAY-") {
        $error['birthyear'] = true;
         $print_again = true;
        $message="Please select a dob<br>";
    }
  if($_POST["birthmonth"]=="-MONTH-") {
        $error['birthmonth'] = true;
         $print_again = true;
        $message="Please select a dob<br>";
    }
  if($_POST["birthday"]=="-YEAR-") {
        $error['birthday'] = true;
         $print_again = true;
        $message="Please select a dob<br>";
    }

i get Warning: preg_match() expects at least 2 parameters, 1 given in /home/runningp/public_html/members/include/update.php on line 311

 

should i be sticking   $id =  mysql_real_escape_string( $_POST['id']);

 

$club = mysql_real_escape_string( $_POST['club']);

$first_name = mysql_real_escape_string( $_POST['first_name']);

$last_name =  mysql_real_escape_string( $_POST['last_name']);

$gender =  mysql_real_escape_string( $_POST['gender']);

$birthyear =  mysql_real_escape_string( $_POST['birthyear']);

$birthmonth =  mysql_real_escape_string( $_POST['birthmonth']);

$birthday =  mysql_real_escape_string( $_POST['birthday']);

$dob = $birthday.'-'.$birthmonth.'-'.$birthyear;

above it all to make it easyer?

[msimonds]

Your missing the value to check in your preg_match

 

if (($_POST["first_name"] == "") || (!preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $_POST["first_name"])))
{
    $error['first_name'] = true;
    $print_again = true;
    $message = "The first name field is empty<br>";
}

 

it has to have two parameters for that function to work

[msimonds]

ALSO

 

before you assign individual variables to the $_POST array and you want to put every field in the $_POST array through one specific function, you can do this:

 

 

 

$_POST = array_map('mysql_real_escape_string',$_POST);

 

then assign the individual variables to each value in the $_POST array

 

 

[runnerjp]

humm its intresting

 

if(isset($_POST["basic"])) {
    check_form();
} else {
    show_form();
}

function check_form()
{
global $HTTP_POST_VARS, $error, $print_again;
$error['error'] = false;
if (($_POST["first_name"] == "") || (!preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $_POST["first_name"])))
{
    $error['first_name'] = true;
    $print_again = true;
    $message = "The first name field is empty or contains wrong data<br>";
}

if (($_POST["last_name"] == "") || (!preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $_POST["last_name"])))
{
    $error['last_name'] = true;
    $print_again = true;
    $message = "The last name field is empty or contains wrong data<br>";
}
    }
  if($_POST["club"]=="") {
        $error['club'] = true;
         $print_again = true;
        $message="Please select a club<br>";
    }
  if($_POST["birthyear"]=="-DAY-") {
        $error['birthyear'] = true;
         $print_again = true;
        $message="Please select a dob<br>";
    }
  if($_POST["birthmonth"]=="-MONTH-") {
        $error['birthmonth'] = true;
         $print_again = true;
        $message="Please select a dob<br>";
    }
  if($_POST["birthday"]=="-YEAR-") {
        $error['birthday'] = true;
         $print_again = true;
        $message="Please select a dob<br>";
    }
     if($print_again) {
         show_form();
       
       } else {
        show_form();
           $message="All Fields are valid <br>";
	   $id =  mysql_real_escape_string( $_POST['id']);

$club = mysql_real_escape_string( $_POST['club']);
$first_name = mysql_real_escape_string( $_POST['first_name']);
$last_name =  mysql_real_escape_string( $_POST['last_name']);
$gender =  mysql_real_escape_string( $_POST['gender']);
$birthyear =  mysql_real_escape_string( $_POST['birthyear']);
$birthmonth =  mysql_real_escape_string( $_POST['birthmonth']);
$birthday =  mysql_real_escape_string( $_POST['birthday']);
$dob = $birthday.'-'.$birthmonth.'-'.$birthyear;






$update = "UPDATE users SET new_user='1',dob='$dob', club= '$club', first_name = '$first_name', gender = '$gender', last_name = '$last_name' WHERE id='$id' ";
$result = mysql_query($update);

// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
    $er  = 'Invalid query: ' . mysql_error() . "\n";
    $er .= 'Whole query: ' . $query;
    die($er);
       }}
  echo '			<p class="error">' . $message . '</p>' . "\n";

 

if i enter "£$% symbols for example then it will not not me submit form.. thats good but it does not show any error message at all

 

BUT

 

if i enter 1234 then it lets me submit it with the message All Fields are valid

[msimonds]

I am not the best at regular expressions by any means

 

BUT

 

shouldn't this line

 

(!preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $_POST["first_name"])

 

BE

 

(preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $_POST["first_name"])

 

 

basically you should remove the "!", because if you have that check in there, you are basically stating that you are not looking for that pattern?

 

I maybe wrong, just a guess though

[runnerjp]

ahh yes thats good .. how would i stop ' or @ being used?