cberube09 Posted March 3, 2009 Share Posted March 3, 2009 Hello. First of all let me state that I am new to PHP and have only begun to learn it. Today I set off trying to create my own server-side PHP form validation that would alert the user if certain parts of the form were not filled out correctly without deleting the user's data. The solution that I have come up with works, but it is very inefficient and cumbersome. Here is the code of the form: <div align="center" class="maincontent"> <h1>Post an Editorial</h1> <form method="post" id="addeditorialform" action="index.php"> <div> <label for="categoryselect">Category<br /></label> <select name="categoryselect"><option value="Business">Business</option><option value="Current Events">Current Events</option><option value="Economy">Economy</option><option value="Government Policy">Government Policy</option><option value="Philosophy">Philosophy</option><option value="Products">Products</option><option value="Science">Science</option><option value="Technology">Technology</option></select> </div> <br /> <div> <label for="editorialtitle">Title of Editorial<br /></label> <input id="editorialtitle" name="editorialtitle" type="text" /> </div> <br /> <div> <label for="editorialcontent">Editorial Content</label> <br /> <textarea id="editorialcontent" name="editorialcontent" cols="40" rows="15"></textarea> </div> <br /> <div> <input id="send" name="send" type="submit" value="Submit" /> <input type="hidden" name="content" value="addeditorial" /> </div> <br /> </form> </div> And here is the code of the validation/submition file: <div align="center" class="maincontent"> <?php if (!isset($_POST['send'])) { echo "<h1>Error: </h1> <p>Accessing this page directly is not allowed.</p>"; exit; } global $error; $error=0; function newForm() { $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; echo"<div class=\"maincontent\">"; echo"<h1>Post an Editorial</h1>"; echo"<form method=\"post\" id=\"addeditorialform\" action=\"index.php\">"; echo"<div>"; echo"<label for=\"categoryselect\">Category<br /></label>"; echo"<select name=\"categoryselect\"><option value=\"$categoryselect\">$categoryselect</option></select>"; echo"</div>"; echo"<br />"; echo"<div>"; echo"<label for=\"editorialtitle\">Title of Editorial<br /></label>"; echo"<input id=\"editorialtitle\" name=\"editorialtitle\" type=\"text\" value=\"$editorialtitle\" />"; echo"</div>"; echo"<br />"; echo"<div>"; echo"<label for=\"editorialcontent\">Editorial Content</label>"; echo"<br />"; echo"<textarea id=\"editorialcontent\" name=\"editorialcontent\" cols=\"40\" rows=\"15\">$editorialcontent</textarea>"; echo"</div>"; echo"<br />"; echo"<div>"; echo"<input id=\"send\" name=\"send\" type=\"submit\" value=\"Submit\" />"; echo"<input type=\"hidden\" name=\"content\" value=\"addeditorial\" />"; echo"</div>"; echo"<br />"; echo"</form>"; echo"</div>"; } function cleanUp($data) { $data = trim(strip_tags(htmlspecialchars($data))); return $data; } $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; cleanUp($editorialtitle); cleanUp($editorialcontent); if (!get_magic_quotes_gpc()) { $categoryselect=addslashes($categoryselect); $editorialtitle=addslashes($editorialtitle); $editorialcontent=addslashes($editorialcontent); } if((empty($editorialtitle))) { $error=$error+1; } if((empty($editorialcontent))) { $error=$error+4; } if((strlen($editorialtitle)) < 4) { $error=$error+8; } if((str_word_count($editorialcontent)) < 50) { $error=$error+16; } switch ($error) { case 0: include("config.php"); include("dbconnect.php"); $query="INSERT INTO editorials (category, date, time, title, article) VALUES ('$categoryselect', NOW(), CURTIME(), '$editorialtitle', '$editorialcontent')"; $result=mysql_query($query) or die('Sorry, could not query the database'."Error: ".mysql_error); if ($result) { echo "<h3>Your editorial has been successfully posted!</h3>\n"; }else { echo "<h3>Sorry, there was a problem posting your editorial</h3>"; } break; case 8: echo"<div class=\"formerror\"><h3>Error: Your title must be at least 4 characters long!</h3></div><br>"; newForm(); break; case 9: echo"<div class=\"formerror\"><h3>Error: Your title must be at least 4 characters long!</h3></div><br>"; newForm(); break; case 16: echo"<div class=\"formerror\"><h3>Error: Your editorial must be at least 50 words long!</h3></div><br>"; newForm(); break; case 20: echo"<div class=\"formerror\"><h3>Error: Your editorial must be at least 50 words long!</h3></div><br>"; newForm(); break; default: echo"<div class=\"formerror\">"; echo"<h3>Error: Your title must be at least 4 characters long!</h3>"; echo"<h3>Error: Your editorial must be at least 50 words long!</h3>"; echo"</div>"; newForm(); break; } ?> </div> As you can see, the form is a very simple one with three fields. I have created cases in a switch structure for every possible outcome of form errors, which like I stated above is extremely cumbersome and difficult. It also takes a lot of code. I want to find a way to shrink this code down. As a final result, I want the MAINCONTAINER div to hold the results of the exact error, not a general error. I tried setting up an array for the if((empty($editorialtitle))) condition and using push_array for the rest, but that only worked if there was an error in the if((empty($editorialtitle))) Furthermore, when there was an error in that condition, and an array could be successfully output, I could not figure out what to do after that. I attempted to use in_array and array_key_exists but could not find a solution to my problem. Thanks for taking the time to read this. Can you help me? Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/ Share on other sites More sharing options...
WolfRage Posted March 3, 2009 Share Posted March 3, 2009 1: Rewrite all of your echo statements that are not outputting a variable using a single qoute. Using double qoutes puts php into eval mode, meaning it is looking for variables to convert. 2: If this page is not susposed be accessed directly then why have it echo so much information, instead have it return a string or better yet an array of errors that can then be echoed by the form page on failure. 3: You should use an array to store different errors in your error checking, this will eliminate the need to have switch statements, instead if there is an error your array will exist and you can return that to the form where it can echo the errors in the proper locations. 4: Finally security! Never trust user input, particularly when inserting directly into a data base.... SQL Injection is why to easy. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-775281 Share on other sites More sharing options...
cberube09 Posted March 4, 2009 Author Share Posted March 4, 2009 Hi, thanks for the reply. I understand now what you mean about double quotes and have replaced them with the singe quotes. The page is not supposed to be accessed directly because of security issues with spam from search engines, or at least thats my thinking. The reason there is so many echoes is because it is the only way I know of showing the user the form with the information that was already filled in. (I do not know how to show the complete drop down menu on the second form though). I understand what you mean about creating the arrays and then checking if they are present, but how do I deal with more than one error present (i.e. more than one array?) I am not sure how I would be able to output only one error or another, or multiple errors using arrays. Lastly, I know security is important, but what exactly is it that is insecure about this script? I tried to remove the PHP and HTML tags and convert the remaining characters into text using htmlspecialchars. What else can I do? Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-775952 Share on other sites More sharing options...
WolfRage Posted March 4, 2009 Share Posted March 4, 2009 1: The example below uses your form function. Just like echo with single quotes is faster than with doubles, not parsing the HTML at all is even faster. I call this breaking in and out of PHP, thus I only use the parser when I need to. Don't forget though if you do echo a line and it has a variable in it you need to use double quotes to put PHP in eval mode. Breaking in and out of php is very useful especially for looping, you can just call that function and it will constantly pass the HTML. <?php function newForm() { $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; ?> <div class="maincontent"> <h1>Post an Editorial</h1> <form method="post" id="addeditorialform" action="index.php"> <div> <label for="categoryselect">Category<br /></label> <select name="categoryselect" value="<?php echo $categoryselect; ?>"><option value="Business">Business</option><option value="Current Events">Current Events</option><option value="Economy">Economy</option><option value="Government Policy">Government Policy</option><option value="Philosophy">Philosophy</option><option value="Products">Products</option><option value="Science">Science</option><option value="Technology">Technology</option></select> </div> <br /> <div> <label for="editorialtitle">Title of Editorial<br /></label> <input id="editorialtitle" name="editorialtitle" type="text" value="<?php echo $editorialtitle; ?>" /> </div> <br /> <div> <label for="editorialcontent">Editorial Content</label> <br /> <textarea id="editorialcontent" name="editorialcontent" cols="40" rows="15"><?php echo $editorialcontent; ?></textarea> </div> <br /> <div> <input id="send" name="send" type="submit" value="Submit" /> <input type="hidden" name="content" value="addeditorial" /> </div> <br /> </form> </div> <?php } ?> 2: I added a value field to your select menu so that the one they chose will still be selected. 3: Dealing with an error handling array. <?php if((empty($editorialtitle))) { $error=array('edittorialtitle'=>'<div class="formerror"><h3>Error: Your title field is empty!</h3></div><br>'); } if((empty($editorialcontent))) { $error=array('editorialcontent'=>'<div class="formerror"><h3>Error: Your Editorial field is empty!</h3></div><br>'); } if((strlen($editorialtitle)) < 4) { $error=array('edittorialtitle'=>'<div class="formerror"><h3>Error: Your title must be at least 4 characters long!</h3></div><br>'); } if((str_word_count($editorialcontent)) < 50) { $error=array('editorialcontent'=>'<div class="formerror"><h3>Error: Your editorial must be at least 50 words long!</h3></div><br>'); } if (!isset($error)) { include("config.php"); include("dbconnect.php"); $query="INSERT INTO editorials (category, date, time, title, article) VALUES ('$categoryselect', NOW(), CURTIME(), '$editorialtitle', '$editorialcontent')"; $result=mysql_query($query) or die('Sorry, could not query the database'."Error: ".mysql_error); if ($result) { echo "<h3>Your editorial has been successfully posted!</h3>\n"; }else { echo "<h3>Sorry, there was a problem posting your editorial</h3>"; } } else { echo $error['edittorialtitle']; echo $error['editorialcontent']; //Best part about this technique is it is super small, and if there is an error it will be printed if not nothing is printed. newForm(); } ?> I think that will help you out a lot when making error handlers. 4: Sorry I did not see your cleanUp function when I stated that. But for every piece of data that I do not need any special characters like "@" I use htmlentities(); Be sure to check my work for any errors as I was doing this pretty fast. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776123 Share on other sites More sharing options...
cberube09 Posted March 5, 2009 Author Share Posted March 5, 2009 First of all, I would like to thank you for the excellent help...I really couldn't appreciate it more. Unfortunately, I still have a few problems that for the life of me, I cannot figure out! First of all, the value field in the select menu is not a valid option. I know that selected="selected" is the way to select a value by default and this is put in the <option> tag. For example, <option value="Business" selected="selected"> will select the Business field by default. Second of all, I changed the double t's in edittorialtitle back to editorialtitle as it should be. Then, I rant the form without any input. The echo $error['editorialcontent']; works beautifully, yet the echo $error['editorialtitle']; throws an error Notice: Undefined index: editorialtitle in C:\wamp\www\udeclare\addeditorial.inc.php on line 100 Here is the current code for reference: <div align="center" class="maincontent"> <?php if (array_key_exists('submit',$_POST)){ //Form has been submitted } function newForm() { $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; ?> <div class="maincontent"> <h1>Post an Editorial</h1> <form method="post" id="addeditorialform" action="index.php"> <div> <label for="categoryselect">Category<br /></label> <select name="categoryselect"><option value="Business">Business</option><option value="Current Events">Current Events</option><option value="Economy">Economy</option><option value="Government Policy">Government Policy</option><option value="Philosophy">Philosophy</option><option value="Products">Products</option><option value="Science">Science</option><option value="Technology">Technology</option></select> </div> <br /> <div> <label for="editorialtitle">Title of Editorial<br /></label> <input id="editorialtitle" name="editorialtitle" type="text" value="<?php echo $editorialtitle; ?>" /> </div> <br /> <div> <label for="editorialcontent">Editorial Content</label> <br /> <textarea id="editorialcontent" name="editorialcontent" cols="40" rows="15"><?php echo $editorialcontent; ?></textarea> </div> <br /> <div> <input id="send" name="send" type="submit" value="Submit" /> <input type="hidden" name="content" value="addeditorial" /> </div> <br /> </form> </div> <?php } ?> <?php function cleanUp($data) { $data = trim(strip_tags(htmlspecialchars($data))); return $data; } $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; cleanUp($editorialtitle); cleanUp($editorialcontent); if (!get_magic_quotes_gpc()) { $categoryselect=addslashes($categoryselect); $editorialtitle=addslashes($editorialtitle); $editorialcontent=addslashes($editorialcontent); } if((empty($editorialtitle))) { $error=array('editorialtitle'=>'<div class="formerror"><h3>Error: Your title field is empty!</h3></div><br>'); } if((empty($editorialcontent))) { $error=array('editorialcontent'=>'<div class="formerror"><h3>Error: Your editorial field is empty!</h3></div><br>'); } if((strlen($editorialtitle)) < 4) { $error=array('editorialtitle'=>'<div class="formerror"><h3>Error: Your title must be at least 4 characters long!</h3></div><br>'); } if((str_word_count($editorialcontent)) < 50) { $error=array('editorialcontent'=>'<div class="formerror"><h3>Error: Your editorial must be at least 50 words long!</h3></div><br>'); } if (!isset($error)) { include("config.php"); include("dbconnect.php"); $query="INSERT INTO editorials (category, date, time, title, article) VALUES ('$categoryselect', NOW(), CURTIME(), '$editorialtitle', '$editorialcontent')"; $result=mysql_query($query) or die('Sorry, could not query the database'."Error: ".mysql_error); if ($result) { echo "<h3>Your editorial has been successfully posted!</h3>\n"; }else { echo "<h3>Sorry, there was a problem posting your editorial</h3>"; } } else { echo $error['editorialtitle']; echo $error['editorialcontent']; //Best part about this technique is it is super small, and if there is an error it will be printed if not nothing is printed. newForm(); } ?> </div> Next, it seems as if this array will output fine if there is a single error on the form, but if there is more than one error it seems as if it will not work?? Or do I just need an explanation for this? Lastly, and this is a little off topic, but how would I add a WYSIWYG text editor to the <textarea> field on the form that holds 'editorialcontent'? Like on this forum? Once again, thanks for all the help. I've learned more already than I could in a long time by just reading tutorials of other people's scripts. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776858 Share on other sites More sharing options...
dt192 Posted March 5, 2009 Share Posted March 5, 2009 try replacing $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; with if(isset($_POST['categoryselect'])){$categoryselect=$_POST['categoryselect'];}else{$categoryselect='';} etc etc that should fix the index error Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776898 Share on other sites More sharing options...
cberube09 Posted March 5, 2009 Author Share Posted March 5, 2009 Hi dt192, Thanks for the suggestion, but that did not work. I don't understand why it can't find it... Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776918 Share on other sites More sharing options...
dt192 Posted March 5, 2009 Share Posted March 5, 2009 ok change echo $error['editorialtitle']; echo $error['editorialcontent']; to if(isset($error['editorialtitle']){echo $error['editorialtitle'];} etc basicly you always have to check that variables are set before them, if you try to use a veriable or array that doesnt exist you will get an error Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776927 Share on other sites More sharing options...
cberube09 Posted March 5, 2009 Author Share Posted March 5, 2009 Thanks, that did the trick! I understand what you mean about the variables having to exist. The current code however cannot display different combinations of errors. For example when a blank form is submitted, only "Error: Your editorial must be at least 50 words long!" shows up! Also, does anybody know how to get the <select> drop-down menu to display the last chosen variable? Or about adding a WYSIWYG editor to the <textarea>? Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776962 Share on other sites More sharing options...
phpdragon Posted March 5, 2009 Share Posted March 5, 2009 the way to get a selected feild is not selected="selected" its is simply just selected no quotes no ==anything Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776965 Share on other sites More sharing options...
cberube09 Posted March 5, 2009 Author Share Posted March 5, 2009 Hmm i'm pretty sure that selected="selected" is the XHTML compliant version of that? In either case, how would I go about adding that to the last selected option in the menu? I know I have to use the $categoryselect command, but where and how do I implement this? Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-776966 Share on other sites More sharing options...
WolfRage Posted March 5, 2009 Share Posted March 5, 2009 Alright I want to help you out but lets see the latest version of the code. I would take care of the select="selected" issue by wrapping that peice of html in a PHP switch statement, which will place the select="selected" with the right option then echo the right option. So far as error handling, I am not sure what the issue was there, but now that you are using an array for errors you can add as many error checks as you need to. Then just echo them. Sorry to say it dragon but you are wrong, Attribute Minimization Is Forbidden in XHTML. Read the below link. http://www.w3schools.com/Xhtml/xhtml_syntax.asp Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-777065 Share on other sites More sharing options...
phpdragon Posted March 5, 2009 Share Posted March 5, 2009 My apologies it appears I have been misguided in the past and have used it since. It has always worked and it has never produced an error when using the w3c compliant online page tester. After reading that link I now agree with wolfrage Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-777143 Share on other sites More sharing options...
cberube09 Posted March 6, 2009 Author Share Posted March 6, 2009 phpdragon, No problem, i'm glad that more than one person learned something from this So I have figured out how to get the previously selected item from the drop down list to show up, and have successfully implemented TinyMCE as a WYSIWYG textarea replacement. So now....my only problem. Here is the current code: <script type="text/javascript" src="tiny_mce/tiny_mce.js"></script> <script type="text/javascript"> tinyMCE.init({ theme : "advanced", convert_urls : false, mode : "textareas" }); </script> <div align="center" class="maincontent"> <?php if (array_key_exists('submit',$_POST)){ //Form has been submitted } $categoryselect=$_POST['categoryselect']; function newForm() { $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; ?> <div class="maincontent"> <div class='boldunderl'>Post an Editorial</div><br /> <form method="post" id="addeditorialform" action="index.php"> <div> <label for="categoryselect">Category<br /></label> <select name='categoryselect'><option value="<?php echo $categoryselect; ?>" name="<?php echo $categoryselect; ?>" /><?php echo $categoryselect; ?></option> <?php include("config.php"); include("dbconnect.php"); $query="SELECT category FROM categories ORDER BY category"; $result=mysql_query($query) or die('Sorry, could not query the database'."Error: ".mysql_error); while($row=mysql_fetch_assoc($result)){ $categoryselect=$row['category']; echo"<option value='$categoryselect' name='$categoryselect'>$categoryselect</option>"; } ?> </select> </div> <br /> <div> <label for="editorialtitle">Title of Editorial<br /></label> <input id="editorialtitle" name="editorialtitle" type="text" value="<?php echo $editorialtitle; ?>" /> </div> <br /> <div> <label for="editorialcontent">Editorial Content</label> <br /> <textarea id="editorialcontent" name="editorialcontent" cols="40" rows="15"><?php echo $editorialcontent; ?></textarea> </div> <br /> <div> <input id="send" name="send" type="image" value="Submit" src="images/submit.png" /> <input type="hidden" name="content" value="addeditorial" /> </div> <br /> </form> </div> <?php } ?> <?php function cleanUp($data) { $data = trim(strip_tags(htmlspecialchars($data))); return $data; } $categoryselect=$_POST['categoryselect']; $editorialtitle=$_POST['editorialtitle']; $editorialcontent=$_POST['editorialcontent']; cleanUp($editorialtitle); cleanUp($editorialcontent); if (!get_magic_quotes_gpc()) { $categoryselect=addslashes($categoryselect); $editorialtitle=addslashes($editorialtitle); $editorialcontent=addslashes($editorialcontent); } if((empty($categoryselect))) { $error=array('categoryselect'=>'<div class="formerror"><div class=boldcenter>Error: You must choose a category!</div></div><br>'); } if((empty($editorialtitle))) { $error=array('editorialtitle1'=>'<div class="formerror"><div class=boldcenter>Error: Your title field is empty!</div></div><br>'); } if((empty($editorialcontent))) { $error=array('editorialcontent1'=>'<div class="formerror"><div class=boldcenter>Error: Your editorial field is empty!</div></div><br>'); } if((strlen($editorialtitle)) < 4) { $error=array('editorialtitle2'=>'<div class="formerror"><div class=boldcenter>Error: Your title must be at least 4 characters long!</div></div><br>'); } if((str_word_count($editorialcontent)) < 50) { $error=array('editorialcontent2'=>'<div class="formerror"><div class=boldcenter>Error: Your editorial must be at least 50 words long!</div></div><br>'); } if (!isset($error)) { include("config.php"); include("dbconnect.php"); $query="INSERT INTO editorials (category, date, time, title, article) VALUES ('$categoryselect', NOW(), CURTIME(), '$editorialtitle', '$editorialcontent')"; $result=mysql_query($query) or die('Sorry, could not query the database'."Error: ".mysql_error); if ($result) { echo "<div class=boldcenter>Your editorial has been successfully posted!</div>\n"; }else { echo "<div class=boldcenter>Sorry, there was a problem posting your editorial</div>"; } } else { if(isset($error['categoryselect'])){echo $error['categoryselect'];} if(isset($error['editorialtitle1'])){echo $error['editorialtitle1'];} if(isset($error['editorialcontent1'])){echo $error['editorialcontent1'];} if(isset($error['editorialtitle2'])){echo $error['editorialtitle2'];} if(isset($error['editorialcontent2'])){echo $error['editorialcontent2'];} newForm(); } ?> </div> Basically, I first added a 1 and a 2 to the end of fields that have the same name but can have different error messages. My current problem is this. Only the last array if(isset($error['editorialcontent2'])){echo $error['editorialcontent2'];} is working! So if you submit a form, you get only one error which is this last error. I tried removing all the if statements from all the checks so that it would definitely add an item to each array, and I removed the checks on the echos for the contents of the arrays. The results of this were I got many undefined indexes (which I shouldn't have because they were all declared) and I only got one error message, the last echo in the list.... Can anyone see the problem? I have been unable to figure it out. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-777893 Share on other sites More sharing options...
cberube09 Posted March 7, 2009 Author Share Posted March 7, 2009 Does anybody have any ideas as to why all of the arrays are not getting their values set? I don't think the problem is with the echo because, as I stated before, I tried removing all the if statements from all the checks so that it would definitely add an item to each array, and I removed the checks on the echos for the contents of the arrays. The results of this were I got many undefined indexes (which I shouldn't have because they were all declared) and I only got one error message, the last echo in the list.... Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-778944 Share on other sites More sharing options...
redarrow Posted March 7, 2009 Share Posted March 7, 2009 can you kindly post the code only that dose not work, as i don't understand your coding sorry. i don't even see why JavaScript is used in this code it like a wast off time. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-778951 Share on other sites More sharing options...
WolfRage Posted March 7, 2009 Share Posted March 7, 2009 Yes I see a problem, your script is working correctly, but you forgot to ustilized an if statement that you setup. The one that is susposed to bypass error checking if nothing has been submitted. This one: <?php if (array_key_exists('submit',$_POST)){ //Form has been submitted } ?> So make it encapsulate the rest of the code that it is susposed to and then your form should work correctly. Let me know if you have any further troubles. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-778973 Share on other sites More sharing options...
cberube09 Posted March 7, 2009 Author Share Posted March 7, 2009 can you kindly post the code only that dose not work, as i don't understand your coding sorry. i don't even see why JavaScript is used in this code it like a wast off time. Sorry, but the reason I included the code of the entire page is because I don't know where the error is. The javascript is absolutely not a waste as it sets up a WYSIWYG editor in the textarea for guests to format their submissions, just like this forum. Yes I see a problem, your script is working correctly, but you forgot to ustilized an if statement that you setup. The one that is susposed to bypass error checking if nothing has been submitted. This one: <?php if (array_key_exists('submit',$_POST)){ //Form has been submitted } ?> So make it encapsulate the rest of the code that it is susposed to and then your form should work correctly. Let me know if you have any further troubles. I attempted to do this and had no luck. I then even removed this code altogether and still get the same result. I'm out of ideas! Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-779000 Share on other sites More sharing options...
cberube09 Posted March 9, 2009 Author Share Posted March 9, 2009 Anybody? Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-780045 Share on other sites More sharing options...
WolfRage Posted March 9, 2009 Share Posted March 9, 2009 Honestly I do not see an error in the code. I will have to test run it on my local later tonight then I will get back to you, but maybe be me reposting some one else will get a look at it and spot something we have missed. Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-780184 Share on other sites More sharing options...
cberube09 Posted March 9, 2009 Author Share Posted March 9, 2009 Thanks a lot! I actually am writing to note that I just got the script to work correctly, but I believe I have cheated around the system a little. I have assigned each error to its own variable so that the affected section of code now looks like this... if((empty($categoryselect))) { $error1=array('categoryselect'=>'<div class="formerror"><div class=boldcenter>Error: You must choose a category!</div></div><br>'); } if((empty($editorialtitle))) { $error2=array('editorialtitle1'=>'<div class="formerror"><div class=boldcenter>Error: Your title field is empty!</div></div><br>'); } if((empty($editorialcontent))) { $error3=array('editorialcontent1'=>'<div class="formerror"><div class=boldcenter>Error: Your editorial field is empty!</div></div><br>'); } if((strlen($editorialtitle)) < 4) { $error4=array('editorialtitle2'=>'<div class="formerror"><div class=boldcenter>Error: Your title must be at least 4 characters long!</div></div><br>'); } if((str_word_count($editorialcontent)) < 50) { $error5=array('editorialcontent2'=>'<div class="formerror"><div class=boldcenter>Error: Your editorial must be at least 50 words long!</div></div><br>'); } if (!isset($error1) && !isset($error2) && !isset($error3) && !isset($error4) && !isset($error5)) { include("config.php"); include("dbconnect.php"); $query="INSERT INTO editorials (category, date, time, title, article) VALUES ('$categoryselect', NOW(), CURTIME(), '$editorialtitle', '$editorialcontent')"; $result=mysql_query($query) or die('Sorry, could not query the database'."Error: ".mysql_error); if ($result) { echo "<div class=boldcenter>Your editorial has been successfully posted!</div>\n"; }else { echo "<div class=boldcenter>Sorry, there was a problem posting your editorial</div>"; } } else { if(isset($error1['categoryselect'])){echo $error1['categoryselect'];} if(isset($error2['editorialtitle1'])){echo $error2['editorialtitle1'];} if(isset($error3['editorialcontent1'])){echo $error3['editorialcontent1'];} if(isset($error4['editorialtitle2'])){echo $error4['editorialtitle2'];} if(isset($error5['editorialcontent2'])){echo $error5['editorialcontent2'];} newForm(); } Is this necessary to do, or should I be able to use the $error variable for all of the assigned arrays? Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-780562 Share on other sites More sharing options...
dt192 Posted March 12, 2009 Share Posted March 12, 2009 high why dont you just not use an array i usually just use a string so first i declare it empty at the top $error=''; then in the (form posted) section as i do my checks on the feilds if theres an error i add it like $error.='Name was missing<br/>'; $error.='something else was missing<br/>'; then at the end still inside the (form posted) section if($error!=''){$error='<div style="background:#FF0000">'.$error.'</div>';} you can apply whatever styling you want to the message above, i also use it for success if im submitting the form to its self by using if($error!=''){$error='<div style="background:#FF0000">'.$error.'</div>';}else{$error='<div style="background:#00FF00">Form submitted</div>';} then i break out of the (form posted) and in the main page i just above the form i use <?php echo $error; ?> which would output nothing if the form hasnt been posted, a red box with errors if there are errors and a green box if it was submited successfully Quote Link to comment https://forums.phpfreaks.com/topic/147698-a-better-way-for-php-form-validation/#findComment-783173 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.