[SOLVED] Simple Code Not Working

[objN00B]

New to PHP. My simple code is not working. Any Ideas?

Also, I seen in another thread mention a built-in function that prints errors.

My PHP install use to print errors by default, 2 days ago, now it just serves

blank pages on errors. However, I have changed no settings. Strange.

 

<?php

if (!isset($_POST['phase'])) { //phase has not been set
//DISPLAY FORM
echo "<form method='post' action='form.php'>
		Your Name:
	  	<input type='text' name='fFirst_Name'><br />
		<input type='hidden' name='phase' value='validate'>
		<input type='submit' value='Submit Form'>
	  </form>";

} elseif ($_POST['phase'] == "validate") {
$first_name = $_POST['fFirst_Name'];
//define error codes
define(eFirst_Name1, "<font color='red'>You must enter your name please!</font>");
define(eFirst_Name2, "<font color='red'>Your name must be 3 or more characters long</font>");
//validate data

	if (!isset($first_name)){
		echo "<form method='post' action='form.php'>
		Your Name:
	  	<input type='text' name='fFirst_Name'> $eFirst_Name1 <br />
		<input type='hidden' name='phase' value='validate'>
		<input type='submit' value='Submit Form'>
	    </form>";
	} elseif (strlen($first_name) =< 2) {
	    echo "<form method='post' action='form.php'>
		Your Name:
	  	<input type='text' name='fFirst_Name'> $eFirst_Name2 <br />
		<input type='hidden' name='phase' value='validate'>
		<input type='submit' value='Submit Form'>
	    </form>";

	} else {
		echo 'Hello, ' . $first_name . '!';

	}

}
?>

 

Thanks for any input!

 

EDIT: Found missing ; at set variable $first_name. Still not working.

[objN00B]

The ERRORs in the above code were incorrectly using the define function.

I was not closing the constant name with double quotes.

 

Also after getting it to work. I noticed $_POST will return a NULL value

for any empty text fields. So I changed the validation code

if (!isset($first_name)

to

if ($first_name == NULL)

This allows the proper corresponding errors to be displayed.

 

New Code:

<?php
define("eFirst_Name1", "<font color='red'>You must enter your name please!</font>");
define("eFirst_Name2", "<font color='red'>Your name must be 3 or more characters long</font>");

if (! isset($_POST['phase'])) { //phase has not been set
//DISPLAY FORM
echo ('<form method="post" action="form.php">
		Your Name:
	  	<input type="text" name="fFirst_Name"><br />
		<input type="hidden" name="phase" value="validate">
		<input type="submit" value="Submit Form">
	  </form>');

} elseif ($_POST['phase'] == 'validate') {
$first_name = $_POST['fFirst_Name'];
//define error codes

//validate data

	if ($first_name == NULL) {
			echo ('<form method="post" action="form.php">
		Your Name:
	  	<input type="text" name="fFirst_Name">'.eFirst_Name1.'<br />
		<input type="hidden" name="phase" value="validate">
		<input type="submit" value="Submit Form">
	  </form>');
	} elseif (strlen($first_name) <= 2) {
	   	echo ('<form method="post" action="form.php">
		Your Name:
	  	<input type="text" name="fFirst_Name">'.eFirst_Name2.'<br />
		<input type="hidden" name="phase" value="validate">
		<input type="submit" value="Submit Form">
	  </form>');

	} else {
		echo 'Hello, ' . $first_name . '!';

	}

}
?>

[POG1]

Be careful when using GET and POST data, if you go on to use them in queries make sure to properly validate it.

 

You could code it a bit cleaner and use a if else instead of if elseif.

[objN00B]

Thanks for the advice. As far as I know, GET method appends the values to the URL

while POST just passes the values using the HTTP protocol.

 

Someone can POST method data from any form to my .php script with improper

or malicious code.

 

My question is how can I validate the input came from my server or script? Is there

a global that holds any identifying information about where the data originated or

who passed the data?

 

This type of validation would not only generically validate the data using variable

checks code but also ensure the data ONLY came from a trusted source.

[POG1]

Take a look at $_SERVER['REQUEST_URI']