tobimichigan Posted July 30, 2009 Share Posted July 30, 2009 Please could someone help me with a tight code ad that can validate these fields? Please note there r 2 hidden fields, session and date. <form action='Yearly_Entry_Action.php' method='post' enctype='multipart/form-data' name='register'> <table width='28%' border='0' align='center' cellpadding='0' cellspacing='0'> <tr> <td colspan='2'><div align='center'> <p><font size='2' face='verdana'>ADMIN_YEARLY_POST</font></p> </div></td> </tr> <tr> <td width='31%'> </td> <td width='69%'> </td> </tr> <tr> <td colspan='2'><hr></td> </tr> <tr> <td height='26'><font size='2' face='verdana'>MEMBER NAME</font></td> <td><font size='2' face='verdana'> <input type='text' name='name'> </font></td> </tr> <tr> <td height='28'><font size='2'>DEPARTMENT</font></td> <td><font size='2' face='verdana'> <input type='text' name='department'> </font></td> </tr> <tr> <td height='25'><font size='2'>PF. NO.</font> </td> <td><font size='2' face='verdana'> <input type='text' name='pfno'> </font></td> </tr> <tr> <td height='25'><font size='2'>SAVINGS</font><font size='2' face='verdana'></td> <td><font size='2' face='verdana'> <input type='text' name='savings'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>SHARES</font></td> <td><font size='2' face='verdana'> <input type='text' name='shares'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>OUTSTANDING LOAN BAL.</font></td> <td><font size='2' face='verdana'> <input type='text' name='outloanbal'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>LOAN REPAID IN YEAR</font></td> <td><font size='2' face='verdana'> <input type='text' name='loanrepaid'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>LOAN INTEREST</font></td> <td><font size='2' face='verdana'> <input type='text' name='loanint'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>ESSENCO</font></td> <td><font size='2' face='verdana'> <input type='text' name='essenco'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>MONTH</font></td> <td><font size='2' face='verdana'> <input type='text' name='month'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'>YEAR</font></td> <td><font size='2' face='verdana'> <input type='text' name='Year'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'></font></td> <td><font size='2' face='verdana'> <input type='hidden' name='date'> </font></td> </tr> <tr> <td height='25'><font size='2' face='verdana'></font></td> <td><font size='2' face='verdana'> <input type='hidden' name='session'> </font></td> </tr> </tr> <td> </td> <td><font size='2' face='verdana'> <input type='submit' name='Submit' value='Record Yearly Report'> </font></td> </tr><tr> <td colspan='2'><hr></td> </tr> <tr> <td> </td> <td> </td> </tr> </table> </form> Here's the form-action field <?php include("cn.php"); session_start(); //mt_srand((double)microtime())*1000000; $session=mt_srand();//create uniqiue sessionid $date= addslashes($_POST['date']); $department = addslashes($_POST['department']); $essenco=addslashes($_POST['essenco']); $loanint =addslashes($_POST['loanint']); $loanrepaid =addslashes($_POST['loanrepaid']); $month=addslashes($_POST['month']); $name=addslashes($_POST['name']); $outloanbal=addslashes($_POST['outloanbal']); $pfno=addslashes($_POST['pfno']); $savings=addslashes($_POST['savings']); $session=addslashes($_POST['session']); $shares=addslashes($_POST['shares']); $Year=addslashes($_POST['Year']); var_dump($session); die(); $sql= "Insert into yearly_reports(date, department,essenco,loanint,loanrepaid,month,name,outloanbal,pfno,savings,session,shares,Year) values(SYSDATE(),'$department','$essenco','$loanint','$loanrepaid','$month','$name','$outloanbal','$pfno','$savings','$session','$shares','$Year')" or die .mysql_error(); //$result=mysql_query($sql) or die .mysql_error(); if (!mysql_query($sql)) { die('Error: ' . mysql_error()." SQL: ".$sql); } echo ("1 record added"); ?> Very targeted validation would be highly appreciated. Thank you gurus... Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 30, 2009 Share Posted July 30, 2009 If you would like someone to do this for you, i suggest you post it in the freelance board. Otherwise, i suggest you try a little harder. "Here's my code, please finish it for me" is unlikely to cut it. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted July 30, 2009 Share Posted July 30, 2009 Do you have a specific validation method or do you just want to cleanse the input before you put in the database to protect against SQL injection? here is an example function http://www.roscripts.com/Protect_against_SQL_Injection-72.html Quote Link to comment Share on other sites More sharing options...
waynew Posted July 30, 2009 Share Posted July 30, 2009 Use mysql_real_escape_string() instead of addslashes(). Use the check date function to check if any dates are valid. Make sure that numbers are actually numbers. Check if all non-optional fields are filled out. Quote Link to comment Share on other sites More sharing options...
tobimichigan Posted August 3, 2009 Author Share Posted August 3, 2009 If you would like someone to do this for you, i suggest you post it in the freelance board. Otherwise, i suggest you try a little harder. "Here's my code, please finish it for me" is unlikely to cut it. Mind you, I already have a validation script, but there r 2 hidden fields namely date-registered, and session. Here's my validation script: <?php if ($_GET["op"]=="reg") {$blnFlag=false; foreach ($_POST as $field) { if ($field=="") {$blnputflag=false; }else {$blnputflag=true; } } } if ($blnputflag==false) { die("Problem with your registration info." ."Please go back and try again."); } ?> Hence I want a code-remodification that can validate these forms without tampering with the hidden fields. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 3, 2009 Share Posted August 3, 2009 Hence I want a code-remodification that can validate these forms without tampering with the hidden fields. Just because a field is hidden, you cannot rely on it. A malicious user could still tamper with the data. You need to validate hidden fields also Quote Link to comment Share on other sites More sharing options...
tobimichigan Posted August 3, 2009 Author Share Posted August 3, 2009 That is what I need help for...at least it shows I have done mine homework. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.