Html Form Validation

[tobimichigan]

Please could someone help me with a tight code ad that can validate these fields? Please note there r 2 hidden fields, session and date.

 

<form action='Yearly_Entry_Action.php' method='post' enctype='multipart/form-data' name='register'>
  <table width='28%' border='0' align='center' cellpadding='0' cellspacing='0'>
    <tr>
      <td colspan='2'><div align='center'>
        <p><font size='2' face='verdana'>ADMIN_YEARLY_POST</font></p>
        </div></td>
    </tr>
    <tr>
      <td width='31%'> </td>
      <td width='69%'> </td>
    </tr>
    <tr>
      <td colspan='2'><hr></td>
    </tr>
    <tr>
      <td height='26'><font size='2' face='verdana'>MEMBER NAME</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='name'>
        </font></td>
    </tr>
    <tr>
      <td height='28'><font size='2'>DEPARTMENT</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='department'>
        </font></td>
    </tr>
    <tr>
      <td height='25'><font size='2'>PF. NO.</font> </td>
      <td><font size='2' face='verdana'>
        <input type='text' name='pfno'>
        </font></td>
    </tr>
   <tr>
      <td height='25'><font size='2'>SAVINGS</font><font size='2' face='verdana'></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='savings'>
        </font></td>
    </tr>
    <tr>
      <td height='25'><font size='2' face='verdana'>SHARES</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='shares'>
        </font></td>
    </tr>
    <tr>
      <td height='25'><font size='2' face='verdana'>OUTSTANDING LOAN BAL.</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='outloanbal'>
        </font></td>
    </tr>
    <tr>
      <td height='25'><font size='2' face='verdana'>LOAN REPAID IN YEAR</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='loanrepaid'>
        </font></td>
    </tr>
    <tr>
      <td height='25'><font size='2' face='verdana'>LOAN INTEREST</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='loanint'>
        </font></td>
    </tr>
    <tr>
      <td height='25'><font size='2' face='verdana'>ESSENCO</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='essenco'>
        </font></td>
    </tr>
<tr>
      <td height='25'><font size='2' face='verdana'>MONTH</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='month'>
        </font></td>
    </tr>
<tr>
      <td height='25'><font size='2' face='verdana'>YEAR</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='Year'>
        </font></td>
    </tr>
   <tr>
      <td height='25'><font size='2' face='verdana'></font></td>
      <td><font size='2' face='verdana'>
        <input type='hidden' name='date'>
        </font></td>
    </tr>
   <tr>
      <td height='25'><font size='2' face='verdana'></font></td>
      <td><font size='2' face='verdana'>
        <input type='hidden' name='session'>
        </font></td>
    </tr>
</tr>   
      <td> </td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='Submit' value='Record Yearly Report'>
        </font></td>
    </tr><tr>
      <td colspan='2'><hr></td>
    </tr>
    <tr>
      <td> </td>
      <td> </td>
    </tr>
  </table>
</form>

 

Here's the form-action field

 

<?php
include("cn.php");

session_start();

//mt_srand((double)microtime())*1000000;
$session=mt_srand();//create uniqiue sessionid

$date= addslashes($_POST['date']);	
$department = addslashes($_POST['department']);
$essenco=addslashes($_POST['essenco']);
$loanint =addslashes($_POST['loanint']);
$loanrepaid =addslashes($_POST['loanrepaid']);
$month=addslashes($_POST['month']);
$name=addslashes($_POST['name']);
$outloanbal=addslashes($_POST['outloanbal']);
$pfno=addslashes($_POST['pfno']);
$savings=addslashes($_POST['savings']);
$session=addslashes($_POST['session']);
$shares=addslashes($_POST['shares']);
$Year=addslashes($_POST['Year']);		

var_dump($session); die();
$sql= "Insert into yearly_reports(date, department,essenco,loanint,loanrepaid,month,name,outloanbal,pfno,savings,session,shares,Year) values(SYSDATE(),'$department','$essenco','$loanint','$loanrepaid','$month','$name','$outloanbal','$pfno','$savings','$session','$shares','$Year')" or die .mysql_error();  

//$result=mysql_query($sql) or die .mysql_error();		                            
if (!mysql_query($sql))
{
  die('Error: ' . mysql_error()."  SQL: ".$sql);
  }
echo ("1 record added");
?>

 

Very targeted validation would be highly appreciated. Thank you gurus...

[GingerRobot]

If you would like someone to do this for you, i suggest you post it in the freelance board. Otherwise, i suggest you try a little harder. "Here's my code, please finish it for me" is unlikely to cut it.

[mikesta707]

Do you have a specific validation method or do you just want to cleanse the input before you put in the database to protect against SQL injection?

 

here is an example function

http://www.roscripts.com/Protect_against_SQL_Injection-72.html

[waynewex]

Use mysql_real_escape_string() instead of addslashes().

Use the check date function to check if any dates are valid.

Make sure that numbers are actually numbers.

Check if all non-optional fields are filled out.

[tobimichigan]

If you would like someone to do this for you, i suggest you post it in the freelance board. Otherwise, i suggest you try a little harder. "Here's my code, please finish it for me" is unlikely to cut it.

 

Mind you, I already have a validation script, but there r 2 hidden fields namely date-registered, and session. Here's my validation script:

 

<?php
if ($_GET["op"]=="reg")
{$blnFlag=false;
foreach ($_POST as $field)
{
if ($field=="")
{$blnputflag=false;
}else
{$blnputflag=true;
}
}
}
if ($blnputflag==false)
{
die("Problem with your registration info."
."Please go back and try again.");
}
?>

 

Hence I want a code-remodification that can validate these forms without tampering with the hidden fields.

[GingerRobot]

Hence I want a code-remodification that can validate these forms without tampering with the hidden fields.

 

Just because a field is hidden, you cannot rely on it. A malicious user could still tamper with the data. You need to validate hidden fields also

[tobimichigan]

That is what I need help for...at least it shows I have done mine homework.