Jump to content

Recommended Posts

Im have a really bad day. I've got a form, when its filled in and the visitor clicks submit, i want it too validate the number field, so its correct.

 

The validation format would be:

the number must be 10 characters in length or below, only numbers and no spaces. So if it contains non numeric characters they are removed aswell as the spaces.

 

I've tried using str replace to clear the space, but was wondering is their any easier way of what im doing?

 

<form action='mail.php' name="myForm" method='post'>
Number<br>

<? // This field (number) needs to be validated before submitted ?>
<input id='number' name="number"  class='ptext' size='55'><br>

Data<br>

<select name='data' id='data' class='ptext'>

                              <option value="" selected>- Data -</option>
<?php
$sql = "SELECT * FROM data";
$result = mysql_query($sql); 
while($row = mysql_fetch_array($result)) {
?>
                              <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option>
						  <?
}
?>                  </p>
</br>

</select><br>

Subject<br>

<input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br>

Your Email<br>

<input id='from' type='text' name='from' value='' class='ptext' size='55'/><br>

Message<br>
<textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br>

          
<input type='submit' class='psubm' name="submit" value='Submit'>
</form>

Link to comment
https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/
Share on other sites

I typically just reject the form and make them fill it out again. I can't always read their mind, so how do I know they didn't just read the question wrong?

 

Plus, I like making my visitors work for their bandwidth. :P

 

So if them propertys which i mentioned above were their, how would i reject the form from submitting and to echo the error?

 

example please

 

im interested ^^

This is what I've done in the past, using $ERROR as an array of any errors they had...

<?php
if(!empty($_POST)) {
// do your processing...
if(!is_numeric($_POST['num'])) {
	$ERROR[] = 'Numeric field needs to be numeric';
}

if(!isset($ERROR) || empty($ERROR)) {
	// no errors
	// send to db or whatever

	// redirect if wanted
}
}

if(isset($ERROR) && is_array($ERROR)) {
echo'Errors:';
foreach($ERROR as $error) {
	echo $error,'<br>';
}
}
?>
<form>
...
</form>

Thanks!, I tried:

 

<?php
if(!empty($_POST)) {
   // do your processing...
   if(!is_numeric($_POST['number'])) {
      $ERROR[] = 'Numeric field needs to be numeric';
   }
   
   if(!isset($ERROR) || empty($ERROR)) {
      // no errors
      // send to db or whatever
      
      // redirect if wanted
   }
}

if(isset($ERROR) && is_array($ERROR)) {
   echo'YOU GOT AN ERROR!:';
   foreach($ERROR as $error) {
      echo $error,'<br>';
   }
}
?>
<form action='mail.php' name="myForm" method='post'>
Number<br>

<? // This field (number) needs to be validated before submitted ?>
<input id='number' name="number"  class='ptext' size='55'><br>

Data<br>

<select name='data' id='data' class='ptext'>

                              <option value="" selected>- Data -</option>
<?php
$sql = "SELECT * FROM data";
$result = mysql_query($sql); 
while($row = mysql_fetch_array($result)) {
?>
                              <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option>
                       <?
}
?>                  </p>
</br>

</select><br>

Subject<br>

<input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br>

Your Email<br>

<input id='from' type='text' name='from' value='' class='ptext' size='55'/><br>

Message<br>
<textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br>

         
<input type='submit' class='psubm' name="submit" value='Submit'>
</form>

 

But even if the number field contains other character it still proceeds to mail.php

try this

 

<?php
$valid = false;
//check it has a value
if(!empty($_POST['number']))
{
//remove unwanted (leave numbers only)
$num = preg_replace('/[^\d]/', '', $_POST['number']);

//only valid if its 0 to 10 numbers only
$valid = (bool)preg_match('/^\d{0,10}$/', $num);
}

var_dump($valid);
?>

 

0123456789 = valid

0123456789abcd = valid (with clean up used)

01234567890 = not valid (11 numbers)

123 = valid

123abc = valid(with clean up used)

that's 11 numbers, thus is more than 10

the number must be 10 characters in length or below,

 

yes i tested 11 to see if the submission can still be posted and it worked, i tested 10 numbers it worked which is great, i also tested 11 numbers and it worked.

 

<?php
$valid = false;
//check it has a value
if(!empty($_POST['number']))
{



//remove unwanted (leave numbers only)



$num = preg_replace('/[^\d]/', '', $_POST['number']);



//only valid if its 0 to 10 numbers only



$valid = (bool)preg_match('/^\d{0,10}$/', $num);
}

var_dump($valid);
?>
<form action='mail.php' name="myForm" method='post'>
Number<br>

<? // This field (number) needs to be validated before submitted ?>
<input id='number' name="number"  class='ptext' size='55'><br>

Data<br>

<select name='data' id='data' class='ptext'>

                              <option value="" selected>- Data -</option>
<?php
$sql = "SELECT * FROM data";
$result = mysql_query($sql); 
while($row = mysql_fetch_array($result)) {
?>
                              <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option>
                       <?
}
?>                  </p>
</br>

</select><br>

Subject<br>

<input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br>

Your Email<br>

<input id='from' type='text' name='from' value='' class='ptext' size='55'/><br>

Message<br>
<textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br>

         
<input type='submit' class='psubm' name="submit" value='Submit'>
</form>

 

 

okay

var_dump($valid);

should be replaced with your error capturing

ie

if(!$valid) echo "ERROR: in-valid number";

 

It displays:

 

ERROR: in-valid number

 

above my form even though i didnt fill anything in, do I have to add that in mail.php?

 

Ok I've added it to mail.php

 

This is the contents of mail.php:

 

<?php
$valid = false;
//check it has a value
if(!empty($_POST['number']))
{

   

//remove unwanted (leave numbers only)

   

$num = preg_replace('/[^\d]/', '', $_POST['number']);

   

//only valid if its 0 to 10 numbers only

   

$valid = (bool)preg_match('/^\d{0,10}$/', $num);
}

if(!$valid) echo "ERROR: in-valid number";
?>

<?php
session_start();
if (strtoupper($_POST['code']) != substr(strtoupper(md5("Mytext".$_SESSION["sessioncode"])), 0,6)) 
{
?>
<?php include 'templates/header.php';?>
<BR>
<BR>
Please fill in all fields correctly. Click <a href="../index.php">here</a> to go back.
<BR>
<BR>
<?php include 'templates/footer.php'; ?>
<?php
unset($_SESSION["sessioncode"]);
exit;
}
//valid code start here
$number=$_POST['number'];
$data=$_POST['data'];
$from=$_POST['from'];
$subject=$_POST['subject'];
$message=$_POST['message'];
$day = date("mdy");
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);

include("config.php"); 
$checkuses=mysql_num_rows(mysql_query("select * from users where ip='$ip' and day='$day'"));

if($checkuses >= $alloweduses) {
echo "Sorry, you have used all of your free messages for today. Come back tomorrow.";
unset($_SESSION["sessioncode"]);
exit;
} 
else {
$query = "INSERT INTO users VALUES ('$ip','$number','$day')";
$result = mysql_query($query) or die("Unable to Add IP Entry");
}
$sql = "SELECT * FROM data WHERE id = '$data'";
$result = mysql_query($sql); 
$row = mysql_fetch_array($result);
$email = $row["email"];
$to = $number . $email;
$number = $_REQUEST['number'] ;
$headerstouse='';
$headers = $headerstouse;
$message = $message;
mail ($to, $subject, $message, $headers);
include 'templates/header.php';
echo "<BR><BR>Sent!<br>";
echo "<b>TO:</b> ".$number."<br>";
echo "<b>FROM:</b> ".$from."<br>";
echo "<b>SUBJECT:</b> ".$subject."<br>";
echo "<b>MESSAGE:</b> ".$message."<br><br>";
echo "Click <a href=\"".$_SERVER['HTTP_REFERER']."\">here</a> to go back and send another message.<BR><BR>";
include 'templates/footer.php';
//prevent reuse session (bypass captcha)
unset($_SESSION["sessioncode"]);
?>

 

Now it say invalid number if its invalid number, but doesnt reject the script from executing the mail.

 

Would die("Error!") do the trick?

as your other errors use die then that would be okay I guess

 

Ok thanks

 

I got a question, from mail.php can you spot any security weaknesses like xss or sql inject?, and their solutions, because I heard INSERT into and $_POST can be vulnerable.

on any SQL you should use mysql_real_escape_string(); on your strings and convert your integers to integers and floats to floats

 

the number is safe providing filter is used before the sql statement, also the date is safe, anything from the user is unsafe

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.