newbtophp Posted September 1, 2009 Share Posted September 1, 2009 Im have a really bad day. I've got a form, when its filled in and the visitor clicks submit, i want it too validate the number field, so its correct. The validation format would be: the number must be 10 characters in length or below, only numbers and no spaces. So if it contains non numeric characters they are removed aswell as the spaces. I've tried using str replace to clear the space, but was wondering is their any easier way of what im doing? <form action='mail.php' name="myForm" method='post'> Number<br> <? // This field (number) needs to be validated before submitted ?> <input id='number' name="number" class='ptext' size='55'><br> Data<br> <select name='data' id='data' class='ptext'> <option value="" selected>- Data -</option> <?php $sql = "SELECT * FROM data"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { ?> <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option> <? } ?> </p> </br> </select><br> Subject<br> <input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br> Your Email<br> <input id='from' type='text' name='from' value='' class='ptext' size='55'/><br> Message<br> <textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br> <input type='submit' class='psubm' name="submit" value='Submit'> </form> Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/ Share on other sites More sharing options...
Philip Posted September 1, 2009 Share Posted September 1, 2009 I typically just reject the form and make them fill it out again. I can't always read their mind, so how do I know they didn't just read the question wrong? Plus, I like making my visitors work for their bandwidth. Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910004 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 I typically just reject the form and make them fill it out again. I can't always read their mind, so how do I know they didn't just read the question wrong? Plus, I like making my visitors work for their bandwidth. So if them propertys which i mentioned above were their, how would i reject the form from submitting and to echo the error? example please im interested ^^ Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910008 Share on other sites More sharing options...
Philip Posted September 1, 2009 Share Posted September 1, 2009 This is what I've done in the past, using $ERROR as an array of any errors they had... <?php if(!empty($_POST)) { // do your processing... if(!is_numeric($_POST['num'])) { $ERROR[] = 'Numeric field needs to be numeric'; } if(!isset($ERROR) || empty($ERROR)) { // no errors // send to db or whatever // redirect if wanted } } if(isset($ERROR) && is_array($ERROR)) { echo'Errors:'; foreach($ERROR as $error) { echo $error,'<br>'; } } ?> <form> ... </form> Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910013 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 Thanks!, I tried: <?php if(!empty($_POST)) { // do your processing... if(!is_numeric($_POST['number'])) { $ERROR[] = 'Numeric field needs to be numeric'; } if(!isset($ERROR) || empty($ERROR)) { // no errors // send to db or whatever // redirect if wanted } } if(isset($ERROR) && is_array($ERROR)) { echo'YOU GOT AN ERROR!:'; foreach($ERROR as $error) { echo $error,'<br>'; } } ?> <form action='mail.php' name="myForm" method='post'> Number<br> <? // This field (number) needs to be validated before submitted ?> <input id='number' name="number" class='ptext' size='55'><br> Data<br> <select name='data' id='data' class='ptext'> <option value="" selected>- Data -</option> <?php $sql = "SELECT * FROM data"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { ?> <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option> <? } ?> </p> </br> </select><br> Subject<br> <input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br> Your Email<br> <input id='from' type='text' name='from' value='' class='ptext' size='55'/><br> Message<br> <textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br> <input type='submit' class='psubm' name="submit" value='Submit'> </form> But even if the number field contains other character it still proceeds to mail.php Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910016 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 try this <?php $valid = false; //check it has a value if(!empty($_POST['number'])) { //remove unwanted (leave numbers only) $num = preg_replace('/[^\d]/', '', $_POST['number']); //only valid if its 0 to 10 numbers only $valid = (bool)preg_match('/^\d{0,10}$/', $num); } var_dump($valid); ?> 0123456789 = valid 0123456789abcd = valid (with clean up used) 01234567890 = not valid (11 numbers) 123 = valid 123abc = valid(with clean up used) Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910026 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 @ MadTechie It dont work either, the form still executes. Also it says "bool(false)" Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910037 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 What was the input? Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910039 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 What was the input? this: 01234567890 Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910043 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 that's 11 numbers, thus is more than 10 the number must be 10 characters in length or below, Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910047 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 that's 11 numbers, thus is more than 10 the number must be 10 characters in length or below, yes i tested 11 to see if the submission can still be posted and it worked, i tested 10 numbers it worked which is great, i also tested 11 numbers and it worked. Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910054 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 Can you post the code, Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910056 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 <?php $valid = false; //check it has a value if(!empty($_POST['number'])) { //remove unwanted (leave numbers only) $num = preg_replace('/[^\d]/', '', $_POST['number']); //only valid if its 0 to 10 numbers only $valid = (bool)preg_match('/^\d{0,10}$/', $num); } var_dump($valid); ?> <form action='mail.php' name="myForm" method='post'> Number<br> <? // This field (number) needs to be validated before submitted ?> <input id='number' name="number" class='ptext' size='55'><br> Data<br> <select name='data' id='data' class='ptext'> <option value="" selected>- Data -</option> <?php $sql = "SELECT * FROM data"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { ?> <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option> <? } ?> </p> </br> </select><br> Subject<br> <input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br> Your Email<br> <input id='from' type='text' name='from' value='' class='ptext' size='55'/><br> Message<br> <textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br> <input type='submit' class='psubm' name="submit" value='Submit'> </form> Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910060 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 okay var_dump($valid); should be replaced with your error capturing ie if(!$valid) echo "ERROR: in-valid number"; Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910062 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 okay var_dump($valid); should be replaced with your error capturing ie if(!$valid) echo "ERROR: in-valid number"; It displays: ERROR: in-valid number above my form even though i didnt fill anything in, do I have to add that in mail.php? Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910064 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 you need to put it where you deal with the posted data, (from looking at your form), I would have to say yes, it goes in the mail.php script Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910066 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 Ok I've added it to mail.php This is the contents of mail.php: <?php $valid = false; //check it has a value if(!empty($_POST['number'])) { //remove unwanted (leave numbers only) $num = preg_replace('/[^\d]/', '', $_POST['number']); //only valid if its 0 to 10 numbers only $valid = (bool)preg_match('/^\d{0,10}$/', $num); } if(!$valid) echo "ERROR: in-valid number"; ?> <?php session_start(); if (strtoupper($_POST['code']) != substr(strtoupper(md5("Mytext".$_SESSION["sessioncode"])), 0,6)) { ?> <?php include 'templates/header.php';?> <BR> <BR> Please fill in all fields correctly. Click <a href="../index.php">here</a> to go back. <BR> <BR> <?php include 'templates/footer.php'; ?> <?php unset($_SESSION["sessioncode"]); exit; } //valid code start here $number=$_POST['number']; $data=$_POST['data']; $from=$_POST['from']; $subject=$_POST['subject']; $message=$_POST['message']; $day = date("mdy"); $ip = gethostbyname($_SERVER['REMOTE_ADDR']); include("config.php"); $checkuses=mysql_num_rows(mysql_query("select * from users where ip='$ip' and day='$day'")); if($checkuses >= $alloweduses) { echo "Sorry, you have used all of your free messages for today. Come back tomorrow."; unset($_SESSION["sessioncode"]); exit; } else { $query = "INSERT INTO users VALUES ('$ip','$number','$day')"; $result = mysql_query($query) or die("Unable to Add IP Entry"); } $sql = "SELECT * FROM data WHERE id = '$data'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $email = $row["email"]; $to = $number . $email; $number = $_REQUEST['number'] ; $headerstouse=''; $headers = $headerstouse; $message = $message; mail ($to, $subject, $message, $headers); include 'templates/header.php'; echo "<BR><BR>Sent!<br>"; echo "<b>TO:</b> ".$number."<br>"; echo "<b>FROM:</b> ".$from."<br>"; echo "<b>SUBJECT:</b> ".$subject."<br>"; echo "<b>MESSAGE:</b> ".$message."<br><br>"; echo "Click <a href=\"".$_SERVER['HTTP_REFERER']."\">here</a> to go back and send another message.<BR><BR>"; include 'templates/footer.php'; //prevent reuse session (bypass captcha) unset($_SESSION["sessioncode"]); ?> Now it say invalid number if its invalid number, but doesnt reject the script from executing the mail. Would die("Error!") do the trick? Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910082 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 as your other errors use die then that would be okay I guess Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910083 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 as your other errors use die then that would be okay I guess Ok thanks I got a question, from mail.php can you spot any security weaknesses like xss or sql inject?, and their solutions, because I heard INSERT into and $_POST can be vulnerable. Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910085 Share on other sites More sharing options...
MadTechie Posted September 1, 2009 Share Posted September 1, 2009 on any SQL you should use mysql_real_escape_string(); on your strings and convert your integers to integers and floats to floats the number is safe providing filter is used before the sql statement, also the date is safe, anything from the user is unsafe Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910087 Share on other sites More sharing options...
newbtophp Posted September 1, 2009 Author Share Posted September 1, 2009 Ok thanks for all your help! Thanks MadTechie and thanks KingPhilip! Topic Solved Link to comment https://forums.phpfreaks.com/topic/172637-solved-validate-a-numeric-field/#findComment-910089 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.