Jump to content

Recommended Posts

Hey I'm currently in the process of learning php and something has got me stumped. What I need to do is validate a html form and set a cookie that captures the auto id.

What I am having trouble with finding any validation code that doesn't use the echo statement due to the cookie.

 

form

<html>
<head>
<title> Get Customer Details </title>
</head>
<body>
<h3>Enter your details into the form and when you are ready click the submit button </h3>
<form method="post" action="http://localhost/custValidation.php">
Given Name: <input type="text" name="gname" size = "40">
Family Name: <input type="text" name ="fname" size="40"> <br/>
Email: <input type="text" name="email" value=username@domain.com> <br/>

<br />
<input type="submit" name="submit" value= "Submit">
<input type ="reset" name="reset" value ="Reset">
</form>
</body>
</html>

 

validation

<?php
if ($_POST["gname"] ==""){
$msg=$msg."( Please enter your first name  )<BR>";
$flag="NOTOK";
}

if ($_POST["fname"] =="") {
$msg=$msg."( Please enter user your last name  )<BR>";
$flag="NOTOK";   
}

if($_POST["email"] == ""){
$msg=$msg."( Please enter your email  )<BR>";
$flag="NOTOK";   
}
if($flag <>"OK"){
echo "<center>$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ 
}  
$conn = @mysql_connect("localhost", "root", "");
if (!$conn) {
die("Connection failed: " .mysql_error());
}

if (mysql_select_db("test", $conn)) {
;
}else {
die ("Could not locate test database" .mysql_error());
}  

$query = "CREATE TABLE IF NOT EXISTS customers
(id int not null auto_increment primary key,
givenName varchar(40), familyName varchar(40),
email varchar(60))";
if (mysql_query($query, $conn)) {
;
}else {
die ("Database query failed: " .mysql_error());
}

$query = "INSERT INTO customers (givenName, familyName, email)
VALUES ('$_POST[gname]', '$_POST[fname]', '$_POST[email]')";
if (mysql_query($query, $conn)) {
}else {
die ("Error inserting customer data: " .mysql_error());
}
$cid = mysql_insert_id($conn);
?>

This is the best I have so far but it also uses the echo statement.

Maybe instead or storing a message I should redirect them back to the form without a button.

 

I'm new to this so I'm probably forgetting something stupid but any help would be appreciated.

Link to comment
https://forums.phpfreaks.com/topic/180735-validating-a-simple-form/
Share on other sites

when you show the error message, just exit the script.

if($flag <>"OK"){

echo "<center>$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'></center>";

exit();

}

[/code]

 

I would use a boolean value for the $flag variable. instead of $flag = "ok" if there are no errors, set $flag = false. and if there are errors, do $flag = true. then you can just do

if ($flag){

 

but thats just personal preference

I am going to have to go with mikesta on this one, just show the error and exit the script that way you are not still trying to insert information into the database that is not there!

 

Also, why are you using so many if statements? Just combine them all into one using the || (or) operator.

 

Also instead of using all of those other if statements to check if you are connected to the database, just simplify them to only check for errors.

 

Here is your code after I tidied it up a bit and applied the fix that mikesta suggested:

 

<?php
if ($_POST["gname"] ==""||$_POST["fname"] ==""||$_POST["email"] == ""){
$msg=$msg."( Please enter your email  )<BR>";
$flag="NOTOK";   
}

if($flag <>"OK"){
  echo "<center>$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'></center>";
  exit();
}

if (!$conn = @mysql_connect("localhost", "root", "") {
  die("Connection failed: " .mysql_error());
}

if (!mysql_select_db("test", $conn)) {
  die ("Could not locate test database" .mysql_error());
}  

$query = "CREATE TABLE IF NOT EXISTS customers
(id int not null auto_increment primary key,
givenName varchar(40), familyName varchar(40),
email varchar(60))";

if (!mysql_query($query, $conn)) {
  die ("Database query failed: " .mysql_error());
}

$query = "INSERT INTO customers (givenName, familyName, email)
VALUES ('$_POST[gname]', '$_POST[fname]', '$_POST[email]')";

if (!mysql_query($query, $conn)) {
  die ("Error inserting customer data: " .mysql_error());
}

$cid = mysql_insert_id($conn);
?>

 

Oh, and one more thing, make sure you filter all of your variables before you put them into the database or you will leave yourself wide open for a SQL Injection attack.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.