Heed Posted November 8, 2009 Share Posted November 8, 2009 Hey I'm currently in the process of learning php and something has got me stumped. What I need to do is validate a html form and set a cookie that captures the auto id. What I am having trouble with finding any validation code that doesn't use the echo statement due to the cookie. form <html> <head> <title> Get Customer Details </title> </head> <body> <h3>Enter your details into the form and when you are ready click the submit button </h3> <form method="post" action="http://localhost/custValidation.php"> Given Name: <input type="text" name="gname" size = "40"> Family Name: <input type="text" name ="fname" size="40"> <br/> Email: <input type="text" name="email" [email protected]> <br/> <br /> <input type="submit" name="submit" value= "Submit"> <input type ="reset" name="reset" value ="Reset"> </form> </body> </html> validation <?php if ($_POST["gname"] ==""){ $msg=$msg."( Please enter your first name )<BR>"; $flag="NOTOK"; } if ($_POST["fname"] =="") { $msg=$msg."( Please enter user your last name )<BR>"; $flag="NOTOK"; } if($_POST["email"] == ""){ $msg=$msg."( Please enter your email )<BR>"; $flag="NOTOK"; } if($flag <>"OK"){ echo "<center>$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'></center>"; }else{ } $conn = @mysql_connect("localhost", "root", ""); if (!$conn) { die("Connection failed: " .mysql_error()); } if (mysql_select_db("test", $conn)) { ; }else { die ("Could not locate test database" .mysql_error()); } $query = "CREATE TABLE IF NOT EXISTS customers (id int not null auto_increment primary key, givenName varchar(40), familyName varchar(40), email varchar(60))"; if (mysql_query($query, $conn)) { ; }else { die ("Database query failed: " .mysql_error()); } $query = "INSERT INTO customers (givenName, familyName, email) VALUES ('$_POST[gname]', '$_POST[fname]', '$_POST[email]')"; if (mysql_query($query, $conn)) { }else { die ("Error inserting customer data: " .mysql_error()); } $cid = mysql_insert_id($conn); ?> This is the best I have so far but it also uses the echo statement. Maybe instead or storing a message I should redirect them back to the form without a button. I'm new to this so I'm probably forgetting something stupid but any help would be appreciated. Link to comment https://forums.phpfreaks.com/topic/180735-validating-a-simple-form/ Share on other sites More sharing options...
mikesta707 Posted November 8, 2009 Share Posted November 8, 2009 when you show the error message, just exit the script. if($flag <>"OK"){ echo "<center>$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'></center>"; exit(); } [/code] I would use a boolean value for the $flag variable. instead of $flag = "ok" if there are no errors, set $flag = false. and if there are errors, do $flag = true. then you can just do if ($flag){ but thats just personal preference Link to comment https://forums.phpfreaks.com/topic/180735-validating-a-simple-form/#findComment-953538 Share on other sites More sharing options...
Heed Posted November 10, 2009 Author Share Posted November 10, 2009 but I can't exit the script then as there is more php that needs to be done. I also need to insert the data from the forms into a table in my database. Link to comment https://forums.phpfreaks.com/topic/180735-validating-a-simple-form/#findComment-954626 Share on other sites More sharing options...
darkvengance Posted November 10, 2009 Share Posted November 10, 2009 I am going to have to go with mikesta on this one, just show the error and exit the script that way you are not still trying to insert information into the database that is not there! Also, why are you using so many if statements? Just combine them all into one using the || (or) operator. Also instead of using all of those other if statements to check if you are connected to the database, just simplify them to only check for errors. Here is your code after I tidied it up a bit and applied the fix that mikesta suggested: <?php if ($_POST["gname"] ==""||$_POST["fname"] ==""||$_POST["email"] == ""){ $msg=$msg."( Please enter your email )<BR>"; $flag="NOTOK"; } if($flag <>"OK"){ echo "<center>$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'></center>"; exit(); } if (!$conn = @mysql_connect("localhost", "root", "") { die("Connection failed: " .mysql_error()); } if (!mysql_select_db("test", $conn)) { die ("Could not locate test database" .mysql_error()); } $query = "CREATE TABLE IF NOT EXISTS customers (id int not null auto_increment primary key, givenName varchar(40), familyName varchar(40), email varchar(60))"; if (!mysql_query($query, $conn)) { die ("Database query failed: " .mysql_error()); } $query = "INSERT INTO customers (givenName, familyName, email) VALUES ('$_POST[gname]', '$_POST[fname]', '$_POST[email]')"; if (!mysql_query($query, $conn)) { die ("Error inserting customer data: " .mysql_error()); } $cid = mysql_insert_id($conn); ?> Oh, and one more thing, make sure you filter all of your variables before you put them into the database or you will leave yourself wide open for a SQL Injection attack. Link to comment https://forums.phpfreaks.com/topic/180735-validating-a-simple-form/#findComment-954643 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.