validation problem

[barrowvian]

Hi, ive been toying around with a simple validation form and have 2 out of 3 parts working. The only thing that isnt working is the date of birth part. Ive basically got a form that loops if invalid data is inserted and Im wanting the values of 'day', 'month' and 'year' to be recognised as errors and to continue if the values are anything else. Code is a little messy at the moment but Id appreciate it if someone could help me out, thanks

<?php include("includes/header.php"); ?>

<?php
// USER ENTERED VARIABLES
$firstname  = isset($_POST['firstname'])  ? trim($_POST['firstname'])  : '';
$surname  = isset($_POST['surname'])  ? trim($_POST['surname'])  : '';
$day = isset($_POST['day']); $month = isset($_POST['month']); $year = isset($_POST['year']);

// USER ENTERED VALIDATION
if (!preg_match("/^[a-zA-Z\-]{2,25}$/", $firstname)) $errorFirstname = true;
if (!preg_match("/^[a-zA-Z\-]{2,25}$/", $surname)) $errorSurname = true;
if ($day == 'day') $errorDob1 = true;
if ($month == 'month') $errorDob2 = true;
if ($year == 'year') $errorDob3 = true;

// FORM FUNCTION
function showForm($errorFirstname=false,$errorSurname=false, $errorDob1=false, $errorDob2=false, $errorDob3=false){
    if ($errorFirstname)  $errorTextFirstname  = "Invalid Entry (A-Z only)";
    if ($errorSurname) $errorTextSurname = "Invalid Entry (A-Z only)";
if ($errorDob1) $errorTextDob1 = "Invalid Day Entry";
if ($errorDob2) $errorTextDob2 = "Invalid Month Entry";
if ($errorDob3) $errorTextDob3 = "Invalid Year Entry";

    echo '<form action="createaccount.php" method="POST"><table>';

    echo '<table width="650" border="0" cellspacing="0" cellpadding="0">';
    
// FIRSTNAME
echo '<tr>
   			<td width="200"> First Name: </td>
    		<td width="200"> <input name="firstname" type="text" id="firstname" size="38"></td>
		<td width="250" align="center"> '; if ($errorFirstname) echo "$errorTextFirstname"; echo '</td>';
   			
    echo '</tr>';

// SURNAME
echo '<tr>
    		<td width="100"> Surname: </td>
    		<td width="200"> <input name="surname" type="text" id="surname" size="38"></td>
		<td width="250" align="center"> '; if ($errorSurname) echo "$errorTextSurname"; echo '</td>';
   			
    echo '</tr>';

// DATE OF BIRTH
echo '<tr>
    		<td width="100">Date of Birth: </td>
    		<td width="200">';
		// DAY
		echo '<select name="day" id="day">';
			echo '<option value="day">Day</option>';
			include("includes/day.php"); 
		echo '</select>';
		// MONTH
		echo '<select name="month" id="month">';
			echo '<option value="month">Month</option>';
			include("includes/month.php");
		echo '</select>';
		//YEAR
		echo '<select name="year" id="year">';
			echo '<option value="year">Year</option>';
			include("includes/year.php");
    		echo '</select>';
		echo '<td width="250" align="center">'; if ($errorDob1) echo "$errorTextDob1"; if ($errorDob2) echo "$errorTextDob2";if ($errorDob3) echo "$errorTextDob3";echo '</td>';
echo '</tr>';

    // SUBMIT AND END OF FORM
echo '<tr><td><input type="submit" name="SubmitForm" value="Send"></td></tr>';
    echo '<form>';
}


if (!isset($_POST['SubmitForm'])) {
   showForm();
} else {
   //Init error variables
   $errorFirstname  = false;
   $errorSurname = false;
   $errorDob1 = false; 
   $errorDob2 = false; 
   $errorDob3 = false;

   $firstname  = isset($_POST['firstname'])  ? trim($_POST['firstname'])  : '';
   $surname = isset($_POST['surname'])  ? trim($_POST['surname'])  : '';
   $day = isset($_POST['day']); $month = isset($_POST['month']); $year = isset($_POST['year']);   

   if (!preg_match("/^[a-zA-Z\-]{2,25}$/", $firstname)) $errorFirstname = true;
   if (!preg_match("/^[a-zA-Z\-]{2,25}$/", $surname)) $errorSurname = true;
if ($day == 'day') $errorDob1 = true;
if ($month == 'month') $errorDob2 = true;
if ($year == 'year') $errorDob3 = true;

   // Display the form again as there was an error
   if ($errorFirstname || $errorSurname || $errorDob1 || $errorDob2 || $errorDob3) {
      showForm($errorFirstname,$errorSurname, $errorDob1, $errorDob2, $errorDob3);
  echo $_POST['day'] . $_POST['month'] . $_POST['year'];
   } else {
      $dob = $_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day'];
  echo 'Submission was success!';
   }

}
?> 

 

[the182guy]

// USER ENTERED VARIABLES
$firstname  = isset($_POST['firstname'])  ? trim($_POST['firstname'])  : '';
$surname  = isset($_POST['surname'])  ? trim($_POST['surname'])  : '';

// this is wrong, you're only checking if they are set, not assigning the value to the variable
$day = isset($_POST['day']); $month = isset($_POST['month']); $year = isset($_POST['year']);

// use instead:
$day = isset($_POST['day']) ? $_POST['day'] : 0;
$month = isset($_POST['month']) ? $_POST['month'] : 0;
$year = isset($_POST['year']) ? $_POST['year'] : 0;


// USER ENTERED VALIDATION
if (!preg_match("/^[a-zA-Z\-]{2,25}$/", $firstname)) $errorFirstname = true;
if (!preg_match("/^[a-zA-Z\-]{2,25}$/", $surname)) $errorSurname = true;

if ($day == 'day') $errorDob1 = true;
if ($month == 'month') $errorDob2 = true;
if ($year == 'year') $errorDob3 = true;

 

I have modified the code above, see my comments.

 

Also, you should check the $day, $month and $year are actually valid values and not just checking that they are not 'day', 'month', 'year'.

 

For example $day must be a number between 1 and 31, but depending on your code, you could be using a two digit day e.g. 01,02,03,04. Same goes for month. To validate year you can check that it's an integer, then make sure it is say between 1900- date('Y') to get the current year. Or make sure it matches one of the years in your include.

[barrowvian]

Excellent! Thank you the182guy. Took your other advice on board and editing to make sure the data is valid