what is wrong with my form submit code?

webguync · November 25, 2010

I have a form using PHP to submit to MySQL DB and also uses PHP for validation. It worked before I added the validation stuff, so something must be wrong, but I am not sure what. I don't get any errors.

Here is the code for the form

     <?php 
				include("validation.php");
				 ?>
				<form id="ContactForm" method="POST" action="">

	                <fieldset>
		                <div>
		                    <label>First Name</label>
		                    <input id="FirstName" name="FirstName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_FirstName; ?>" /> 

		                </div>
		                <div>
		                    <label>Last Name</label>
		                    <input id="LastName" name="LastName"  maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_LastName; ?>" />

		                </div>
	                </fieldset>
	                <fieldset>
		                <div>
		                    <label>User Name</label>
		                    <input id="UserName" name="UserName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_UserName; ?>" />

		                </div>
		                 <div>
		                    <label>Password</label>
		                    <input type="password" id="Password" name="Password"  maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_Password; ?>" />

		                </div>
		                <div>
		                    <label>Email</label>
		                    <input id="email" name="email"  maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_email; ?>" />

		                </div>
	                </fieldset>
	                <fieldset>
		                <div>
		                    <label>Zip Code</label>
		                    <input id="Zip" name="Zip"  maxlength="12" type="text" autocomplete="off" value="<?php echo $valid_Zip; ?>" />
		                   
		                </div>
		                 <div>
		                    <label>Birthday (mm/dd/yyyy format)</label>
		                    <input id="Birthday" name="Birthday"  maxlength="12" type="text" autocomplete="off" value="<?php echo $valid_DOB; ?>" />
		                    
		                </div>
		                   <div>
		                    <label>Security Question</label>
		                    <input id="Security" name="Security"  maxlength="255" type="text" autocomplete="off" value="<?php echo $valid_Security; ?>" />
		                  
		                </div>
	                </fieldset>
	            
	                <fieldset>
		                <div class="controls">
		                    <input id="submit" type="submit" name="submit" value="CREATE PROFILE"/>	
		                </div>
	                </fieldset>

	            </form>

and the validation and submit to DB

<?php
;
$db_user = "";

$db_pass = "";

$db = "";





$link = mysql_connect('localhost',$db_user,$db_pass);

$db_selected = mysql_select_db($db);

/*debugging*/



if (!$link) {

    die('Could not connect: ' . mysql_error());

}





if (!$db_selected) {

    die ('Can\'t use foo : ' . mysql_error());

}



if($_POST)
{
$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file
$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file
$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file
$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file
$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file
$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file
$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file
$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file 
// First Name
if (eregi('^[A-Za-z0-9 ]{3,20}$',$FirstName))
{
   $valid_FirstName=$FirstName;
}
else
{  
    $error_FirstName='Enter valid First Name.';  
}
// Last Name
if (eregi('^[A-Za-z0-9 ]{3,20}$',$LastName))
{
   $valid_LastName=$LastName;
}
else
{  
    $error_LastName='Enter valid Last Name.';  
}
// Email 
if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $email))
{
   $valid_email=$email; 
}
else
{  
    $error_email='Enter valid Email.';  
}
// Usename min 2 char max 20 char
if (eregi('^[A-Za-z0-9_]{3,20}$',$UserName))
{
   $valid_UserName=$UserName;
}
else
{  $error_UserName='Enter valid Username min 3 Chars.';
}

// Password min 6 char max 20 char

if (eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$Password))
{
  $valid_Password=$Password;
}
else
{  
    $error_Password='Enter valid Password min 6 Chars.';  
}

// Zip
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Zip))
{
   $valid_Zip=$Zip;
}
else
{  
    $error_Zip='Enter valid Zip Code.';  
}

// Security Phrase
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Security))
{
   $valid_Security=$Security;
}
else
{  
    $error_Security='Enter valid Security Phrase.';  
}

if((strlen($valid_FirstName)>0)&&(strlen($valid_LastName)>0)&&(strlen($valid_UserName)>0)&&(strlen($valid_Password)>0)&&(strlen($valid_email)>0)&&(strlen($valid_Zip)>0)&&(strlen($valid_DOB)>0) &&(strlen($valid_Security)>0) )
{
mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" );
header("Location:login.php");
}
else{ }

}
?>

revraz · November 25, 2010

Need to explain what the actual problem is. Saying it doesn't work doesn't help us.

webguync · November 25, 2010

the form doesn't submit and the validation error msg's aren't being triggered.

seanlim · November 25, 2010

How do you know the form doesn't submit? Does the next page not load when you click "CREATE PROFILE"?

From what i can see, the line else {} is causing the problem, as it contains no error handling code. You have placed error descriptions in error_* variables but you are doing nothing with them after i think.

At least have an exit("errors!") if it doesn't validate, just for debugging purposes to see the result of the conditional

webguync · November 25, 2010

yea, it doesn't take me to the login.php page and I don't see any data in the MySQL table so I know it isn't working.

I added error reporting to the page and I get warnings stating all of the $valid_* vars are undefined. But I think they are defined?


if((strlen($valid_FirstName)>0)&&(strlen($valid_LastName)>0)&&(strlen($valid_UserName)>0)&&(strlen($valid_Password)>0)&&(strlen($valid_email)>0)&&(strlen($valid_Zip)>0)&&(strlen($valid_Birthday)>0) &&(strlen($valid_Security)>0) )
{
mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`UserName`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" );
header("Location:login.php");
}
else{}

}

seanlim · November 25, 2010

your assumptions are wrong.

1. not taking you to the login page does not mean your "form doesn't submit"

2. neither does not seeing anything in the MySQL table mean your "form doesn't submit"

3. $valid_* = $* inside conditional does not always mean that $valid_* is defined. what if the condition(s) don't evaluate to true and the statements are not executed?

what i would suggest is, place the error descriptions in an array as such:

$error= array();
...
...
if(!eregi(......)){
$error['FirstName'] = "Invalid First Name";
}

after all the validation is done, check if $error array has any elements. if there are, show the errors and do not execute the MySQL query. if there are no errors, execute the MySQL query.

there isn't a need to over-complicate things by introducing $valid_* variables

webguync · November 26, 2010

is another way to debug what I already have? I don't want to redo the code if I don't have to.

seanlim · November 26, 2010

for every "(strlen($valid_*)>0)", add in a "isset($valid_*) &&" before it

so it'll be

if(isset($valid_FirstName) && strlen($valid_FirstName)>0 && isset($valid_LastName) && strlen($valid_lastName)>0...

webguync · November 26, 2010

thanks for the tip and the help so far. Using the if isset In all of my input fields I get an undefined variable notice which is what I got before.

trq · November 26, 2010

Post your current code.

webguync · November 26, 2010

<?php
ini_set("display_errors","1");

ERROR_REPORTING(E_ALL);
$db_user = "";

$db_pass = "";

$db = "";





$link = mysql_connect('localhost',$db_user,$db_pass);

$db_selected = mysql_select_db($db);

/*debugging*/



if (!$link) {

    die('Could not connect: ' . mysql_error());

}





if (!$db_selected) {

    die ('Can\'t use foo : ' . mysql_error());

}



if($_POST)
{
$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file
$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file
$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file
$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file
$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file
$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file
$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file
$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file 
// First Name
if (eregi('^[A-Za-z0-9 ]{3,20}$',$FirstName))
{
   $valid_FirstName=$FirstName;
}
else
{  
    $error_FirstName='Enter valid First Name.';  
}
// Last Name
if (eregi('^[A-Za-z0-9 ]{3,20}$',$LastName))
{
   $valid_LastName=$LastName;
}
else
{  
    $error_LastName='Enter valid Last Name.';  
}
// Email 
if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $email))
{
   $valid_email=$email; 
}
else
{  
    $error_email='Enter valid Email.';  
}
// Usename min 2 char max 20 char
if (eregi('^[A-Za-z0-9_]{3,20}$',$UserName))
{
   $valid_UserName=$UserName;
}
else
{  $error_UserName='Enter valid Username min 3 Chars.';
}

// Password min 6 char max 20 char

if (eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$Password))
{
  $valid_Password=$Password;
}
else
{  
    $error_Password='Enter valid Password min 6 Chars.';  
}

// Birthday
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Birthday))
{
   $valid_Birthday=$Birthday;
}
else
{  
    $error_Zip='Enter valid Zip Code.';  
}

// Zip
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Zip))
{
   $valid_Zip=$Zip;
}
else
{  
    $error_Zip='Enter valid Zip Code.';  
}

// Security Phrase
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Security))
{
   $valid_Security=$Security;
}
else
{  
    $error_Security='Enter valid Security Phrase.';  
}

if(isset($valid_FirstName)&&(strlen($valid_FirstName)>0)&&isset($valid_LastName)&&(strlen($valid_LastName)>0)&&isset($valid_UserName)&&(strlen($valid_UserName)>0)&&isset($valid_Password)&&(strlen($valid_Password)>0)&&isset($valid_email)&&(strlen($valid_email)>0)&&isset($valid_Zip)&&(strlen($valid_Zip)>0)&&isset($valid_Birthday)&&(strlen($valid_Birthday)>0) &&isset($valid_Security)&&(strlen($valid_Security)>0) )
{
mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`UserName`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" );
header("Location:login.php");
}
else{}

}
?>

trq · November 26, 2010

You need to check your variables are set way back where you first try and assign data to them. Where you do all your mysql_real_escape_string() stuff.

You should try to keep code to a max of around 140 chars wide too, its difficult to read otherwise.

webguync · November 26, 2010

would that be like this?

if($_POST)

{

isset($FirstName=mysql_real_escape_string($_POST['FirstName'])); //This value has to be the same as in the HTML form file

isset($LastName=mysql_real_escape_string($_POST['LastName']));

etc

}

trq · November 26, 2010

No.

if ($_POST) {
  if (isset($_POST['FirstName'])) {
    $FirstName = mysql_real_escape_string($_POST['FirstName']));
  }
  // etc etc

webguync · November 26, 2010

thanks.

Still get the undefined variable notice within the input fields.

<input id="FirstName" name="FirstName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_FirstName; ?>" />

trq · November 26, 2010

Where exactly are these input fields? There not in the code you posted.

webguync · November 26, 2010

sorry, they are here. The code I posted is in validation.php

[php[

<?php

include("validation.php");

?>

<div>

<label>First Name</label>

</div>

<div>

</div>

</fieldset>

<div>

</div>

<div>

<label>Password</label>

</div>

<div>

<label>Email</label>

</div>

</fieldset>

<div>

</div>

<div>

<label>Birthday (mm/dd/yyyy format)</label>

</div>

<div>

<label>Security Question</label>

</div>

</fieldset>

</div>

</fieldset>

</form>

[/code]

trq · November 26, 2010

Your logic is floored. By the time you get to your form you still have no way of knowing if those variables exist.

The easiest fix is probably just....

if (isset($_POST['FirstName'])) {
    $FirstName = mysql_real_escape_string($_POST['FirstName']));
  } else {
    $FirstName = "";
  }

webguync · November 26, 2010

and then remove

value="<?php echo $valid_FirstName; ?>"

etc from my form code?

trq · November 26, 2010

There would be no need to remove them if you provide sane defaults as my last post suggests.

webguync · November 26, 2010

ok b/c I did what you suggested but I still get the notices of undefined variable within the input fields.

current code

<?php
ini_set("display_errors","1");

ERROR_REPORTING(E_ALL);
$db_user = "";

$db_pass = "";

$db = "";





$link = mysql_connect('localhost',$db_user,$db_pass);

$db_selected = mysql_select_db($db);

/*debugging*/



if (!$link) {

    die('Could not connect: ' . mysql_error());

}





if (!$db_selected) {

    die ('Can\'t use foo : ' . mysql_error());

}



if($_POST)
{
if (isset($_POST['FirstName'])) {
    $FirstName = mysql_real_escape_string($_POST['FirstName']);
  }
  else {
    $FirstName = "";
  }
  if (isset($_POST['LastName'])) {
    $LastName = mysql_real_escape_string($_POST['LastName']);
  }
  else {
    $LastName = "";
  }
  if (isset($_POST['UserName'])) {
    $UserName = mysql_real_escape_string($_POST['UserName']);
  }
  else {
    $UserName = "";
  }
  
  if (isset($_POST['email'])) {
    $email = mysql_real_escape_string($_POST['email']);
  }
  else {
    $email = "";
  }
   if (isset($_POST['Password'])) {
    $Password = mysql_real_escape_string($_POST['Password']);
  }
  else {
    $Password = "";
  }
   if (isset($_POST['Zip'])) {
    $Zip = mysql_real_escape_string($_POST['Zip']);
  }
  else {
    $Zip = "";
  }
     if (isset($_POST['Birthday'])) {
    $Birthday = mysql_real_escape_string($_POST['Birthday']);
  }
  else {
    $Birthday = "";
  }
   if (isset($_POST['Security'])) {
    $Security = mysql_real_escape_string($_POST['Security']);
  }
  else {
    $Security = "";
  }

// First Name
if (eregi('^[A-Za-z0-9 ]{3,20}$',$FirstName))
{
   $valid_FirstName=$FirstName;
}
else
{  
    $error_FirstName='Enter valid First Name.';  
}
// Last Name
if (eregi('^[A-Za-z0-9 ]{3,20}$',$LastName))
{
   $valid_LastName=$LastName;
}
else
{  
    $error_LastName='Enter valid Last Name.';  
}
// Email 
if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $email))
{
   $valid_email=$email; 
}
else
{  
    $error_email='Enter valid Email.';  
}
// Usename min 2 char max 20 char
if (eregi('^[A-Za-z0-9_]{3,20}$',$UserName))
{
   $valid_UserName=$UserName;
}
else
{  $error_UserName='Enter valid Username min 3 Chars.';
}

// Password min 6 char max 20 char

if (eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$Password))
{
  $valid_Password=$Password;
}
else
{  
    $error_Password='Enter valid Password min 6 Chars.';  
}

// Birthday
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Birthday))
{
   $valid_Birthday=$Birthday;
}
else
{  
    $error_Zip='Enter valid Zip Code.';  
}

// Zip
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Zip))
{
   $valid_Zip=$Zip;
}
else
{  
    $error_Zip='Enter valid Zip Code.';  
}

// Security Phrase
if (eregi('^[A-Za-z0-9 ]{3,20}$',$Security))
{
   $valid_Security=$Security;
}
else
{  
    $error_Security='Enter valid Security Phrase.';  
}

if(isset($valid_FirstName)&&(strlen($valid_FirstName)>0)&&isset($valid_LastName)&&(strlen($valid_LastName)>0)&&isset($valid_UserName)&&(strlen($valid_UserName)>0)&&isset($valid_Password)&&(strlen($valid_Password)>0)&&isset($valid_email)&&(strlen($valid_email)>0)&&isset($valid_Zip)&&(strlen($valid_Zip)>0)&&isset($valid_Birthday)&&(strlen($valid_Birthday)>0) &&isset($valid_Security)&&(strlen($valid_Security)>0) )
{
mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`UserName`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" );
header("Location:login.php");
}
else{}

}
?>

Sign In

what is wrong with my form submit code?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information