webguync Posted November 25, 2010 Share Posted November 25, 2010 I have a form using PHP to submit to MySQL DB and also uses PHP for validation. It worked before I added the validation stuff, so something must be wrong, but I am not sure what. I don't get any errors. Here is the code for the form <?php include("validation.php"); ?> <form id="ContactForm" method="POST" action=""> <fieldset> <div> <label>First Name</label> <input id="FirstName" name="FirstName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_FirstName; ?>" /> </div> <div> <label>Last Name</label> <input id="LastName" name="LastName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_LastName; ?>" /> </div> </fieldset> <fieldset> <div> <label>User Name</label> <input id="UserName" name="UserName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_UserName; ?>" /> </div> <div> <label>Password</label> <input type="password" id="Password" name="Password" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_Password; ?>" /> </div> <div> <label>Email</label> <input id="email" name="email" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_email; ?>" /> </div> </fieldset> <fieldset> <div> <label>Zip Code</label> <input id="Zip" name="Zip" maxlength="12" type="text" autocomplete="off" value="<?php echo $valid_Zip; ?>" /> </div> <div> <label>Birthday (mm/dd/yyyy format)</label> <input id="Birthday" name="Birthday" maxlength="12" type="text" autocomplete="off" value="<?php echo $valid_DOB; ?>" /> </div> <div> <label>Security Question</label> <input id="Security" name="Security" maxlength="255" type="text" autocomplete="off" value="<?php echo $valid_Security; ?>" /> </div> </fieldset> <fieldset> <div class="controls"> <input id="submit" type="submit" name="submit" value="CREATE PROFILE"/> </div> </fieldset> </form> and the validation and submit to DB <?php ; $db_user = ""; $db_pass = ""; $db = ""; $link = mysql_connect('localhost',$db_user,$db_pass); $db_selected = mysql_select_db($db); /*debugging*/ if (!$link) { die('Could not connect: ' . mysql_error()); } if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } if($_POST) { $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file // First Name if (eregi('^[A-Za-z0-9 ]{3,20}$',$FirstName)) { $valid_FirstName=$FirstName; } else { $error_FirstName='Enter valid First Name.'; } // Last Name if (eregi('^[A-Za-z0-9 ]{3,20}$',$LastName)) { $valid_LastName=$LastName; } else { $error_LastName='Enter valid Last Name.'; } // Email if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $email)) { $valid_email=$email; } else { $error_email='Enter valid Email.'; } // Usename min 2 char max 20 char if (eregi('^[A-Za-z0-9_]{3,20}$',$UserName)) { $valid_UserName=$UserName; } else { $error_UserName='Enter valid Username min 3 Chars.'; } // Password min 6 char max 20 char if (eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$Password)) { $valid_Password=$Password; } else { $error_Password='Enter valid Password min 6 Chars.'; } // Zip if (eregi('^[A-Za-z0-9 ]{3,20}$',$Zip)) { $valid_Zip=$Zip; } else { $error_Zip='Enter valid Zip Code.'; } // Security Phrase if (eregi('^[A-Za-z0-9 ]{3,20}$',$Security)) { $valid_Security=$Security; } else { $error_Security='Enter valid Security Phrase.'; } if((strlen($valid_FirstName)>0)&&(strlen($valid_LastName)>0)&&(strlen($valid_UserName)>0)&&(strlen($valid_Password)>0)&&(strlen($valid_email)>0)&&(strlen($valid_Zip)>0)&&(strlen($valid_DOB)>0) &&(strlen($valid_Security)>0) ) { mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" ); header("Location:login.php"); } else{ } } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted November 25, 2010 Share Posted November 25, 2010 Need to explain what the actual problem is. Saying it doesn't work doesn't help us. Quote Link to comment Share on other sites More sharing options...
webguync Posted November 25, 2010 Author Share Posted November 25, 2010 the form doesn't submit and the validation error msg's aren't being triggered. Quote Link to comment Share on other sites More sharing options...
seanlim Posted November 25, 2010 Share Posted November 25, 2010 How do you know the form doesn't submit? Does the next page not load when you click "CREATE PROFILE"? From what i can see, the line else {} is causing the problem, as it contains no error handling code. You have placed error descriptions in error_* variables but you are doing nothing with them after i think. At least have an exit("errors!") if it doesn't validate, just for debugging purposes to see the result of the conditional Quote Link to comment Share on other sites More sharing options...
webguync Posted November 25, 2010 Author Share Posted November 25, 2010 yea, it doesn't take me to the login.php page and I don't see any data in the MySQL table so I know it isn't working. I added error reporting to the page and I get warnings stating all of the $valid_* vars are undefined. But I think they are defined? if((strlen($valid_FirstName)>0)&&(strlen($valid_LastName)>0)&&(strlen($valid_UserName)>0)&&(strlen($valid_Password)>0)&&(strlen($valid_email)>0)&&(strlen($valid_Zip)>0)&&(strlen($valid_Birthday)>0) &&(strlen($valid_Security)>0) ) { mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`UserName`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" ); header("Location:login.php"); } else{} } Quote Link to comment Share on other sites More sharing options...
seanlim Posted November 25, 2010 Share Posted November 25, 2010 your assumptions are wrong. 1. not taking you to the login page does not mean your "form doesn't submit" 2. neither does not seeing anything in the MySQL table mean your "form doesn't submit" 3. $valid_* = $* inside conditional does not always mean that $valid_* is defined. what if the condition(s) don't evaluate to true and the statements are not executed? what i would suggest is, place the error descriptions in an array as such: $error= array(); ... ... if(!eregi(......)){ $error['FirstName'] = "Invalid First Name"; } after all the validation is done, check if $error array has any elements. if there are, show the errors and do not execute the MySQL query. if there are no errors, execute the MySQL query. there isn't a need to over-complicate things by introducing $valid_* variables Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 is another way to debug what I already have? I don't want to redo the code if I don't have to. Quote Link to comment Share on other sites More sharing options...
seanlim Posted November 26, 2010 Share Posted November 26, 2010 for every "(strlen($valid_*)>0)", add in a "isset($valid_*) &&" before it so it'll be if(isset($valid_FirstName) && strlen($valid_FirstName)>0 && isset($valid_LastName) && strlen($valid_lastName)>0... Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 thanks for the tip and the help so far. Using the if isset In all of my input fields I get an undefined variable notice which is what I got before. Quote Link to comment Share on other sites More sharing options...
trq Posted November 26, 2010 Share Posted November 26, 2010 Post your current code. Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 <?php ini_set("display_errors","1"); ERROR_REPORTING(E_ALL); $db_user = ""; $db_pass = ""; $db = ""; $link = mysql_connect('localhost',$db_user,$db_pass); $db_selected = mysql_select_db($db); /*debugging*/ if (!$link) { die('Could not connect: ' . mysql_error()); } if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } if($_POST) { $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file // First Name if (eregi('^[A-Za-z0-9 ]{3,20}$',$FirstName)) { $valid_FirstName=$FirstName; } else { $error_FirstName='Enter valid First Name.'; } // Last Name if (eregi('^[A-Za-z0-9 ]{3,20}$',$LastName)) { $valid_LastName=$LastName; } else { $error_LastName='Enter valid Last Name.'; } // Email if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $email)) { $valid_email=$email; } else { $error_email='Enter valid Email.'; } // Usename min 2 char max 20 char if (eregi('^[A-Za-z0-9_]{3,20}$',$UserName)) { $valid_UserName=$UserName; } else { $error_UserName='Enter valid Username min 3 Chars.'; } // Password min 6 char max 20 char if (eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$Password)) { $valid_Password=$Password; } else { $error_Password='Enter valid Password min 6 Chars.'; } // Birthday if (eregi('^[A-Za-z0-9 ]{3,20}$',$Birthday)) { $valid_Birthday=$Birthday; } else { $error_Zip='Enter valid Zip Code.'; } // Zip if (eregi('^[A-Za-z0-9 ]{3,20}$',$Zip)) { $valid_Zip=$Zip; } else { $error_Zip='Enter valid Zip Code.'; } // Security Phrase if (eregi('^[A-Za-z0-9 ]{3,20}$',$Security)) { $valid_Security=$Security; } else { $error_Security='Enter valid Security Phrase.'; } if(isset($valid_FirstName)&&(strlen($valid_FirstName)>0)&&isset($valid_LastName)&&(strlen($valid_LastName)>0)&&isset($valid_UserName)&&(strlen($valid_UserName)>0)&&isset($valid_Password)&&(strlen($valid_Password)>0)&&isset($valid_email)&&(strlen($valid_email)>0)&&isset($valid_Zip)&&(strlen($valid_Zip)>0)&&isset($valid_Birthday)&&(strlen($valid_Birthday)>0) &&isset($valid_Security)&&(strlen($valid_Security)>0) ) { mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`UserName`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" ); header("Location:login.php"); } else{} } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted November 26, 2010 Share Posted November 26, 2010 You need to check your variables are set way back where you first try and assign data to them. Where you do all your mysql_real_escape_string() stuff. You should try to keep code to a max of around 140 chars wide too, its difficult to read otherwise. Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 would that be like this? if($_POST) { isset($FirstName=mysql_real_escape_string($_POST['FirstName'])); //This value has to be the same as in the HTML form file isset($LastName=mysql_real_escape_string($_POST['LastName'])); etc } Quote Link to comment Share on other sites More sharing options...
trq Posted November 26, 2010 Share Posted November 26, 2010 No. if ($_POST) { if (isset($_POST['FirstName'])) { $FirstName = mysql_real_escape_string($_POST['FirstName'])); } // etc etc Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 thanks. Still get the undefined variable notice within the input fields. <input id="FirstName" name="FirstName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_FirstName; ?>" /> Quote Link to comment Share on other sites More sharing options...
trq Posted November 26, 2010 Share Posted November 26, 2010 Where exactly are these input fields? There not in the code you posted. Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 sorry, they are here. The code I posted is in validation.php [php[ <?php include("validation.php"); ?> <form id="ContactForm" method="POST" action=""> <fieldset> <div> <label>First Name</label> <input id="FirstName" name="FirstName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_FirstName; ?>" /> </div> <div> <label>Last Name</label> <input id="LastName" name="LastName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_LastName; ?>" /> </div> </fieldset> <fieldset> <div> <label>User Name</label> <input id="UserName" name="UserName" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_UserName; ?>" /> </div> <div> <label>Password</label> <input type="password" id="Password" name="Password" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_Password; ?>" /> </div> <div> <label>Email</label> <input id="email" name="email" maxlength="120" type="text" autocomplete="off" value="<?php echo $valid_email; ?>" /> </div> </fieldset> <fieldset> <div> <label>Zip Code</label> <input id="Zip" name="Zip" maxlength="12" type="text" autocomplete="off" value="<?php echo $valid_Zip; ?>" /> </div> <div> <label>Birthday (mm/dd/yyyy format)</label> <input id="Birthday" name="Birthday" maxlength="12" type="text" autocomplete="off" value="<?php echo $valid_Birthday; ?>" /> </div> <div> <label>Security Question</label> <input id="Security" name="Security" maxlength="255" type="text" autocomplete="off" value="<?php echo $valid_Security; ?>" /> </div> </fieldset> <fieldset> <div class="controls"> <input id="submit" type="submit" name="submit" value="CREATE PROFILE"/> </div> </fieldset> </form> [/code] Quote Link to comment Share on other sites More sharing options...
trq Posted November 26, 2010 Share Posted November 26, 2010 Your logic is floored. By the time you get to your form you still have no way of knowing if those variables exist. The easiest fix is probably just.... if (isset($_POST['FirstName'])) { $FirstName = mysql_real_escape_string($_POST['FirstName'])); } else { $FirstName = ""; } Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 and then remove value="<?php echo $valid_FirstName; ?>" etc from my form code? Quote Link to comment Share on other sites More sharing options...
trq Posted November 26, 2010 Share Posted November 26, 2010 There would be no need to remove them if you provide sane defaults as my last post suggests. Quote Link to comment Share on other sites More sharing options...
webguync Posted November 26, 2010 Author Share Posted November 26, 2010 ok b/c I did what you suggested but I still get the notices of undefined variable within the input fields. current code <?php ini_set("display_errors","1"); ERROR_REPORTING(E_ALL); $db_user = ""; $db_pass = ""; $db = ""; $link = mysql_connect('localhost',$db_user,$db_pass); $db_selected = mysql_select_db($db); /*debugging*/ if (!$link) { die('Could not connect: ' . mysql_error()); } if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } if($_POST) { if (isset($_POST['FirstName'])) { $FirstName = mysql_real_escape_string($_POST['FirstName']); } else { $FirstName = ""; } if (isset($_POST['LastName'])) { $LastName = mysql_real_escape_string($_POST['LastName']); } else { $LastName = ""; } if (isset($_POST['UserName'])) { $UserName = mysql_real_escape_string($_POST['UserName']); } else { $UserName = ""; } if (isset($_POST['email'])) { $email = mysql_real_escape_string($_POST['email']); } else { $email = ""; } if (isset($_POST['Password'])) { $Password = mysql_real_escape_string($_POST['Password']); } else { $Password = ""; } if (isset($_POST['Zip'])) { $Zip = mysql_real_escape_string($_POST['Zip']); } else { $Zip = ""; } if (isset($_POST['Birthday'])) { $Birthday = mysql_real_escape_string($_POST['Birthday']); } else { $Birthday = ""; } if (isset($_POST['Security'])) { $Security = mysql_real_escape_string($_POST['Security']); } else { $Security = ""; } // First Name if (eregi('^[A-Za-z0-9 ]{3,20}$',$FirstName)) { $valid_FirstName=$FirstName; } else { $error_FirstName='Enter valid First Name.'; } // Last Name if (eregi('^[A-Za-z0-9 ]{3,20}$',$LastName)) { $valid_LastName=$LastName; } else { $error_LastName='Enter valid Last Name.'; } // Email if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $email)) { $valid_email=$email; } else { $error_email='Enter valid Email.'; } // Usename min 2 char max 20 char if (eregi('^[A-Za-z0-9_]{3,20}$',$UserName)) { $valid_UserName=$UserName; } else { $error_UserName='Enter valid Username min 3 Chars.'; } // Password min 6 char max 20 char if (eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$Password)) { $valid_Password=$Password; } else { $error_Password='Enter valid Password min 6 Chars.'; } // Birthday if (eregi('^[A-Za-z0-9 ]{3,20}$',$Birthday)) { $valid_Birthday=$Birthday; } else { $error_Zip='Enter valid Zip Code.'; } // Zip if (eregi('^[A-Za-z0-9 ]{3,20}$',$Zip)) { $valid_Zip=$Zip; } else { $error_Zip='Enter valid Zip Code.'; } // Security Phrase if (eregi('^[A-Za-z0-9 ]{3,20}$',$Security)) { $valid_Security=$Security; } else { $error_Security='Enter valid Security Phrase.'; } if(isset($valid_FirstName)&&(strlen($valid_FirstName)>0)&&isset($valid_LastName)&&(strlen($valid_LastName)>0)&&isset($valid_UserName)&&(strlen($valid_UserName)>0)&&isset($valid_Password)&&(strlen($valid_Password)>0)&&isset($valid_email)&&(strlen($valid_email)>0)&&isset($valid_Zip)&&(strlen($valid_Zip)>0)&&isset($valid_Birthday)&&(strlen($valid_Birthday)>0) &&isset($valid_Security)&&(strlen($valid_Security)>0) ) { mysql_query("INSERT INTO Profile (`FirstName`,`LastName`,`UserName`,`Password`,`email`,`Zip`,`Birthday`,`Security`) VALUES ('$FirstName','$LastName','$UserName','$Password','$email','$Zip','$Birthday','$Security')" ); header("Location:login.php"); } else{} } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.