Help with FILTER_SANITIZE_EMAIL

[leeh14]

Hi,

 

I am building a website and need all the fields to be sanitized and validated. When running a filter over a standard string I have a count function to detect when the function was successfull and if all feilds are successful the page can move on. However i hit issues when i reach a e-mail function. Basically i can't get the count to run only if the e-mail is vaild? so basically where can the count be placed to run only if the string is valid and after it has been sanitized? 

 

Function:

 

        if ($_POST['email'] != "") {  
            $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);  
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {  
                $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";  
            }  
        } else {  
            $errors .= 'Please enter your email address.<br/>';  
        }  
  

 

Count:

 

$count ++

 

any help on this matter would be great!

 

Lee

[Pikachu2000]

As an else to the if( !filter_var( . . .) ) { conditional, if tI understand correctly what you're trying to do. However, it's usually easier to store error messages in an array, then, if( count($array) === 0 ), there are no errors. And if there are errors, you can display them all with a foreach() loop.

 

$errors = '';
         if ($_POST['email'] != "") {
            $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
            } else {
            	$count++;
            }
        } else {
            $errors .= 'Please enter your email address.<br/>';
        }

[leeh14]

That's brill has saved my project! One more thing before I set this thread to solved!

 

Once the functions have run if you refresh the page a message comes up and says do you want to run the functions again! if you click yes it adds the data to the database again! How can i stop this from happening?

 

 

[Pikachu2000]

You can add a header() redirect after a successful record insert to clear the $_POST array and send the user to a "landing page". That would be one way that comes to mind.

[leeh14]

OK to stop this from happening i have moved the php to a separate file which is run when submitted, which works fine for submitting to the database. But I have some validation in there and the user might need to amend fields. So how can I post any error message back to the form along with what the user typed in? 

[Pikachu2000]

Use a conditional, and only include() the form if it hasn't been submitted, or there are validation errors that need to be corrected.

[leeh14]

I am not quite sure what you mean by that, could you please explain! Soz

[Pikachu2000]

This is a stripped out example of the logic that you could use. The principle is the same, but you'd have more fields, and validation routines, etc.

 

process.php

<?php
if( isset($_POST['submit']) ) {
if( empty($_POST['name']) ) {
	$errors[] = 'Name is empty.';
}
if( empty($errors) ) {
	// insert data
	// if insert is ok, either redirect, or display success message.
} else {
	$i = 1;
	$count = count($errors);
	foreach( $errors as $v ) {
		echo "<font color=\"red\">$v</font>";
		echo $i < $count ? "<br>" : '';
		$i++;
	}
	include('form.php');
}
} else {
include('form.php');
}
?>

 

form.php

<form action="process.php" method="post">
<input type="text" name="name" value="<?php echo isset($_POST['name']) ? "{$_POST['name']}" : ''; ?>">
<input type="submit" name="submit" value="Submit">
</form>

[leeh14]

Hi,

 

Cheers i will give that a try! Just seems annoying all i want to do is hit submit run php that check if there are errors and if there are errors display them. And if there are no errors run anouther php to add all the field to the database then redirect back to the form page. Seems simple but is not!

 

Regards