Jump to content

Archived

This topic is now archived and is closed to further replies.

NeilB

Validation not working sucessfully

Recommended Posts

I'm currently trying to get some validation to work sucessfully, but it is not working >:( I don't get any error messages either, just a blank screen when I submit the data to be inserted into the database, reguardless if the IF statements have been met or not.

<?
if(isset($_POST["submit"])){

$error_msg='';

if(trim($_POST["name"])=='' || strlen(trim($_POST["name"])) < 6 || strlen(trim($_POST["name"])) > 15) {
                $error_msg.="Please enter a name between 6 to 15 characters long<br>";
        }        if(isset($_POST["submit"])){

        if(trim($_POST["peak"])=='' || strlen(trim($_POST["peak"])) < 6 || strlen(trim($_POST["peak"])) > 15) {
                $error_msg.="Please enter a peak between 6 to 15 characters long<br>";
        }

        if(trim($_POST["offpeak"])=='' || strlen(trim($_POST["offpeak"])) < 6 || strlen(trim($_POST["offpeak"])) > 15) {
                $error_msg.="Please enter a off peak between 6 to 15 characters long<br>";
        }

        if(trim($_POST["peaknet"])=='' || strlen(trim($_POST["peaknet"])) < 6 || strlen(trim($_POST["peaknet"])) > 15) {
                $error_msg.="Please enter a peaknet between 6 to 15 characters long<br>";
        }

        if(trim($_POST["offpeaknet"])=='' || strlen(trim($_POST["offpeaknet"])) < 6 || strlen(trim($_POST["offpeaknet"])) > 15) {
                $error_msg.="Please enter a offpeaknet between 6 to 15 characters long<br>";
        }

        if(trim($_POST["txt"])=='' || strlen(trim($_POST["txt"])) < 6 || strlen(trim($_POST["txt"])) > 15) {
                $error_msg.="Please enter a txt between 6 to 15 characters long<br>";
        }

        if(trim($_POST["picture"])=='' || strlen(trim($_POST["picture"])) < 6 || strlen(trim($_POST["picture"])) > 15) {
                $error_msg.="Please enter a picture between 6 to 15 characters long<br>";
        }

        // display error message if any, if not, proceed to other processing
        if($error_msg==''){

        $name = $_POST["name"];
        $peak = $_POST["peak"];
        $offpeak = $_POST["offpeak"];
        $peaknet = $_POST["peaknet"];
        $offpeaknet = $_POST["offpeaknet"];
        $txt = $_POST["txt"];
        $picture = $_POST["picture"];

        $connection = mysql_connect("", "", "");

        mysql_select_db("neil", $connection)
        or die("Unable to select database");

        $query = "INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')";

        mysql_query($query);


        echo mysql_error().

        mysql_close($connection);

        Print "New sim sucessfully created";
        }
} else {
              echo "<font color=red face='Verdana'>$error_msg</font>";
        }
}


?>

Share this post


Link to post
Share on other sites
Just so we can all see it.
[code]
<?php
if(isset($_POST["submit"])){

$error_msg='';

if(trim($_POST["name"])=='' || strlen(trim($_POST["name"])) < 6 || strlen(trim($_POST["name"])) >
15)
{
                $error_msg.="Please enter a name between 6 to 15 characters long
";
        }        if(isset($_POST["submit"])){

        if(trim($_POST["peak"])=='' || strlen(trim($_POST["peak"])) < 6 || strlen(trim($_POST["peak"])) >
15)
{
                $error_msg.="Please enter a peak between 6 to 15 characters long
";
        }

        if(trim($_POST["offpeak"])=='' || strlen(trim($_POST["offpeak"])) < 6 || strlen
(trim($_POST["offpeak"])) > 15) {
                $error_msg.="Please enter a off peak between 6 to 15 characters long
";
        }

        if(trim($_POST["peaknet"])=='' || strlen(trim($_POST["peaknet"])) < 6 || strlen(trim($_POST
["peaknet"])) > 15) {
                $error_msg.="Please enter a peaknet between 6 to 15 characters long
";
        }

        if(trim($_POST["offpeaknet"])=='' || strlen(trim($_POST["offpeaknet"])) < 6 ||
strlen(trim($_POST["offpeaknet"])) > 15) {
                $error_msg.="Please enter a offpeaknet between 6 to 15 characters long
";
        }

        if(trim($_POST["txt"])=='' || strlen(trim($_POST["txt"])) < 6 || strlen
(trim($_POST["txt"])) > 15) {
                $error_msg.="Please enter a txt between 6 to 15 characters long
";
        }

        if(trim($_POST["picture"])=='' || strlen(trim($_POST["picture"])) < 6 ||
strlen(trim($_POST["picture"])) > 15) {
                $error_msg.="Please enter a picture between 6 to 15 characters long
";
        }

        // display error message if any, if not, proceed to other processing
        if($error_msg==''){

        $name = $_POST["name"];
        $peak = $_POST["peak"];
        $offpeak = $_POST["offpeak"];
        $peaknet = $_POST["peaknet"];
        $offpeaknet = $_POST["offpeaknet"];
        $txt = $_POST["txt"];
        $picture = $_POST["picture"];

        $connection = mysql_connect("", "", "");

        mysql_select_db("neil", $connection)
        or die("Unable to select database");

        $query = "INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')";

        mysql_query($query);


        echo mysql_error().

        mysql_close($connection);

        Print "New sim sucessfully created";
        }
} else {
               echo "<font color=red face='Verdana'>$error_msg</font>";
        }
}


?>

[/code]

Share this post


Link to post
Share on other sites
I'd need to see your table structure to know for sure, but it is most likely a query error.  For every ' mysql_query(); put OR die(mysql_error()); behind it.  It would look like;

mysql_query($query) OR die(mysql_query());

1.) I noticed that you haven't supplied any mysql_connect credentials.

2.) Your INSERT query is incorrect, you need to supply table names to the left of VALUES.

P.S (not essential but it's good practice to use <?php as the start tag Vs. <?)

Also,

I noticed that your code could use a bit of re-factoring;

[code]
<?php
if(isset($_POST["submit"])){

unset($_POST['submit']);  
//YOU CAN USE ARRAY_POP() INSTEAD
//THE POINT IS TO GET ALL ELEMENTS OUT OF
//THE STACK YOU DONT WANT VALIDATED

            $error_msg = NULL;

foreach ($_POST as $key => $value) {

if (is_null($_POST[$key]) || strlen(trim($_POST[$key])) < 6 || strlen(trim($_POST[$key])) > 15) {

$error_msg .= "<span style=\"font-face: Verdana; font-size: 12px; color: black;\">Please enter a <span style=\"color: maroon; text-decoration: underline; font-weight: bold;\">$key</span> between 6 to 15 characters long</span><br /><br />";

}

}

if (is_null($error_msg)) {

   $name = $_POST["name"];
   
   $peak = $_POST["peak"];
   
   $offpeak = $_POST["offpeak"];
   
   $peaknet = $_POST["peaknet"];
   
   $offpeaknet = $_POST["offpeaknet"];
   
   $txt = $_POST["txt"];
   
   $picture = $_POST["picture"];

   $connection = mysql_connect("", "", "");

   mysql_select_db("neil", $connection)or die("Unable to select database");

   $query = "";

   mysql_query("INSERT INTO sims (tbl_1, tbl_2, tbl_3, tbl_4, tbl_5, tbl_6, tbl_7, tbl_8) VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')") OR die(mysql_error());

   mysql_close($connection);

   echo "New sim sucessfully created";
   
}

else {

echo $error_msg;
}
}
?>
[/code]

P.S. To be clear, your INSERT query isn't incorrect "technically", but I would add the table names because it makes things so much easier when trouble shooting.

Share this post


Link to post
Share on other sites
Try this: [code]<?php
function out_of_range($value,$min=6,$max=15)
{
return (strlen(trim($value))<$min || strlen(trim($value))>$max);
}

if(isset($_POST["submit"]))
{
$error_msg = array();
if(out_of_range($_POST['name']))
{
$error_msg[] = "Please enter a name between 6 to 15 characters long";
}
if(out_of_range($_POST['peak']))
{
$error_msg[] = "Please enter a peak between 6 to 15 characters long";
}
if(out_of_range($_POST['offpeak']))
{
$error_msg[] = "Please enter a off peak between 6 to 15 characters long";
}
if(out_of_range($_POST['peaknet']))
{
$error_msg[] = "Please enter a peaknet between 6 to 15 characters long";
}
if(out_of_range($_POST['offpeaknet']))
{
$error_msg[] = "Please enter a offpeaknet between 6 to 15 characters long";
}
if(out_of_range($_POST['txt']))
{
$error_msg[] ="Please enter a txt between 6 to 15 characters long";
}
if(out_of_range($_POST['picture']))
{
$error_msg[] = "Please enter a picture between 6 to 15 characters long";
}

if(count($error_msg)<=0)
{
$name = mysql_real_escape_string($_POST["name"]);
$peak = mysql_real_escape_string($_POST["peak"]);
$offpeak = mysql_real_escape_string($_POST["offpeak"]);
$peaknet = mysql_real_escape_string($_POST["peaknet"]);
$offpeaknet = mysql_real_escape_string($_POST["offpeaknet"]);
$txt = mysql_real_escape_string($_POST["txt"]);
$picture = mysql_real_escape_string($_POST["picture"]);

$connection = mysql_connect("", "", "");

mysql_select_db("neil", $connection) or die("Unable to select database: ".mysql_error());

mysql_query("INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')") or die(mysql_error());

mysql_close($connection);

echo "New sim sucessfully created";
}
else {
echo "<span style='font-weight: bold; color: red;'>Error(s):</span><br /><ul><li>";
echo join('</li><li>',$error_msg);
echo "</ul>";
}
}
else {
// show form
}
?>[/code]

Share this post


Link to post
Share on other sites
Try this ok.
[code]
<?php

$name = addslashes($_POST["name"]);
$peak =addslashes($_POST["peak"]);
$offpeak =addslashes( $_POST["offpeak"]);
$peaknet = addslashes($_POST["peaknet"]);
$offpeaknet = addslashes($_POST["offpeaknet"]);
$txt = addslashes($_POST["txt"]);
$picture =addslashes( $_POST["picture"]);

if(isset($_POST["submit"])){

if(trim($_POST["name"])=='none' || strlen(trim($_POST["name"])) < 6 || strlen(trim($_POST["name"])) > 15) {
               echo"Please enter a name between 6 to 15 characters long
";
       }        if(isset($_POST["submit"])){

       if(trim($_POST["peak"])=='none' || strlen(trim($_POST["peak"])) < 6 || strlen(trim($_POST["peak"])) > 15) {
               echo"Please enter a peak between 6 to 15 characters long
";
       }

       if(trim($_POST["offpeak"])=='' || strlen(trim($_POST["offpeak"])) < 6 || strlen(trim($_POST["offpeak"])) > 15) {
               echo"Please enter a off peak between 6 to 15 characters long
";
       }

       if(trim($_POST["peaknet"])=='none' || strlen(trim($_POST["peaknet"])) < 6 || strlen(trim($_POST["peaknet"])) > 15) {
               echo"Please enter a peaknet between 6 to 15 characters long
";
       }

       if(trim($_POST["offpeaknet"])=='none' || strlen(trim($_POST["offpeaknet"])) < 6 || strlen(trim($_POST["offpeaknet"])) > 15) {
               echo"Please enter a offpeaknet between 6 to 15 characters long
";
       }

       if(trim($_POST["txt"])=='none' || strlen(trim($_POST["txt"])) < 6 || strlen(trim($_POST["txt"])) > 15) {
               echo"Please enter a txt between 6 to 15 characters long
";
       }

       if(trim($_POST["picture"])=='none' || strlen(trim($_POST["picture"])) < 6 || strlen(trim($_POST["picture"])) > 15) {
               echo"Please enter a picture between 6 to 15 characters long
";
       }
$db=mysql_connect("xxx","xxx","xxx");
mysql_select_db("xxx",$db);
     
$query = "INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')";
mysql_query($query) or die("query problam");

Print "New sim sucessfully created";
}
 
}
?>

[/code]

Share this post


Link to post
Share on other sites
Here's my take on your code. I've tightened it up considerably by using an array to store the errors, a for loop & switch statement to loop through the submitted fields and an array to help generate the query. The generated query uses the alternative version of the INSERT command. I also changed your [nobbc]<font>[/nobbc] tag to the more modern [niobbc]<span>[/nobbc] tag.
[code]<?php
$error_msg=array();
$qtmp = array();
if(isset($_POST["submit"])){
foreach($_POST as $field => $value) {
switch ($field) {
case 'name':
case 'peak':
case 'offpeak':
case 'peaknet':
case 'offpeaknet':
case 'txt':
case 'picture':
if (strlen(trim(stripslashes($value))) < 6 ||
strlen(trim(stripslashes($value))) > 15)
$error_msg[] = 'Please enter a ' . $field . ' between 6 and 15 characters long';
else {
$qtmp[] = $field . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
$$field = $value;
}
break;
}
}
// display error message if any, if not, proceed to other processing
if(empty($error_msg){
$connection = mysql_connect("", "", "");
mysql_select_db("neil", $connection) or die("Unable to select database");
$query = 'insert into sims set ' . implode(', ',$qtmp);
mysql_query($query) or die("Problem with the insert query: $query<br>" . mysql_error();
Print "New sim sucessfully created";
} else {
      echo '<span style="color:red; font-face="Verdana">' . implode("<br>\n",$error_msg) . "</span>";
}
}
?>[/code]

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=110971.msg449353#msg449353 date=1160414541]
Here's my take on your code. I've tightened it up considerably by using an array to store the errors, a for loop & switch statement to loop through the submitted fields and an array to help generate the query. The generated query uses the alternative version of the INSERT command. I also changed your [nobbc]<font>[/nobbc] tag to the more modern [niobbc]<span>[/nobbc] tag.
[code]<?php
$error_msg=array();
$qtmp = array();
if(isset($_POST["submit"])){
foreach($_POST as $field => $value) {
switch ($field) {
case 'name':
case 'peak':
case 'offpeak':
case 'peaknet':
case 'offpeaknet':
case 'txt':
case 'picture':
if (strlen(trim(stripslashes($value))) < 6 ||
strlen(trim(stripslashes($value))) > 15)
$error_msg[] = 'Please enter a ' . $field . ' between 6 and 15 characters long';
else {
$qtmp[] = $field . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
$$field = $value;
}
break;
}
}
// display error message if any, if not, proceed to other processing
if(empty($error_msg){
$connection = mysql_connect("", "", "");
mysql_select_db("neil", $connection) or die("Unable to select database");
$query = 'insert into sims set ' . implode(', ',$qtmp);
mysql_query($query) or die("Problem with the insert query: $query<br>" . mysql_error();
Print "New sim sucessfully created";
} else {
      echo '<span style="color:red; font-face="Verdana">' . implode("<br>\n",$error_msg) . "</span>";
}
}
?>[/code]

Ken
[/quote]

Ken, nice code.  I have done the same above in my original POST, you can further simplify the code because you do not need a switch or an array for the error messages.

Share this post


Link to post
Share on other sites
I used the foreach and the switch because the OP didn't indicate whether there were more fields on his form. If there are other fields, then he can just add more case statements. If those are the only fields of the form, then the switch statement could be replaced with an if that makes sure that the $field being tested is not the submit button.

Another way of doing the error message would be to just store the offending field names in the array and then insert them into the error message with something like this:
[code]<?php
if (!empty($error_msg))
  echo '<span style="color:red; font-face="Verdana">The following fields were either less than 6 characters or more than 15 characters long:<br>' . implode(', ',$error_msg) . '<br>';
?>[/code]

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=110971.msg449367#msg449367 date=1160415729]
I used the foreach and the switch because the OP didn't indicate whether there were more fields on his form. If there are other fields, then he can just add more case statements. If those are the only fields of the form, then the switch statement could be replaced with an if that makes sure that the $field being tested is not the submit button.

Another way of doing the error message would be to just store the offending field names in the array and then insert them into the error message with something like this:
[code]<?php
if (!empty($error_msg))
   echo '<span style="color:red; font-face="Verdana">The following fields were either less than 6 characters or more than 15 characters long:<br>' . implode(', ',$error_msg) . '<br>';
?>[/code]

Ken
[/quote]

Correct, or as I have done, you can initially set the var to NULL and then if any stack elements fire bad on the validation just append to the string $error_msg .=

Either way works just fine, just a different approach I suppose.

Thanks Ken

Share this post


Link to post
Share on other sites
Not checking for the field names would be a security issue. Imagine a user registration script like this. Say there is another field called is_admin which defaults to 0 (false) and therefor is not included in the query as it is not needed. The user could send an extra post variable called is_admin with the value 1 (true) and thereby gain administrative rights.

Share this post


Link to post
Share on other sites
Thanks guys, I was hoping to try to keep the same format as I started out with so I could have a go at using regular expressions to validate if an e-mail address is in the correct format etc...

Whats really got me is that the coding I originally posted works fine on another page, but refuses to work on this one. ???

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.