Jump to content

Validation not working sucessfully


NeilB

Recommended Posts

I'm currently trying to get some validation to work sucessfully, but it is not working >:( I don't get any error messages either, just a blank screen when I submit the data to be inserted into the database, reguardless if the IF statements have been met or not.

<?
if(isset($_POST["submit"])){

$error_msg='';

if(trim($_POST["name"])=='' || strlen(trim($_POST["name"])) < 6 || strlen(trim($_POST["name"])) > 15) {
                $error_msg.="Please enter a name between 6 to 15 characters long<br>";
        }        if(isset($_POST["submit"])){

        if(trim($_POST["peak"])=='' || strlen(trim($_POST["peak"])) < 6 || strlen(trim($_POST["peak"])) > 15) {
                $error_msg.="Please enter a peak between 6 to 15 characters long<br>";
        }

        if(trim($_POST["offpeak"])=='' || strlen(trim($_POST["offpeak"])) < 6 || strlen(trim($_POST["offpeak"])) > 15) {
                $error_msg.="Please enter a off peak between 6 to 15 characters long<br>";
        }

        if(trim($_POST["peaknet"])=='' || strlen(trim($_POST["peaknet"])) < 6 || strlen(trim($_POST["peaknet"])) > 15) {
                $error_msg.="Please enter a peaknet between 6 to 15 characters long<br>";
        }

        if(trim($_POST["offpeaknet"])=='' || strlen(trim($_POST["offpeaknet"])) < 6 || strlen(trim($_POST["offpeaknet"])) > 15) {
                $error_msg.="Please enter a offpeaknet between 6 to 15 characters long<br>";
        }

        if(trim($_POST["txt"])=='' || strlen(trim($_POST["txt"])) < 6 || strlen(trim($_POST["txt"])) > 15) {
                $error_msg.="Please enter a txt between 6 to 15 characters long<br>";
        }

        if(trim($_POST["picture"])=='' || strlen(trim($_POST["picture"])) < 6 || strlen(trim($_POST["picture"])) > 15) {
                $error_msg.="Please enter a picture between 6 to 15 characters long<br>";
        }

        // display error message if any, if not, proceed to other processing
        if($error_msg==''){

        $name = $_POST["name"];
        $peak = $_POST["peak"];
        $offpeak = $_POST["offpeak"];
        $peaknet = $_POST["peaknet"];
        $offpeaknet = $_POST["offpeaknet"];
        $txt = $_POST["txt"];
        $picture = $_POST["picture"];

        $connection = mysql_connect("", "", "");

        mysql_select_db("neil", $connection)
        or die("Unable to select database");

        $query = "INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')";

        mysql_query($query);


        echo mysql_error().

        mysql_close($connection);

        Print "New sim sucessfully created";
        }
} else {
              echo "<font color=red face='Verdana'>$error_msg</font>";
        }
}


?>
Link to comment
Share on other sites

Just so we can all see it.
[code]
<?php
if(isset($_POST["submit"])){

$error_msg='';

if(trim($_POST["name"])=='' || strlen(trim($_POST["name"])) < 6 || strlen(trim($_POST["name"])) >
15)
{
                $error_msg.="Please enter a name between 6 to 15 characters long
";
        }        if(isset($_POST["submit"])){

        if(trim($_POST["peak"])=='' || strlen(trim($_POST["peak"])) < 6 || strlen(trim($_POST["peak"])) >
15)
{
                $error_msg.="Please enter a peak between 6 to 15 characters long
";
        }

        if(trim($_POST["offpeak"])=='' || strlen(trim($_POST["offpeak"])) < 6 || strlen
(trim($_POST["offpeak"])) > 15) {
                $error_msg.="Please enter a off peak between 6 to 15 characters long
";
        }

        if(trim($_POST["peaknet"])=='' || strlen(trim($_POST["peaknet"])) < 6 || strlen(trim($_POST
["peaknet"])) > 15) {
                $error_msg.="Please enter a peaknet between 6 to 15 characters long
";
        }

        if(trim($_POST["offpeaknet"])=='' || strlen(trim($_POST["offpeaknet"])) < 6 ||
strlen(trim($_POST["offpeaknet"])) > 15) {
                $error_msg.="Please enter a offpeaknet between 6 to 15 characters long
";
        }

        if(trim($_POST["txt"])=='' || strlen(trim($_POST["txt"])) < 6 || strlen
(trim($_POST["txt"])) > 15) {
                $error_msg.="Please enter a txt between 6 to 15 characters long
";
        }

        if(trim($_POST["picture"])=='' || strlen(trim($_POST["picture"])) < 6 ||
strlen(trim($_POST["picture"])) > 15) {
                $error_msg.="Please enter a picture between 6 to 15 characters long
";
        }

        // display error message if any, if not, proceed to other processing
        if($error_msg==''){

        $name = $_POST["name"];
        $peak = $_POST["peak"];
        $offpeak = $_POST["offpeak"];
        $peaknet = $_POST["peaknet"];
        $offpeaknet = $_POST["offpeaknet"];
        $txt = $_POST["txt"];
        $picture = $_POST["picture"];

        $connection = mysql_connect("", "", "");

        mysql_select_db("neil", $connection)
        or die("Unable to select database");

        $query = "INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')";

        mysql_query($query);


        echo mysql_error().

        mysql_close($connection);

        Print "New sim sucessfully created";
        }
} else {
               echo "<font color=red face='Verdana'>$error_msg</font>";
        }
}


?>

[/code]
Link to comment
Share on other sites

I'd need to see your table structure to know for sure, but it is most likely a query error.  For every ' mysql_query(); put OR die(mysql_error()); behind it.  It would look like;

mysql_query($query) OR die(mysql_query());

1.) I noticed that you haven't supplied any mysql_connect credentials.

2.) Your INSERT query is incorrect, you need to supply table names to the left of VALUES.

P.S (not essential but it's good practice to use <?php as the start tag Vs. <?)

Also,

I noticed that your code could use a bit of re-factoring;

[code]
<?php
if(isset($_POST["submit"])){

unset($_POST['submit']);  
//YOU CAN USE ARRAY_POP() INSTEAD
//THE POINT IS TO GET ALL ELEMENTS OUT OF
//THE STACK YOU DONT WANT VALIDATED

            $error_msg = NULL;

foreach ($_POST as $key => $value) {

if (is_null($_POST[$key]) || strlen(trim($_POST[$key])) < 6 || strlen(trim($_POST[$key])) > 15) {

$error_msg .= "<span style=\"font-face: Verdana; font-size: 12px; color: black;\">Please enter a <span style=\"color: maroon; text-decoration: underline; font-weight: bold;\">$key</span> between 6 to 15 characters long</span><br /><br />";

}

}

if (is_null($error_msg)) {

   $name = $_POST["name"];
   
   $peak = $_POST["peak"];
   
   $offpeak = $_POST["offpeak"];
   
   $peaknet = $_POST["peaknet"];
   
   $offpeaknet = $_POST["offpeaknet"];
   
   $txt = $_POST["txt"];
   
   $picture = $_POST["picture"];

   $connection = mysql_connect("", "", "");

   mysql_select_db("neil", $connection)or die("Unable to select database");

   $query = "";

   mysql_query("INSERT INTO sims (tbl_1, tbl_2, tbl_3, tbl_4, tbl_5, tbl_6, tbl_7, tbl_8) VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')") OR die(mysql_error());

   mysql_close($connection);

   echo "New sim sucessfully created";
   
}

else {

echo $error_msg;
}
}
?>
[/code]

P.S. To be clear, your INSERT query isn't incorrect "technically", but I would add the table names because it makes things so much easier when trouble shooting.
Link to comment
Share on other sites

Try this: [code]<?php
function out_of_range($value,$min=6,$max=15)
{
return (strlen(trim($value))<$min || strlen(trim($value))>$max);
}

if(isset($_POST["submit"]))
{
$error_msg = array();
if(out_of_range($_POST['name']))
{
$error_msg[] = "Please enter a name between 6 to 15 characters long";
}
if(out_of_range($_POST['peak']))
{
$error_msg[] = "Please enter a peak between 6 to 15 characters long";
}
if(out_of_range($_POST['offpeak']))
{
$error_msg[] = "Please enter a off peak between 6 to 15 characters long";
}
if(out_of_range($_POST['peaknet']))
{
$error_msg[] = "Please enter a peaknet between 6 to 15 characters long";
}
if(out_of_range($_POST['offpeaknet']))
{
$error_msg[] = "Please enter a offpeaknet between 6 to 15 characters long";
}
if(out_of_range($_POST['txt']))
{
$error_msg[] ="Please enter a txt between 6 to 15 characters long";
}
if(out_of_range($_POST['picture']))
{
$error_msg[] = "Please enter a picture between 6 to 15 characters long";
}

if(count($error_msg)<=0)
{
$name = mysql_real_escape_string($_POST["name"]);
$peak = mysql_real_escape_string($_POST["peak"]);
$offpeak = mysql_real_escape_string($_POST["offpeak"]);
$peaknet = mysql_real_escape_string($_POST["peaknet"]);
$offpeaknet = mysql_real_escape_string($_POST["offpeaknet"]);
$txt = mysql_real_escape_string($_POST["txt"]);
$picture = mysql_real_escape_string($_POST["picture"]);

$connection = mysql_connect("", "", "");

mysql_select_db("neil", $connection) or die("Unable to select database: ".mysql_error());

mysql_query("INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')") or die(mysql_error());

mysql_close($connection);

echo "New sim sucessfully created";
}
else {
echo "<span style='font-weight: bold; color: red;'>Error(s):</span><br /><ul><li>";
echo join('</li><li>',$error_msg);
echo "</ul>";
}
}
else {
// show form
}
?>[/code]
Link to comment
Share on other sites

Try this ok.
[code]
<?php

$name = addslashes($_POST["name"]);
$peak =addslashes($_POST["peak"]);
$offpeak =addslashes( $_POST["offpeak"]);
$peaknet = addslashes($_POST["peaknet"]);
$offpeaknet = addslashes($_POST["offpeaknet"]);
$txt = addslashes($_POST["txt"]);
$picture =addslashes( $_POST["picture"]);

if(isset($_POST["submit"])){

if(trim($_POST["name"])=='none' || strlen(trim($_POST["name"])) < 6 || strlen(trim($_POST["name"])) > 15) {
               echo"Please enter a name between 6 to 15 characters long
";
       }        if(isset($_POST["submit"])){

       if(trim($_POST["peak"])=='none' || strlen(trim($_POST["peak"])) < 6 || strlen(trim($_POST["peak"])) > 15) {
               echo"Please enter a peak between 6 to 15 characters long
";
       }

       if(trim($_POST["offpeak"])=='' || strlen(trim($_POST["offpeak"])) < 6 || strlen(trim($_POST["offpeak"])) > 15) {
               echo"Please enter a off peak between 6 to 15 characters long
";
       }

       if(trim($_POST["peaknet"])=='none' || strlen(trim($_POST["peaknet"])) < 6 || strlen(trim($_POST["peaknet"])) > 15) {
               echo"Please enter a peaknet between 6 to 15 characters long
";
       }

       if(trim($_POST["offpeaknet"])=='none' || strlen(trim($_POST["offpeaknet"])) < 6 || strlen(trim($_POST["offpeaknet"])) > 15) {
               echo"Please enter a offpeaknet between 6 to 15 characters long
";
       }

       if(trim($_POST["txt"])=='none' || strlen(trim($_POST["txt"])) < 6 || strlen(trim($_POST["txt"])) > 15) {
               echo"Please enter a txt between 6 to 15 characters long
";
       }

       if(trim($_POST["picture"])=='none' || strlen(trim($_POST["picture"])) < 6 || strlen(trim($_POST["picture"])) > 15) {
               echo"Please enter a picture between 6 to 15 characters long
";
       }
$db=mysql_connect("xxx","xxx","xxx");
mysql_select_db("xxx",$db);
     
$query = "INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')";
mysql_query($query) or die("query problam");

Print "New sim sucessfully created";
}
 
}
?>

[/code]
Link to comment
Share on other sites

Here's my take on your code. I've tightened it up considerably by using an array to store the errors, a for loop & switch statement to loop through the submitted fields and an array to help generate the query. The generated query uses the alternative version of the INSERT command. I also changed your [nobbc]<font>[/nobbc] tag to the more modern [niobbc]<span>[/nobbc] tag.
[code]<?php
$error_msg=array();
$qtmp = array();
if(isset($_POST["submit"])){
foreach($_POST as $field => $value) {
switch ($field) {
case 'name':
case 'peak':
case 'offpeak':
case 'peaknet':
case 'offpeaknet':
case 'txt':
case 'picture':
if (strlen(trim(stripslashes($value))) < 6 ||
strlen(trim(stripslashes($value))) > 15)
$error_msg[] = 'Please enter a ' . $field . ' between 6 and 15 characters long';
else {
$qtmp[] = $field . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
$$field = $value;
}
break;
}
}
// display error message if any, if not, proceed to other processing
if(empty($error_msg){
$connection = mysql_connect("", "", "");
mysql_select_db("neil", $connection) or die("Unable to select database");
$query = 'insert into sims set ' . implode(', ',$qtmp);
mysql_query($query) or die("Problem with the insert query: $query<br>" . mysql_error();
Print "New sim sucessfully created";
} else {
      echo '<span style="color:red; font-face="Verdana">' . implode("<br>\n",$error_msg) . "</span>";
}
}
?>[/code]

Ken
Link to comment
Share on other sites

[quote author=kenrbnsn link=topic=110971.msg449353#msg449353 date=1160414541]
Here's my take on your code. I've tightened it up considerably by using an array to store the errors, a for loop & switch statement to loop through the submitted fields and an array to help generate the query. The generated query uses the alternative version of the INSERT command. I also changed your [nobbc]<font>[/nobbc] tag to the more modern [niobbc]<span>[/nobbc] tag.
[code]<?php
$error_msg=array();
$qtmp = array();
if(isset($_POST["submit"])){
foreach($_POST as $field => $value) {
switch ($field) {
case 'name':
case 'peak':
case 'offpeak':
case 'peaknet':
case 'offpeaknet':
case 'txt':
case 'picture':
if (strlen(trim(stripslashes($value))) < 6 ||
strlen(trim(stripslashes($value))) > 15)
$error_msg[] = 'Please enter a ' . $field . ' between 6 and 15 characters long';
else {
$qtmp[] = $field . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
$$field = $value;
}
break;
}
}
// display error message if any, if not, proceed to other processing
if(empty($error_msg){
$connection = mysql_connect("", "", "");
mysql_select_db("neil", $connection) or die("Unable to select database");
$query = 'insert into sims set ' . implode(', ',$qtmp);
mysql_query($query) or die("Problem with the insert query: $query<br>" . mysql_error();
Print "New sim sucessfully created";
} else {
      echo '<span style="color:red; font-face="Verdana">' . implode("<br>\n",$error_msg) . "</span>";
}
}
?>[/code]

Ken
[/quote]

Ken, nice code.  I have done the same above in my original POST, you can further simplify the code because you do not need a switch or an array for the error messages.
Link to comment
Share on other sites

I used the foreach and the switch because the OP didn't indicate whether there were more fields on his form. If there are other fields, then he can just add more case statements. If those are the only fields of the form, then the switch statement could be replaced with an if that makes sure that the $field being tested is not the submit button.

Another way of doing the error message would be to just store the offending field names in the array and then insert them into the error message with something like this:
[code]<?php
if (!empty($error_msg))
  echo '<span style="color:red; font-face="Verdana">The following fields were either less than 6 characters or more than 15 characters long:<br>' . implode(', ',$error_msg) . '<br>';
?>[/code]

Ken
Link to comment
Share on other sites

[quote author=kenrbnsn link=topic=110971.msg449367#msg449367 date=1160415729]
I used the foreach and the switch because the OP didn't indicate whether there were more fields on his form. If there are other fields, then he can just add more case statements. If those are the only fields of the form, then the switch statement could be replaced with an if that makes sure that the $field being tested is not the submit button.

Another way of doing the error message would be to just store the offending field names in the array and then insert them into the error message with something like this:
[code]<?php
if (!empty($error_msg))
   echo '<span style="color:red; font-face="Verdana">The following fields were either less than 6 characters or more than 15 characters long:<br>' . implode(', ',$error_msg) . '<br>';
?>[/code]

Ken
[/quote]

Correct, or as I have done, you can initially set the var to NULL and then if any stack elements fire bad on the validation just append to the string $error_msg .=

Either way works just fine, just a different approach I suppose.

Thanks Ken
Link to comment
Share on other sites

Not checking for the field names would be a security issue. Imagine a user registration script like this. Say there is another field called is_admin which defaults to 0 (false) and therefor is not included in the query as it is not needed. The user could send an extra post variable called is_admin with the value 1 (true) and thereby gain administrative rights.
Link to comment
Share on other sites

Thanks guys, I was hoping to try to keep the same format as I started out with so I could have a go at using regular expressions to validate if an e-mail address is in the correct format etc...

Whats really got me is that the coding I originally posted works fine on another page, but refuses to work on this one. ???
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.