having trouble with form validation

[co.ador]

i have a form which action leads to insert.php. In insert.php define the value fields of the forms and then validates but it will submit the form and ignore the validation.

 

 

Form

<form action="Insert.php" method="post" enctype="multipart/form-data">';
<input type="hidden" name="submitted" value="true" />
<label  align="left" for="Image">Upload Image:</label>
<input  name="file" type="file" size="25" />
<label class="City" for="City"> City:</label>
<input name="city" type="text" /> 
<label for="State">State:</label>
<input name="state" type="text" /> 
<label for="ZipCode">Zip Code:</label>
<input name="zipcode" type="text" />
<input class="btn" type="submit" name="Insert" value="Insert" />
<input class="btn" type="reset" name="Reset" value="Clear Form" />
</form>

 

 

Insert.php

 

      <?php 

  $custumer_id = $_SESSION['customer_id'];
        $itemname = ereg_replace("[^A-Za-z0-9]", "", $_POST['name']); // filter everything but numbers and letters
        $price = $_POST['price'];
        $city = ereg_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters
        $state = ereg_replace("[^A-Z a-z0-9]", "", $_POST['state']); // filter everything but spaces, numbers, and letters
        $zipcode = $_POST['zipcode'];
        $image = $_POST['file'];

        if((!$itemname) || (!$country) || (!$state) || (!$city) || (!$price) || (!$details) || (!$subcategory) || (!$image))        {
            $errorMsg = "You did not submit the following required information!<br /><br />";
            if(!$itemname){
                $errorMsg .= "--- Product Name";
            } else if(!$country){
                $errorMsg .= "--- Country"; 
            } else if(!$state){ 
                $errorMsg .= "--- State"; 
           } else if(!$city){ 
               $errorMsg .= "--- City"; 
           } else if(!$price){ 
               $errorMsg .= "--- Price"; 
           } 
           else if(!$image){ 
               $errorMsg .= "Insert a File"; 
           }
           }    



        $sqlinsert2 = "INSERT INTO products
    (product_id,product_name,price,city,state, country, category_id)            
    VALUES('','$itemname','$price','$city','$state','$country',)";
    $enterquery2 = mysql_query($sqlinsert2) or die(mysql_error()); 
    $product_id =  mysql_insert_id();


        $sqlinsert3 = "INSERT INTO sales
                                   (id,product_id, customer_id, sales_date)            
                                   VALUES('','$product_id','$custumer_id',now())";

    $enterquery3 = mysql_query($sqlinsert3) or die(mysql_error());



    }




     ?>

[emamuc]

ereg_replace: This function has been DEPRECATED as of PHP 5.3.0.

 

Do you see the warning? Otherwise you should use preg_replace instead.

 

It's only a suggestion, since I'm a beginner

[AyKay47]

Emamuc is correct, ereg_replace has been deprecated and Preg_replace should be used instead.

Also, you will want an if else statement to check and see if you have received an error, via the empty function. The way your code is now, it will still attempt to insert the data into you database even if you have received an error

[PFMaBiSmAd]

if((!$itemname) || ....

 

^^^ Form fields will be submitted and exist (except for radio and checkboxes), even if they are empty. Your logic testing if(!$some_field) won't fail if a variable by that name exists at all. Your validation logic should do a few things different -

 

1) Use an array to both hold the error messages and to flag if there were any validation errors (i.e. if the array is empty at the end of your validation, there were no errors.)

2) You should validate all the form fields (your else if logic will stop validating on the first problem.)

3) You should specifically test if the variables are empty strings or not (you can use empty, except if there could be a valid number zero as data since a zero is considered to be an empty value.)

4) I'm guessing you removed code when you posted it, but your code should test if the current visitor is authorized to submit data and have it inserted into the database, that a form was submitted before doing anything on the page, and it needs a session_start() statement and a database connection.

 

Edit: 5) The uploaded file information will be in $_FILES['file'], not $_POST['file'].

 

[co.ador]

On the database connection I got that working and I slipped the session_start() function which I have it thanks, now I have to figure out your steps. I have done an if and else statement on

<input class="btn" type="submit" name="Insert" value="Insert" />

input tag with the function empty like, 

 

<?php if (empty($_POST['Insert'])){
echo ' is either 0, empty, or not set at all';
}
else { rest of the code you guys see above in insert.php  }

?>

 

it inserted just like you said. On step two you talk about validating all the fields I will double check that since you say validation won't continue upon a mistake found.

 

Let me check on that.

 

 

[co.ador]

i have a question does the order of the variable definition and the variable in the if else statement validation approach does necessarily have to be in the same order as the fields names in the form? Just like INSERT queries require a certain order.

 

1- And yes I am missing some field in validation I make sure all fields are validated.

 

thanks

[AyKay47]

i have a question does the order of the variable definition and the variable in the if else statement validation approach does necessarily have to be in the same order as the fields names in the form? Just like INSERT queries require a certain order.

 

1- And yes I am missing some field in validation I make sure all fields are validated.

 

thanks

 

No, in this case, the order in which the variables are checked will not matter

They do jot need to be in the same order as in your form

[PFMaBiSmAd]

The order in which you validate the fields should be in the order that you want the error message(s) to be output, which should probably be in the same order as the fields so that the visitor is presented with errors that have some correlation to the layout of the form fields.

 

If someone just entered - product name, price, image, city, state, zipcode, and country, they would want to see any error messages in that same order, or even better, display each validation error next to the corresponding field. Using an array to hold the errors and using an array index name that corresponds to the form field, will make displaying the validation error next to the form field easier because you can simply test if the array index name is set and output the error message at the point where you output the form field.

[co.ador]

This is what I have come up with $errors is an array and I put the error message next to it just like suggested. The only thing I am not sure is about the GLOBAL $_FILES here

<?phpif($_SERVER['REQUEST_METHOD'] == 'POST' || 'FILES'){ ?>

 

The action of the form is POST but the image input field type is file I don't know if I just should reference it as POST or FILES thanks.

 

<?php 
if($_SERVER['REQUEST_METHOD'] == 'POST' || 'FILES'){
if( 0 === preg_match ("/\S+/", $_FILES['image'])){
$errorMsg['file']= "please insert a picture."


}
if( 0 === preg_match ("/\S+/", $_POST['file'])){
$errorMsg['name']= "please Insert Item Name."


}
if( 0 === preg_match ("/\S+/", $_POST['price'])){
$errorMsg['price']= "please enter Item price ."


}
if( 0 === preg_match ("/\S+/", $_POST['details'])){
$errorMsg['details']= "please enter Item Details."


}
if( 0 === preg_match ("/\S+/", $_POST['city'])){
$errorMsg['city']= "please enter city."


}
if( 0 === preg_match ("/\S+/", $_POST['state'])){
$errorMsg['state']= "please enter state."


}
if( 0 === preg_match ("/\S+/", $_POST['zipcode'])){
$errorMsg['zipcode']= "please insert a picture."


}

}
?>

[dcro2]

There's no 'FILES' request method, it all comes through POST. You should use $_FILES to check if a file was uploaded. For example:

if($_FILES['image']['error'] !== UPLOAD_ERR_OK || $_FILES['image']['size'] == 0) {
  //Something went wrong
}

Feel free to do a print_r on $_FILES so you can see the entire structure (or refer here).

Here's some error constants: http://darklaunch.com/2009/05/01/php-file-upload-error-codes-upload-err-ok

[co.ador]

I use this check inside the request method if statement?

 

like

 

<?php 
if($_SERVER['REQUEST_METHOD'] == 'POST'){

if($_FILES['image']['error'] !== UPLOAD_ERR_OK || $_FILES['image']['size'] == 0) {
  //Something went wrong
}

//Rest of the validation input fields.
}
?>

[dcro2]

Right, just put your own error handling code in there. And don't hold me accountable if it doesn't work

[co.ador]

Need a little help here guys I have come up with the following script for validating the fields before being submitted but still it is submitting the forms and overlooking this script. The test is not being executed. help.

<?php 
if($_FILES['file']['error'] !== UPLOAD_ERR_OK || $_FILES['file']['size'] == 0) { $erros['image'] = "Please enter a image.";}

//Check if item name is no-blank.


if ( isset($_POST['name']) && $_POST['name'] === 0 ){
    $errors['name'] = "Please enter Item name."; }

if ( isset($_POST['price']) && $_POST['price'] === 0 ){
    $errors['price'] = "Please enter Item price."; }

if ( isset($_POST['details']) && $_POST['details'] === 0 ){
    $errors['details'] = "Please enter details here."; }

if ( isset($_POST['category_id']) && $_POST['category_id'] === 0 ){
    $errors['category_id'] = "Please enter category.."; }

if ( isset($_POST['city']) && $_POST['city'] === 0 ){
    $errors['city'] = "Please enter city."; }

if ( isset($_POST['state']) && $_POST['state'] === 0 ){
    $errors['state'] = "Please enter state."; }

if ( isset($_POST['zipcode']) && $_POST['zipcode'] === 0 ){
    $errors['zipcode'] = "Please enter zipcode."; }
?>

[dcro2]

Take a look at:

if ( isset($_POST['name']) && $_POST['name'] === 0 ){

The === operator checks if the two sides are equal as well as if the two sides are the same type. All $_POST members are strings and you're comparing them with an integer, so this will always be false. You should just use empty instead for your checks:

if ( empty($_POST['name']) ){

[co.ador]

Thank you dcro it works and it is even posting a message with the error for instant though it is failing to do so for the image I have to check that.

 

 <label class="ItemName" for="name">Item Name:</label>
<input type="text" name="name" value="<?php echo $_POST['name']; ?>" /> 
<?php echo error_for('name'); ?>
<label for="Price">Price:</label>
<input type="text" name="price" value"price" />
<?php  echo error_for('price');?>
<label for="Details">Details:</label>
<textarea name="details" cols="25" rows="6" value="<?php echo h($_POST['details']);?>"></textarea>
<?php echo error_for('details');?> ?>