co.ador Posted July 18, 2011 Share Posted July 18, 2011 i have a form which action leads to insert.php. In insert.php define the value fields of the forms and then validates but it will submit the form and ignore the validation. Form <form action="Insert.php" method="post" enctype="multipart/form-data">'; <input type="hidden" name="submitted" value="true" /> <label align="left" for="Image">Upload Image:</label> <input name="file" type="file" size="25" /> <label class="City" for="City"> City:</label> <input name="city" type="text" /> <label for="State">State:</label> <input name="state" type="text" /> <label for="ZipCode">Zip Code:</label> <input name="zipcode" type="text" /> <input class="btn" type="submit" name="Insert" value="Insert" /> <input class="btn" type="reset" name="Reset" value="Clear Form" /> </form> Insert.php <?php $custumer_id = $_SESSION['customer_id']; $itemname = ereg_replace("[^A-Za-z0-9]", "", $_POST['name']); // filter everything but numbers and letters $price = $_POST['price']; $city = ereg_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters $state = ereg_replace("[^A-Z a-z0-9]", "", $_POST['state']); // filter everything but spaces, numbers, and letters $zipcode = $_POST['zipcode']; $image = $_POST['file']; if((!$itemname) || (!$country) || (!$state) || (!$city) || (!$price) || (!$details) || (!$subcategory) || (!$image)) { $errorMsg = "You did not submit the following required information!<br /><br />"; if(!$itemname){ $errorMsg .= "--- Product Name"; } else if(!$country){ $errorMsg .= "--- Country"; } else if(!$state){ $errorMsg .= "--- State"; } else if(!$city){ $errorMsg .= "--- City"; } else if(!$price){ $errorMsg .= "--- Price"; } else if(!$image){ $errorMsg .= "Insert a File"; } } $sqlinsert2 = "INSERT INTO products (product_id,product_name,price,city,state, country, category_id) VALUES('','$itemname','$price','$city','$state','$country',)"; $enterquery2 = mysql_query($sqlinsert2) or die(mysql_error()); $product_id = mysql_insert_id(); $sqlinsert3 = "INSERT INTO sales (id,product_id, customer_id, sales_date) VALUES('','$product_id','$custumer_id',now())"; $enterquery3 = mysql_query($sqlinsert3) or die(mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
emamuc Posted July 18, 2011 Share Posted July 18, 2011 ereg_replace: This function has been DEPRECATED as of PHP 5.3.0. Do you see the warning? Otherwise you should use preg_replace instead. It's only a suggestion, since I'm a beginner Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 18, 2011 Share Posted July 18, 2011 Emamuc is correct, ereg_replace has been deprecated and Preg_replace should be used instead. Also, you will want an if else statement to check and see if you have received an error, via the empty function. The way your code is now, it will still attempt to insert the data into you database even if you have received an error Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 18, 2011 Share Posted July 18, 2011 if((!$itemname) || .... ^^^ Form fields will be submitted and exist (except for radio and checkboxes), even if they are empty. Your logic testing if(!$some_field) won't fail if a variable by that name exists at all. Your validation logic should do a few things different - 1) Use an array to both hold the error messages and to flag if there were any validation errors (i.e. if the array is empty at the end of your validation, there were no errors.) 2) You should validate all the form fields (your else if logic will stop validating on the first problem.) 3) You should specifically test if the variables are empty strings or not (you can use empty, except if there could be a valid number zero as data since a zero is considered to be an empty value.) 4) I'm guessing you removed code when you posted it, but your code should test if the current visitor is authorized to submit data and have it inserted into the database, that a form was submitted before doing anything on the page, and it needs a session_start() statement and a database connection. Edit: 5) The uploaded file information will be in $_FILES['file'], not $_POST['file']. Quote Link to comment Share on other sites More sharing options...
co.ador Posted July 18, 2011 Author Share Posted July 18, 2011 On the database connection I got that working and I slipped the session_start() function which I have it thanks, now I have to figure out your steps. I have done an if and else statement on <input class="btn" type="submit" name="Insert" value="Insert" /> input tag with the function empty like, <?php if (empty($_POST['Insert'])){ echo ' is either 0, empty, or not set at all'; } else { rest of the code you guys see above in insert.php } ?> it inserted just like you said. On step two you talk about validating all the fields I will double check that since you say validation won't continue upon a mistake found. Let me check on that. Quote Link to comment Share on other sites More sharing options...
co.ador Posted July 18, 2011 Author Share Posted July 18, 2011 i have a question does the order of the variable definition and the variable in the if else statement validation approach does necessarily have to be in the same order as the fields names in the form? Just like INSERT queries require a certain order. 1- And yes I am missing some field in validation I make sure all fields are validated. thanks Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 18, 2011 Share Posted July 18, 2011 i have a question does the order of the variable definition and the variable in the if else statement validation approach does necessarily have to be in the same order as the fields names in the form? Just like INSERT queries require a certain order. 1- And yes I am missing some field in validation I make sure all fields are validated. thanks No, in this case, the order in which the variables are checked will not matter They do jot need to be in the same order as in your form Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 18, 2011 Share Posted July 18, 2011 The order in which you validate the fields should be in the order that you want the error message(s) to be output, which should probably be in the same order as the fields so that the visitor is presented with errors that have some correlation to the layout of the form fields. If someone just entered - product name, price, image, city, state, zipcode, and country, they would want to see any error messages in that same order, or even better, display each validation error next to the corresponding field. Using an array to hold the errors and using an array index name that corresponds to the form field, will make displaying the validation error next to the form field easier because you can simply test if the array index name is set and output the error message at the point where you output the form field. Quote Link to comment Share on other sites More sharing options...
co.ador Posted July 19, 2011 Author Share Posted July 19, 2011 This is what I have come up with $errors is an array and I put the error message next to it just like suggested. The only thing I am not sure is about the GLOBAL $_FILES here <?phpif($_SERVER['REQUEST_METHOD'] == 'POST' || 'FILES'){ ?> The action of the form is POST but the image input field type is file I don't know if I just should reference it as POST or FILES thanks. <?php if($_SERVER['REQUEST_METHOD'] == 'POST' || 'FILES'){ if( 0 === preg_match ("/\S+/", $_FILES['image'])){ $errorMsg['file']= "please insert a picture." } if( 0 === preg_match ("/\S+/", $_POST['file'])){ $errorMsg['name']= "please Insert Item Name." } if( 0 === preg_match ("/\S+/", $_POST['price'])){ $errorMsg['price']= "please enter Item price ." } if( 0 === preg_match ("/\S+/", $_POST['details'])){ $errorMsg['details']= "please enter Item Details." } if( 0 === preg_match ("/\S+/", $_POST['city'])){ $errorMsg['city']= "please enter city." } if( 0 === preg_match ("/\S+/", $_POST['state'])){ $errorMsg['state']= "please enter state." } if( 0 === preg_match ("/\S+/", $_POST['zipcode'])){ $errorMsg['zipcode']= "please insert a picture." } } ?> Quote Link to comment Share on other sites More sharing options...
dcro2 Posted July 19, 2011 Share Posted July 19, 2011 There's no 'FILES' request method, it all comes through POST. You should use $_FILES to check if a file was uploaded. For example: if($_FILES['image']['error'] !== UPLOAD_ERR_OK || $_FILES['image']['size'] == 0) { //Something went wrong } Feel free to do a print_r on $_FILES so you can see the entire structure (or refer here). Here's some error constants: http://darklaunch.com/2009/05/01/php-file-upload-error-codes-upload-err-ok Quote Link to comment Share on other sites More sharing options...
co.ador Posted July 19, 2011 Author Share Posted July 19, 2011 I use this check inside the request method if statement? like <?php if($_SERVER['REQUEST_METHOD'] == 'POST'){ if($_FILES['image']['error'] !== UPLOAD_ERR_OK || $_FILES['image']['size'] == 0) { //Something went wrong } //Rest of the validation input fields. } ?> Quote Link to comment Share on other sites More sharing options...
dcro2 Posted July 19, 2011 Share Posted July 19, 2011 Right, just put your own error handling code in there. And don't hold me accountable if it doesn't work Quote Link to comment Share on other sites More sharing options...
co.ador Posted July 21, 2011 Author Share Posted July 21, 2011 Need a little help here guys I have come up with the following script for validating the fields before being submitted but still it is submitting the forms and overlooking this script. The test is not being executed. help. <?php if($_FILES['file']['error'] !== UPLOAD_ERR_OK || $_FILES['file']['size'] == 0) { $erros['image'] = "Please enter a image.";} //Check if item name is no-blank. if ( isset($_POST['name']) && $_POST['name'] === 0 ){ $errors['name'] = "Please enter Item name."; } if ( isset($_POST['price']) && $_POST['price'] === 0 ){ $errors['price'] = "Please enter Item price."; } if ( isset($_POST['details']) && $_POST['details'] === 0 ){ $errors['details'] = "Please enter details here."; } if ( isset($_POST['category_id']) && $_POST['category_id'] === 0 ){ $errors['category_id'] = "Please enter category.."; } if ( isset($_POST['city']) && $_POST['city'] === 0 ){ $errors['city'] = "Please enter city."; } if ( isset($_POST['state']) && $_POST['state'] === 0 ){ $errors['state'] = "Please enter state."; } if ( isset($_POST['zipcode']) && $_POST['zipcode'] === 0 ){ $errors['zipcode'] = "Please enter zipcode."; } ?> Quote Link to comment Share on other sites More sharing options...
dcro2 Posted July 21, 2011 Share Posted July 21, 2011 Take a look at: if ( isset($_POST['name']) && $_POST['name'] === 0 ){ The === operator checks if the two sides are equal as well as if the two sides are the same type. All $_POST members are strings and you're comparing them with an integer, so this will always be false. You should just use empty instead for your checks: if ( empty($_POST['name']) ){ Quote Link to comment Share on other sites More sharing options...
co.ador Posted July 21, 2011 Author Share Posted July 21, 2011 Thank you dcro it works and it is even posting a message with the error for instant though it is failing to do so for the image I have to check that. <label class="ItemName" for="name">Item Name:</label> <input type="text" name="name" value="<?php echo $_POST['name']; ?>" /> <?php echo error_for('name'); ?> <label for="Price">Price:</label> <input type="text" name="price" value"price" /> <?php echo error_for('price');?> <label for="Details">Details:</label> <textarea name="details" cols="25" rows="6" value="<?php echo h($_POST['details']);?>"></textarea> <?php echo error_for('details');?> ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.