Probably really dumb but

[Phpfr3ak]

How do i go about the tags in this, with the elseifs really lost in the past ive done it different and included exits and such but i want it to display at the top of the page and not go onto a whole new page to say the error, sorry if im making little sense just kinda baffled

<?php 
if($playerdata['is_admin'] == 1){
$result = mysql_fetch_array($query);
if($_POST){
$price = mysql_real_escape_string($_POST['price']);
$creditprice = mysql_real_escape_string($_POST['creditprice']);
$ItemType = mysql_real_escape_string(isset($_POST['ItemType']));
$description = mysql_real_escape_string($_POST['description']);
$image = mysql_real_escape_string($_POST['image']);
$name = mysql_real_escape_string($_POST['name']);
if($name == ""){
echo "You must enter an item name.<br><br>";
elseif ($description == ""){
echo "You must enter a description for this item.<br><br>";
elseif
($description2 == ""){
echo "You must enter a Character Req  for this item.<br><br>"; 
elseif
($description3 == ""){
echo "You must enter a What item does for this item.<br><br>";
elseif
($ItemType == ""){
echo "You must select a item type.<br><br>";
elseif
($price == ""){
echo "You must select a price for this item.<br><br>";
elseif
($creditprice == ""){
echo "You must select a game credit price.<br><br>";
}else{
$sql = "INSERT INTO items(name,image,description,ItemType) VALUES ('$name', $image', '$description', '$ItemType')";
mysql_query($sql);
echo "You have created $name<br /><br />";
?>

[Phpfr3ak]

This works but the tags right at the end just annoys me and knowing its there and not correct and all, unsure as to where they should go without it throwing error msgs up

 

<?php 
if($playerdata['is_admin'] == 1){
$result = mysql_fetch_array($query);
if($_POST){
$price = mysql_real_escape_string($_POST['price']);
$creditprice = mysql_real_escape_string($_POST['creditprice']);
$ItemType = mysql_real_escape_string(isset($_POST['ItemType']));
$description = mysql_real_escape_string($_POST['description']);
$image = mysql_real_escape_string($_POST['image']);
$name = mysql_real_escape_string($_POST['name']);
if($name == ""){
echo "You must enter an item name.<br><br>";
}else{
if($description == ""){
echo "You must enter a description for this item.<br><br>";
}else{
if($description2 == ""){
echo "You must enter a Character Req  for this item.<br><br>";
}else{
if($description3 == ""){
echo "You must enter a What item does for this item.<br><br>";
}else{
if($ItemType == ""){
echo "You must select a item type.<br><br>";
}else{
if($price == ""){
echo "You must select a price for this item.<br><br>";
}else{
if($creditprice == ""){
echo "You must select a game credit price.<br><br>";
}else{
$sql = "INSERT INTO items(name,image,description,ItemType) VALUES ('$name', $image', '$description', '$ItemType')";
mysql_query($sql);
echo "You have created $name<br /><br />";
}
}
}
}
}
}
}
}
?>

[thomasw_lrd]

I would use javascript to check on client side. 

 

<script>
function ValidateContactForm()
{
    var name = document.ContactForm.first_name;
var last_name = document.ContactForm.last_name;
var phone = document.ContactForm.phone;
var state = document.ContactForm.state;
    var email = document.ContactForm.email;
    var comment = document.ContactForm.comments;
if (name.value == "")
    {
        window.alert("Please enter your first name.");
        email.focus();
        return false;
    }

if (last_name.value == "")
    {
        window.alert("Please enter a your last name.");
        email.focus();
        return false;
    }

if (phone.value == "")
    {
        window.alert("Please enter a valid phone number.");
        email.focus();
        return false;
    }

if (state.value == "")
    {
        window.alert("Please enter your state.");
        email.focus();
        return false;
    }

    if (email.value == "")
    {
        window.alert("Please enter a valid e-mail address.");
        email.focus();
        return false;
    }
    if (email.value.indexOf("@", 0) < 0)
    {
        window.alert("Please enter a valid e-mail address.");
        email.focus();
        return false;
    }
    if (email.value.indexOf(".", 0) < 0)
    {
        window.alert("Please enter a valid e-mail address.");
        email.focus();
        return false;
    }
    if (comments.value == "")
    {
        window.alert("Please enter a description or comment.");
        comment.focus();
        return false;
    }
    return true;
}
</script>
<form action="" name ='ContactForm' method='post' onsubmit="return ValidateContactForm();">

 

Something like that should work.  It will pop up the error message. 

[PaulRyan]

This is an example of how I would do it.

 

<?PHP

  //### Make sure the player is an admin
  if($playerdata['is_admin'] == 1) {

    //### Fetch the result data from the query
    $result = mysql_fetch_assoc($query);

    //### If the page is requested by POST, process incoming data
    if($_SERVER['REQUEST_METHOD'] == 'POST') {

      //### Assign and santize incoming data
      $price       = mysql_real_escape_string(trim($_POST['price']));
      $creditprice = mysql_real_escape_string(trim($_POST['creditprice']));
      $ItemType    = mysql_real_escape_string(trim($_POST['ItemType']));
      $description = mysql_real_escape_string(trim($_POST['description']));
      $image       = mysql_real_escape_string(trim($_POST['image']));
      $name        = mysql_real_escape_string(trim($_POST['name']));

      //### Do some validation on the data
      if(!$name) {
        $message = "You must enter an item name.<br><br>";
      } else if(!$description) {
        $message = "You must enter a description for this item.<br><br>";
      } else if(!$description2) {
        $message = "You must enter a Character Req  for this item.<br><br>";
      } else if(!$description3) {
        $message = "You must enter a What item does for this item.<br><br>";
      } else if(!$ItemType) {
        $message = "You must select a item type.<br><br>";
      } else if(!$price) {
        $message = "You must select a price for this item.<br><br>";
      } else if(!$creditprice) {
        $message = "You must select a game credit price.<br><br>";

      //### Validation passed, make our query and execute it
      } else {

        //### Query to insert new item into the database table "items"
        $query = "INSERT INTO `items` (`name`,`image`,`description`,`ItemType`) VALUES ('{$name}','{$image}','{$description}','{$ItemType}')";

        //### Execute the above query
        mysql_query($query);

        //### Make sure the query is executed
        if(mysql_affected_rows()) { 
          $message = "You have successfully created {$name} <br><br>";
        } else {
          $message = "We were unable to created {$name} <br><br>";
        } // End of execution check
      } // End of validation checks
    } // End POST check
  } // End player admin check

  //### Echo the message variable
  echo $message;
?>

 

Try that out and tell me what you think, please note, this is untested.

 

Regards, PaulRyan.

[Pikachu2000]

Javascript is not validation, and can't be relied upon for validating user data. It is merely a convenience to the user when implemented properly (or an annoyance when implemented poorly).All actual validation must be performed server-side.

 

Here's some example code for a form that's similar to what I think you're trying to do. Paste it in to a new file, run it, look it over, and you should see how it works.

 

<?php
if( isset($_POST['submitted']) && $_POST['submitted'] == 'yes' ) { //check for hidden field value to indicate form has been submitted
$errors = array(); // initialize an array to hold validation errors
$_POST = array_map('trim', $_POST); // trim all $_POST array values

if( !empty($_POST['name']) ) { // validate the name field
	if( !ctype_alpha($_POST['name']) ) {
		$errors['name'][] = 'Name must be alphabetic characters only.'; // if name has non alpha chars, store error
	}
	if( strlen($_POST['name']) < 3 || strlen($_POST['name'] > 20) ) {
		$errors['name'][] = 'Name must be from 3 to 20 characters.'; // if name has too many/few chars, store error
	}
} else {
	$errors['name'][] = 'Name is a required field.'; // if name is empty, store error
}

if( !empty($_POST['number']) ) { // same validations as in name, above.
	if( !ctype_digit($_POST['number']) ) {
		$errors['number'][] = 'Number must be numeric.';
	}
	if( strlen($_POST['number']) < 5 || strlen($_POST['number']) > 10 )  {
		$error = 'Number must be from 3 to 20 digits. It is currently ' . strlen($_POST['number']) . ' digit';
		$error .= strlen($_POST['number']) == 1 ? '.' : 's.';
		$errors['number'][] = $error;
	}
} else {
	$errors['number'][] = 'Number is a required field.';
}
if( !empty($errors) ) {  // if the $errors array is not empty, display the errors to allow the user to correct them and resubmit the form
	$echo = array();
	foreach( $errors as $v ) {
		if( is_array($v) ) {
			$echo[] = implode('<br>', $v );
		} else {
			$echo[] = $v;
		}
	}
	$err_echo ="<font color=\"red\">The following errors were detected:<br>";
	$err_echo .= implode("<br>\n", $echo);
	$err_echo .= '</font>';
}
}
if( (isset($_POST['submitted']) && !empty($errors)) || !isset($_POST['submitted']) ) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<style type="text/css" media="screen">
body {
font-family: helvetica, arial, sans-serif;
font-size: 0.85em;
line-height: 1.25em;
letter-spacing: -0.5px;
}
input {
border: 1px solid #336699;
padding: 0.1em;
margin: 5px;
color: #113366;
}
input.error {
background-color: #F2BDCA;
color: #850310;
border: 1px solid red;
}
input.good {
background-color: #D3F5D3;
border: 1px solid #156B15;
color: #156B15;
}
input.submit {
background-color: #CCCCCC;
border: 1px solid #888888;	color: #333333;
padding: 2px;
margin: 0;
font: 0.9em helvetica, arial sans-serif;
}
</style>
<title> Work In Progress</title>
</head>
<body>
<?php
echo !empty($err_echo) ? $err_echo : '';
?>
<form method="post" action="">
Name (3-20 letters):
<input type="text"
class="<?php if( isset($_POST['submitted']) ) { echo !empty($errors['name']) ? 'error' : 'good'; } ?>"
name="name"
value="<?php echo isset($_POST['name']) ? $_POST['name'] : ''; ?>">
<br>
Number (5-10 numbers):
<input type="text"
class="<?php if( isset($_POST['submitted']) ) { echo !empty($errors['number']) ? 'error' : 'good'; } ?>"
name="number" value="<?php echo isset($_POST['number']) ? $_POST['number'] : ''; ?>">
<br>
<input type="hidden" name="submitted" value="yes">
<input class="submit" type="submit" name="submit" value="
<?php echo !empty($errors) ? 'Re-Submit' : 'Submit'; ?>
">
</form>
<?php
} else {
// Form was submitted, and validated with no errors. OK to run db insert, display success message, etc.
echo "Successful submission!";
}
?>
</body>
</html>

[Phpfr3ak]

Thanks guys, worked a treat, javascript wasn't a route i wanted to go down for validation, far to easy to exploit and bypass it, cheers.