Jump to content

Form processing and validation

spleendrivel

By spleendrivel
in PHP Coding Help

 Share

Recommended Posts

spleendrivel Newbie

spleendrivel

Posted
Posted

Here is the code I am using to process a couple of pages:

 

//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\

<?php

$FullName = $_POST["FullName"];

$EmailAddress = $_POST["EmailAddress"];

$TestimonyMessage = $_POST["TestimonyMessage"];

$ValAnswer = $_POST["ValAnswer"];

if ((isset($_POST['submit'])) and (int($_POST["ValAnswer"].value) == 75))

{

include("TestimonyAction.php");

} else

{

include("TestimonyForm.php");

}

?>

//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\

 

My problem is with ValAnswer, I want to include the "Action" page only if the user hits submit AND they provide an answer of 75.  What am I doing wrong?  I also attached the form page in case it was needed.

 

Thanks,

 

-Dave

18859_.txt

Link to comment
https://forums.phpfreaks.com/topic/267215-form-processing-and-validation/
Share on other sites
MMDE Member

MMDE

Posted
Posted

First off, you need to turn on error reporting, as I can see several errors. It will help you figure out your problems too.

error_reporting(-1);

Put that in the beginning of your script, you may also want to do this:

ini_set('error_reporting', E_ALL)

 

Second, use the code tags to post code.

 

Third:

$FullName = $_POST["FullName"];

^ What if $_POST['FullName'] isn't set?

Same with the rest of them, this will result in an error.

 

Fourth, I've never done this in PHP before:

(int($_POST["ValAnswer"].value) == 75)

I'm not even sure you can do this, but it wouldn't be too crazy if it worked.

Why not just do:

$_POST["ValAnswer"] == 75

?

spleendrivel Newbie

spleendrivel

Posted
  • Author
Posted

I tried every suggestion and when I input 75 in the ValAnswer input field the page still processes the Form page again. 

 

I am still stuck trying to have this page simply validate both the submit button and $ValAnswer = 75 before "calling" the action page. 

 

This should be very easy to perform, what am I missing.  Rather than review my code, how about a simple example where the user must press the submit button and provide a correct answer. 

 

I am trying to do something to prevent Bots from executing my email action!!

 

Thanks to anyone for help.

MMDE Member

MMDE

Posted
Posted

I tried every suggestion and when I input 75 in the ValAnswer input field the page still processes the Form page again. 

 

I am still stuck trying to have this page simply validate both the submit button and $ValAnswer = 75 before "calling" the action page. 

 

This should be very easy to perform, what am I missing.  Rather than review my code, how about a simple example where the user must press the submit button and provide a correct answer. 

 

I am trying to do something to prevent Bots from executing my email action!!

 

Thanks to anyone for help.

 

if(!empty($_POST['answer']) && !empty($_POST['answerid']) && $_POST['answerid']==75){
echo 'Answer: '.$_POST['answer'];
}

 

This would work if the form was something like:

<form method="post" action="">
<input type="hidden" name="answerid" value="75" />
<input type="text" name="answer" />
<input type="submit" name="submit" value="submit" />
</form>

 

Do as I said earlier. Turn on error reporting. It will save you a lot of time trying to figure out what the problem is, and it will learn you a lot about programming in PHP. Nobody was reviewing your code, we were trying to make you think about what you had been writing, so you could solve it on your own. I even suggested fixes.

spleendrivel Newbie

spleendrivel

Posted
  • Author
Posted

I am fairly new to coding with PHP, as I am sure you figured out, but

 

wouldn't the answerid always be present and always be 75 using the form code you provided?  Again, I may be missing something everyone else can see, it just seems like a Bot could fire the submit and post to my email action page because the input is hidden but given the value.

 

Please excuse my ignorance....

MMDE Member

MMDE

Posted
Posted

I am fairly new to coding with PHP, as I am sure you figured out, but

 

wouldn't the answerid always be present and always be 75 using the form code you provided?  Again, I may be missing something everyone else can see, it just seems like a Bot could fire the submit and post to my email action page because the input is hidden but given the value.

 

Please excuse my ignorance....

You are completely correct. It really depends on how your original form is, and how you want to use it.

 

if(!empty($_POST['answer75'])){
echo 'answer75: '.$_POST['answer'];
}

 

This would work if the form was something like:

<form method="post" action="">
answer75:<input type="text" name="answer75" />
<input type="submit" name="submit" value="submit" />
</form>

 

sometimes you can make arrays out of the input names, like answers[].

then you can loop through them like: foreach($answers AS $answer)

spleendrivel Newbie

spleendrivel

Posted
  • Author
Posted

MMDE,

 

I did add the error checking you suggested, but I am not seeing anything reported when executing in Firefox 14.0.1.

 

<?php
error_reporting(-1);
ini_set('error_reporting', E_ALL);
$FullName = $_POST["FullName"];
$EmailAddress = $_POST["EmailAddress"];
$TestimonyMessage = $_POST["TestimonyMessage"];
$ValAnswer = $_POST["ValAnswer"];
if ((isset($_POST['submit'])) and (int($_POST["ValAnswer"].value) == 75)){
	include("TestimonyAction.php");
} else
{
include("TestimonyForm.php");
}
?>

MMDE Member

MMDE

Posted
Posted

Did you put this:

error_reporting(-1);

at the beginning of the script?

Also, are you using a free host?

 

 

This might be something along the lines of what you want:

<form method="post" action="">
Answer 75: <input type="text" name="answers[75]" />
<input type="submit" name="submit" value="submit" />
</form>

 

if(isset($_POST['answers']) && is_array($_POST['answers'])){
foreach($_POST['answers'] AS $answerid=>$answer){
	echo 'Answer '.$answerid.': '.$answer;
}
}

^ sorry, I did a typo here, so I fixed it now! :)

I haven't tested it, but I think it should work.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.