Jump to content

validation help


spanner206

Recommended Posts

hi i really need your help what im trying to do is check if form fields are empty and then if so stop users from going any further i got the jist sorted e.g. send data to a database and 

this is the main code

<?php
$con=mysqli_connect("","","","");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 
$sql="INSERT INTO tbl_club_contacts (CompanyName)
VALUES
('$_POST[CompanyName]')";
 
if (!mysqli_query($con,$sql))
  {
   die('Error: ' . mysqli_error($con));
  }
echo "record added";
 
mysqli_close($con);
?>
<html>
<body>
 
<form action="copyofaddleads2.php" method="post">
<input type="submit", value = "go back">
</form>
 
</body>
</html>
 
heres the insert document
<?php
$con=mysqli_connect("","","","");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 
$sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City)
VALUES
('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')";
 
if (!mysqli_query($con,$sql))
  {
   die('Error: ' . mysqli_error($con));
  }
echo "record added";
 
mysqli_close($con);
?>
<html>
<body>
 
<form action="addleads2.php" method="post">
<input type="submit", value = "go back">
</form>
 
</body>
</html>

 

Link to comment
Share on other sites

When doing form validation I like to take the following approach (most of what follows is pseudo code) :

Setup a boolean variable to toggle if any validation fails

$allValid = true;

if(validation fails) {

$allValid = false;

}

Then prior to making your database connection and inserting data check the all valid variable

if($allValid) {

// connect to db, create query, execute query

}

As for checking the values you could

if($_POST['companyname']==null || $_POST['companyname']=="") {

$allValid = false;

}

You should also ensure the user is not attempting to inject any malicious code.

Edited by cjtemple
Link to comment
Share on other sites

When doing form validation I like to take the following approach (most of what follows is pseudo code) :

Setup a boolean variable to toggle if any validation fails

$allValid = true;

if(validation fails) {

$allValid = false;

}

Then prior to making your database connection and inserting data check the all valid variable

if($allValid) {

// connect to db, create query, execute query

}

As for checking the values you could

if($_POST['companyname']==null || $_POST['companyname']=="") {

$allValid = false;

}

You should also ensure the user is not attempting to inject any malicious code.

 

Good approach, but what I usually do when I write a validation script is that I declare a new array like this $errors = array(); and I append the array with any errors that arise and before doing what you wanted to do with the DB (Insert, Select, Update, whatever) I check whether the $errors array is empty, i.e. whether the validation script gave any errors. If it is empty, execute the query, if not, display the $errors array with a foreach loop to let the user know where he went wrong.

 

And instead of $_POST['field_name'] == null, you can also use the negated empty() function like this !empty($_POST['field_name'])

 

And of course, make sure you escape all use input. Vital rule in programming - all user input is considered malicious unless proven otherwise.  

Link to comment
Share on other sites

Stefany93 I like your $error array approach in the past I would just append a string to the error message but I think I will go with your approach from now on. Also I haven't tested it but I wonder if !empty(trim($_POST['field_name'])) would be effective in testing to ensure the required field has something there?

Link to comment
Share on other sites

Stefany93 I like your $error array approach in the past I would just append a string to the error message but I think I will go with your approach from now on. Also I haven't tested it but I wonder if !empty(trim($_POST['field_name'])) would be effective in testing to ensure the required field has something there?

 

Glad I could help. Usually, I will avoid nesting functions like hell because a) it makes the program run slower, kills readability and some functions work while nested within another and some don't which can drive ya crazy. Better approach will be:

 

 

if(isset($_POST['field_name']) and !empty($_POST['field_name'])){
    $field_name = trim($_POST['field_name']);
}

 

Now, in the past, when I was green, I would use $_POST['file_name']; without assigning it to a variable like $field_name which proved to be stupid because if at any time you want to change the name if of the input field you are fetching the information, then you'd have to change tens of $_POSTs in your code. 

 

The same in JavaScript. If you have like <h1 id="main_header"></h1> and you want to fetch it with document.getElementById('main_header');

it is better to put in a variable like this var main_header = 'main_header'; and you wouldn't have to worry about the ID being changed. You could just then change a single variable. 

Link to comment
Share on other sites

In terms of error checking with arrays and checking to see if a value exists or not, could be written like this:

<?php
 $error = array();

 if(isset($_POST['send-form'])){ // check if submit button was pressed
  $countBlank = 0;
  // required fields "name" attribute
  $reqArray = array("comp-fname", "comp-addr1", "comp-town", "comp-county", "comp-post", "comp-email", "comp-hometel");
  foreach($_POST as $key => $value){
   if(in_array($key, $reqArray))
    if(empty($value))
     $countBlank++;
  }
  if($countBlank > 0)
   $error[] = "Please do not leave any required fields empty.";
 
  if(count($error) == 0){
   // do the of the code (pattern checks, database checks/inserts)
 }

?>

it is faster than checking each one individually, and it can be modified a bit to tell the user exactly which fields are empty.

Edited by White_Lily
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.