Jump to content

validation help


spanner206
Go to solution Solved by .josh,

Recommended Posts

<!DOCTYPE HTML> 
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body> 

<?php
$con = mysqli_connect("localhost","root","","nib");
// Check connection
if (mysqli_connect_errno())
{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// define variables and set to empty values
$companynameErr = $firstnameErr = $genderErr = $address1Err = $address2Err = $areaErr = $cityErr = "";
$companyname = $firstname = $gender = $comment = $address1 = $address2 = $area = $city = "";

if ($_SERVER["REQUEST_METHOD"] == "POST")
{

   if (empty($_POST["companyname"]))
     {$companynameErr = "companyname is required";}
   else
     {$companyname = test_input($_POST["companyname"]);}
   
   if (empty($_POST["firstname"]))
     {$firstnameErr = "firstname is required";}
   else
     {$firstname = test_input($_POST["firstname"]);}
     
   if (empty($_POST["address1"]))
     {$address1 = "";}
   else
     {$address1 = test_input($_POST["address1"]);}
   
   if (empty($_POST["address2"]))
     {$address2 = "";}
   else
     {$address2 = test_input($_POST["address2"]);}

   if (empty($_POST["area"]))
     {$area = "";}
   else
     {$area = test_input($_POST["area"]);}   
	 
	if (empty($_POST["city"]))
     {$city = "";}
    else
     {$city = test_input($_POST["city"]);}
}

function test_input($data)
{
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}
?>

<h2>PHP Form Validation</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
  <table border = "0">
	<tr>
		<td>company name:</td><td> <input type="text" name="companyname"></td>
		<td><span class="error">* <?php echo $companynameErr;?></span></td>
	<tr>
   
	<tr>
		<td>First Name:</td><td> <input type="text" name="firstname"></td>
		<td><span class="error">* <?php echo $firstnameErr;?></span></td>
	</tr>
	<tr>
		<td>address1:</td><td> <input type="text" name="address1"></td>
		<td><span class="error">*<?php echo $address1Err;?></span></td>
   </tr>
   <tr>
		<td>address2:</td><td><input type="text" name="address2"></td>
		<td><span class="error">* <?php echo $address2Err;?></span></td>
   </tr>
   <tr>
		<td>area:</td> <td><input type="text" name="area"></td>
		<td><span class="error">* <?php echo $areaErr;?></span></td>
   </tr>
   <tr>
		<td>city:</td> <td><input type="text" name="city"></td>
		<td><span class="error">* <?php echo $cityErr;?></span></td>
	</tr>
	<tr>
   <td><input type="submit" name="submit" value="Submit"></td>
   </tr>
<?$sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City)
VALUES
('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')";
if (!mysqli_query($con,$sql))
  {
   die('Error: ' . mysqli_error($con));
  }


mysqli_close($con);

?>
   </form>



</body>
</html>

right ive been doing this for a while now and i really wana get this out the way what i wana do is check fields if they are empty if they are empty a message will appear saying that all fields need to be filled and if all are filled it will send the data filled in to a database please help im getting bored of this now.  :)

Link to comment
Share on other sites

It would be easier to put your error messages into an array so that you don't have to check for each individual error variable.

 

For example:

 

 

// init error array
$errors = array();

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
 
   if (empty($_POST["companyname"]))
     {$errors['companyname'] = "company name is required";}
   else
     {$companyname = test_input($_POST["companyname"]);}

   // do the same thing as above for the rest of your fields

}
Then in your form, do like this:

 

<td><span class="error">* <?php if (isset($errors['companyname'])) echo $errors['companyname']; ?></span></td>
Then wrap your sql query stuff in this:

 

if (count($errors)==0) 
{

  // do query stuff

}
Also, you should move your database connection stuff inside that last condition, just before the query stuff, so that you don't use resources and time connecting to the database unless the form is actually validated.
Link to comment
Share on other sites

right i did all of that but im now getting this error message.

( ! ) Parse error: syntax error, unexpected end of file in C:\wamp\www\AddLeads\addeadstemplate.php on line 117

 

updated code aswell

<!DOCTYPE HTML> 
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body> 

<?php
error_reporting(E_ALL);
$con = mysqli_connect("localhost","root","","nib");
// Check connection
if (mysqli_connect_errno())
{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// define variables and set to empty values
$companynameErr = $firstnameErr = $address1Err = $address2Err = $areaErr = $cityErr = "";
$companyname = $firstname = $address1 = $address2 = $area = $city = "";

if ($_SERVER["REQUEST_METHOD"] == "POST")
{

 $errors = array();

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
 
   if (empty($_POST["companyname"]))
     {$errors['companyname'] = "company name is required";}
   else
     {$companyname = test_input($_POST["companyname"]);}
   
  if (empty($_POST["first name"]))
     {$errors['first name'] = "frst name is required";}
   else
     {$firstname = test_input($_POST["first name"]);}
     
    if (empty($_POST["address1"]))
     {$errors['address1'] = "address 1 name is required";}
   else
     {$address1 = test_input($_POST["address1"]);}
   
   if (empty($_POST["address2"]))
   {$errors['address2'] = "address 2 name is required";}
   else
     {$address2 = test_input($_POST["address2"]);}

	if (empty($_POST["area"]))
   {$errors['area'] = "area  is required";}
   else
     {$area = test_input($_POST["area"]);}
	 
	if (empty($_POST["city"]))
   {$errors['city'] = "city is required";}
   else
     {$city = test_input($_POST["city"]);}
}

function test_input($data)
{
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}
?>

<h2>PHP Form Validation</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
  <table border = "0">
	<tr>
		<td><span class="error">* <?php if (isset($errors['companyname'])) echo $errors['companyname']; ?></span></td>
	<tr>
	<tr>
		<td><span class="error">* <?php if (isset($errors['firstname'])) echo $errors['firstname']; ?></span></td>
	</tr>
	<tr>
	<td><span class="error">* <?php if (isset($errors['address1'])) echo $errors['address1']; ?></span></td>
   </tr>
   <tr>
	<td><span class="error">* <?php if (isset($errors['address2'])) echo $errors['address2']; ?></span></td>
   </tr>
   <tr>
	<td><span class="error">* <?php if (isset($errors['area'])) echo $errors['area']; ?></span></td>
   </tr>
   <tr>
		<td><span class="error">* <?php if (isset($errors['City'])) echo $errors['City']; ?></span></td>
	</tr>
	<tr>
   <td><input type="submit" name="submit" value="Submit"></td>
   </tr>

  
   <?if (count($errors)==0) 
{$sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City)
VALUES
('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')";
}
if (!mysqli_query($con,$sql))
  {
   die('Error: ' . mysqli_error($con));
  }


mysqli_close($con);

?>
   </form>



</body>
</html>
Link to comment
Share on other sites

  • Solution

That error usually means your opening/closing brackets don't match up, as in you have more { than } or visa versa.

 

You have this twice, lines 23/24 and then 28/29

 

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
But there's a few other issues here:

 

First, where did your form fields go? I just showed you updated code for what you output in your error spans.. you still need to have your form input fields..otherwise, how is the user supposed to fix their mistake(s)?

 

2nd, you were supposed to wrap your query stuff around all of your query stuff, not just the query string.. what you did is just going to cause your code to attempt a query with no string whenever a user has any errors! Also as I mentioned before, you should move your database connection stuff inside the condition as well, so your script doesn't waste time and resources connecting to the database unless the form is actually validated (move lines 12-17):

 

 

 

<?php

if (count($errors)==0) 
{

  $con = mysqli_connect("localhost","root","","nib");
  // Check connection
  if (mysqli_connect_errno())
  {
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

  $sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City) VALUES ('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')";

  if (!mysqli_query($con,$sql))
  {
   die('Error: ' . mysqli_error($con));
  }
 
 
  mysqli_close($con);

} // end if $errors == 0

?>
Link to comment
Share on other sites

Also, this should get your code "working" but there are a lot of improvements that can be made to your script. The very first thing is better form validation. Checking if the form fields are empty is great from a business perspective, but it is nowhere near secure from a coding perspective. As it stands now, your script is vulnerable to sql injection. You should read up on how to properly guard against that.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.