Validation of html drop down select option

[enthused_confused]

First post at PHP FREAKS.

I can't figure out why my validation method is not working, or if it is working, why I don't get the error message to echo out to the browser. 

I know there are similar posts to this and I have spent several hours searching for answers, but I don't still don't know why this is not working.

I would like this to generate an error if the default  option(Please select your state) is left in the select and an actual state was not selected. I have tried including an option with value of BOGUS to test against the array, but still no errors. What am I doing wrong here?

Any help would be greatly appreciated.

 

 

note: $stateList array is shortened for this post$stateList = array("Alabama", "Alaska", "Arizona", "rest of the states");$errors = array();if (isset($_POST['Submit'])) {    $selectedState = $_POST['req-state'];    if(!in_array($selectedState,$stateList)){    $errors[] = "Please select a state";    }     if(!empty($errors)){         echo '<h1>Error(s)!</h1>';        foreach($errors as $errorMessage){            echo $errorMessage . '<br>';        }    } }print_r ($_POST);

 

note: options list is shortened for this post.

<body>
    <form action="state_test.php" method="post" id="form1">
        <div class="rowElem">
            <label for="req-state">State*:</label>
                <select name="req-state" required="required" value="" />
                    <option>Please select your state</option>
                    <option>BOGUS</option>
                    <option>Alabama</option>
                    <option>Alaska</option>
                    <option>Arizona</option>
                </select>
        </div>
        <br>
        <br>
        <div class="rowElem">
            <label>   </label>
                <input type="submit" name="submit" value="submit" />
        </div>
    </form>
</body>

[enthused_confused]

Sorry. Forgot to include results of 

print_r($_POST);

When submit is clicked without selecting a state: Array ( [req-state] => Please select your state [submit] => submit ).

When BOGUS is selected : Array ( [req-state] => BOGUS [submit] => submit ).

When Alaska is selected: Array ( [req-state] => Alaska [submit] => submit ). I wouldn't expect Alaska to generate an error since it is in the $stateList array.

[Sepodati]

Use a lower case "s" in $_POST['submit'] to match what you named the element. It's case sensitive.

[Jacques1]

Your submit button is called “submit”, but you're checking for “Submit”, so the code isn't even executed.

 

Which again proves that making your entire program dependent on some silly submit button is an awful idea. I know PHP people love to do it, but that doesn't mean it makes sense. You should check for the request method, not the name of a button.

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{

}

You should also use better places for your var_dump().

[Sepodati]

FYI, if you had put a print statement inside the if condition, you'd have realized you were never entering that code block. Don't be afraid to throw in extra print statements while you're learning to see if the flow of your code matches what you think it should be.

[enthused_confused]

Thank you for your replies.

Thank you for finding that uppercase error!

I will investigate the request method, seems I heard or read somewhere that the request method wasn't as secure.

[enthused_confused]

Can you elaborate on the print in the if statement?  Do you mean call a print_r in each if statement? For instance would I have used print_r for $errors or for $errorMessage or for both?

I know I have error reporting on in my php.ini , error reporting doesn't catch things like the uppercase mistake?

[Jacques1]

I will investigate the request method, seems I heard or read somewhere that the request method wasn't as secure.

 

None of this has anything to do with security. The point is that the submit button is just a GUI element which should have no effect on the data processing. When your entire program breaks down just because you got the name of a button wrong, that's obviously a poor approach.

 

 

 

Can you elaborate on the print in the if statement?  Do you mean call a print_r in each if statement? For instance would I have used print_r for $errors or for $errorMessage or for both?

 

The point is that print_r (or better: var_dump) is only useful when you actually get interesting information from it. Dumping $_POST tells you that the “BOGUS” selection gives you the string “BOGUS” -- well, I guess you knew that already. But dumping the in_array result, for example, would have immediately told you that there's something wrong.

 

 

 

Can you elaborate on the print in the if statement?  Do you mean call a print_r in each if statement? For instance would I have used print_r for $errors or for $errorMessage or for both?

I know I have error reporting on in my php.ini , error reporting doesn't catch things like the uppercase mistake?

 

What is PHP supposed to report? You're checking whether there's a “Submit” parameter, and PHP tells you that there isn't.

[enthused_confused]

@Guru

Thank you again.

As you pointed out PHP does have some inherent drawbacks. I wish they made an important word like "submit" a RESERVED word

to prevent these kinds of mistakes. I agonized for hours because of one typo. Thankfully there are coders such as yourself willing to take time to have a fresh look at others code. 

[Jacques1]

As you pointed out PHP does have some inherent drawbacks.

 

I'm pretty sure I've said this is programming issue, not a problem of PHP. If everybody simply used $_SERVER['REQUEST_METHOD'], we wouldn't have to worry about submit button names at all.

 

No language can read your mind. It's the programmer's job to make the code robust against errors.

[enthused_confused]

@Guru

When I read your first post, I thought you were kinda bashing PHP.

My mistake. You were actually just pointing out the weakness of one method vs another.

The proverbial light bulb has come on for me. 

Thanks.