Jump to content

Validation of html drop down select option


enthused_confused

Recommended Posts

First post at PHP FREAKS.

I can't figure out why my validation method is not working, or if it is working, why I don't get the error message to echo out to the browser. 

I know there are similar posts to this and I have spent several hours searching for answers, but I don't still don't know why this is not working.

I would like this to generate an error if the default  option(Please select your state) is left in the select and an actual state was not selected. I have tried including an option with value of BOGUS to test against the array, but still no errors. What am I doing wrong here?

Any help would be greatly appreciated.

 

 

note: $stateList array is shortened for this post$stateList = array("Alabama", "Alaska", "Arizona", "rest of the states");$errors = array();if (isset($_POST['Submit'])) {    $selectedState = $_POST['req-state'];    if(!in_array($selectedState,$stateList)){    $errors[] = "Please select a state";    }     if(!empty($errors)){         echo '<h1>Error(s)!</h1>';        foreach($errors as $errorMessage){            echo $errorMessage . '<br>';        }    } }print_r ($_POST);

 

note: options list is shortened for this post.

<body>
    <form action="state_test.php" method="post" id="form1">
        <div class="rowElem">
            <label for="req-state">State*:</label>
                <select name="req-state" required="required" value="" />
                    <option>Please select your state</option>
                    <option>BOGUS</option>
                    <option>Alabama</option>
                    <option>Alaska</option>
                    <option>Arizona</option>
                </select>
        </div>
        <br>
        <br>
        <div class="rowElem">
            <label>   </label>
                <input type="submit" name="submit" value="submit" />
        </div>
    </form>
</body>
Link to comment
Share on other sites

Sorry. Forgot to include results of 

print_r($_POST);

When submit is clicked without selecting a state: Array ( [req-state] => Please select your state [submit] => submit ).

When BOGUS is selected : Array ( [req-state] => BOGUS [submit] => submit ).

When Alaska is selected: Array ( [req-state] => Alaska [submit] => submit ). I wouldn't expect Alaska to generate an error since it is in the $stateList array.

Link to comment
Share on other sites

Your submit button is called “submit”, but you're checking for “Submit”, so the code isn't even executed.

 

Which again proves that making your entire program dependent on some silly submit button is an awful idea. I know PHP people love to do it, but that doesn't mean it makes sense. You should check for the request method, not the name of a button.

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{

}

You should also use better places for your var_dump().

Link to comment
Share on other sites

FYI, if you had put a print statement inside the if condition, you'd have realized you were never entering that code block. Don't be afraid to throw in extra print statements while you're learning to see if the flow of your code matches what you think it should be.

Link to comment
Share on other sites

I will investigate the request method, seems I heard or read somewhere that the request method wasn't as secure.

 

None of this has anything to do with security. The point is that the submit button is just a GUI element which should have no effect on the data processing. When your entire program breaks down just because you got the name of a button wrong, that's obviously a poor approach.

 

 

 

Can you elaborate on the print in the if statement?  Do you mean call a print_r in each if statement? For instance would I have used print_r for $errors or for $errorMessage or for both?

 

The point is that print_r (or better: var_dump) is only useful when you actually get interesting information from it. Dumping $_POST tells you that the “BOGUS” selection gives you the string “BOGUS” -- well, I guess you knew that already. But dumping the in_array result, for example, would have immediately told you that there's something wrong.

 

 

 

Can you elaborate on the print in the if statement?  Do you mean call a print_r in each if statement? For instance would I have used print_r for $errors or for $errorMessage or for both?

I know I have error reporting on in my php.ini , error reporting doesn't catch things like the uppercase mistake?

 

What is PHP supposed to report? You're checking whether there's a “Submit” parameter, and PHP tells you that there isn't.

Link to comment
Share on other sites

@Guru

Thank you again.

As you pointed out PHP does have some inherent drawbacks. I wish they made an important word like "submit" a RESERVED word

to prevent these kinds of mistakes. I agonized for hours because of one typo. Thankfully there are coders such as yourself willing to take time to have a fresh look at others code. 

Link to comment
Share on other sites

As you pointed out PHP does have some inherent drawbacks.

 

I'm pretty sure I've said this is programming issue, not a problem of PHP. If everybody simply used $_SERVER['REQUEST_METHOD'], we wouldn't have to worry about submit button names at all.

 

No language can read your mind. It's the programmer's job to make the code robust against errors.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.