Validation being bypassed.

ballhogjoni · December 17, 2006

Ok here's my problem, I validate a form (which works fine, until I change the submit button type from "submit" to "image". Thats another story I'll talk about that later) then I want to write the form data to my db, but the problem is that everytime you click the submit button it writes the data even if it is incomplete. The form validator catches it and says the form is incomplete but my db inserts the incomplete data. So if you fill in all the data and click submit again, my db will write the data again, so now I have two rows (if thats the right terminology) when I should only have one.

I dont even know where to begin with this next problem. I need to redirect the user to another page after submitting the validated form.

I have included the code below, please excuse the length, I dont want to leave anything out.

[code]
<?php
function error_bool($error, $field) {
if($error[$field]) {
print("<td style=color:red>");
}
else {
print("<td>");
}
}

function show_form() {
global $HTTP_POST_VARS, $print_again, $error;
?>

<?php
$username="********";
$password="********";
$database="********";

$email=$_POST['email'];
$name=$_POST['name'];
$last=$_POST['last'];
$address=$_POST['address'];
$city=$_POST['city'];
$state=$_POST['state'];
$zipcode=$_POST['zipcode'];
$phone=$_POST['phone'];

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO ******** VALUES ('','$email','$name','$last','$address','$city','$state','$zipcode','$phone')";
mysql_query($query);

mysql_close();
?>

<form action="" method="post">
<table border="0" cellspacing="2" cellpadding="2">
<tr>
<td>
<?php error_bool($error, "name"); ?><div align=right><b>First Name:</b></div></td>
<td><input name="name" type="text" id="name" size=20 value="<? echo $_POST["name"]; ?>"></td>
</tr>
<tr>
<td>
<?php error_bool($error, "lastname"); ?><div align=right><b>Last Name:</b></div></td>
<td><input name="lastname" type="text" id="lastname" size=20 value="<? echo $_POST["lastname"]; ?>"></td>
</tr>
<tr>
<td>
<?php error_bool($error, "address"); ?><div align=right><b>Address:</b></div></td>
<td><input name="address" type="text" id="address" size=20 value="<? echo $_POST["address"]; ?>"></td>
</tr>
<tr>
<td>
<?php error_bool($error, "city"); ?><div align=right><b>City:</b></div></td>
<td><input name="city" type="text" id="city" size=20 value="<? echo $_POST["city"]; ?>"></td>
</tr>
<tr>
<td>
<?php error_bool($error, "state"); ?><div align=right><b>State:</b></div></td>
<td><select name="state" type="text" id="state" value="<? echo $_POST["state"]; ?>">
<option selected value="">Select State</option>
<option value="AL">AL - Alabama</option>
<option value="AK">AK - Alaska</option>
<option value="AZ">AZ - Arizona</option>
<option value="AR">AR - Arkansas</option>
<option value="CA">CA - California</option>
<option value="CO">CO - Colorado</option>
<option value="CT">CT - Connecticut</option>
<option value="DE">DE - Delaware</option>
<option value="DC">DC - District of Columbia</option>
<option value="FL">FL - Florida</option>
<option value="GA">GA - Georgia</option>
<option value="HI">HI - Hawaii</option>
<option value="ID">ID - Idaho</option>
<option value="IL">IL - Illinois</option>
<option value="IN">IN - Indiana</option>
<option value="IA">IA - Iowa</option>
<option value="KS">KS - Kansas</option>
<option value="KY">KY - Kentucky</option>
<option value="LA">LA - Louisiana</option>
<option value="ME">ME - Maine</option>
<option value="MD">MD - Maryland</option>
<option value="MA">MA - Massachusetts</option>
<option value="MI">MI - Michigan</option>
<option value="MN">MN - Minnesota</option>
<option value="MS">MS - Mississippi</option>
<option value="MO">MO - Missouri</option>
<option value="MT">MT - Montana</option>
<option value="NE">NE - Nebraska</option>
<option value="NV">NV - Nevada</option>
<option value="NH">NH - New Hampshire</option>
<option value="NJ">NJ - New Jersey</option>
<option value="NM">NM - New Mexico</option>
<option value="NY">NY - New York</option>
<option value="NC">NC - North Carolina</option>
<option value="ND">ND - North Dakota</option>
<option value="OH">OH - Ohio</option>
<option value="OK">OK - Oklahoma</option>
<option value="OR">OR - Oregon</option>
<option value="PA">PA - Pennsylvania</option>
<option value="PR">PR - Puerto Rico</option>
<option value="RI">RI - Rhode Island</option>
<option value="SC">SC - South Carolina</option>
<option value="SD">SD - South Dakota</option>
<option value="TN">TN - Tennessee</option>
<option value="TX">TX - Texas</option>
<option value="UT">UT - Utah</option>
<option value="VT">VT - Vermont</option>
<option value="VA">VA - Virginia</option>
<option value="WA">WA - Washington</option>
<option value="WV">WV - West Virginia</option>
<option value="WI">WI - Wisconsin</option>
<option value="WY">WY - Wyoming</option>
</select></td>
</tr>
<tr>
<td>
<?php error_bool($error, "zipcode"); ?><div align=right><b>Zip Code:</b></div></td>
<td><input name="zipcode" type="text" id="zipcode" size=20 value="<? echo $_POST["zipcode"]; ?>"></td>
</tr>
<tr>
<td>
<?php error_bool($error, "phone"); ?><div align=right><b>Phone:</b></div></td>
<td><input name="phone" type="text" id="phone" size=20 value="<? echo $_POST["phone"]; ?>"></td>
</tr>
<tr>
<td align=right>
<?php error_bool($error, "email"); ?><div align=right><b>Email:</b></div></td>
<td><input name="email" type="text" id="email" size=20 value="<? echo $_POST["email"]; ?>"></td>
</tr>
</table>
<table>
<tr>
<td width=25></td>
<td align=center><input type="submit" name="Submit" value="e-Ship My FREE Kit">
</td>
</tr>
</table>

<table><tr><td width=15></td><td>

<?php
}
if(isset($_POST["Submit"])) {
check_form();
} else {
show_form();
}

function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}

function check_form()
{
global $HTTP_POST_VARS, $error, $print_again;
$error['name'] = false;
if($_POST["name"]=="") {
$error['name'] = true;
$print_again = true;
$message.="You Must Enter Your First Name<br>";
}
if(!check_email_address($_POST['email'])) {
$error['email'] = true;
$print_again = true;
$message.="You Must Enter Your Email Address<br>";
}
$error['lastname'] = false;
if($_POST["lastname"]=="") {
$error['lastname'] = true;
$print_again = true;
$message.="You Must Enter Your Last Name<br>";
}
$error['address'] = false;
if($_POST["address"]=="") {
$error['address'] = true;
$print_again = true;
$message.="You Must Enter Your Address<br>";
}
$error['city'] = false;
if($_POST["city"]=="") {
$error['city'] = true;
$print_again = true;
$message.="You Must Enter Your City<br>";
}
$error['state'] = false;
if($_POST["state"]=="") {
$error['state'] = true;
$print_again = true;
$message.="You Must Enter Your State<br>";
}
$error['zipcode'] = false;
if($_POST["zipcode"]=="") {
$error['zipcode'] = true;
$print_again = true;
$message.="You Must Enter Your Zip Code<br>";
}
$error['phone'] = false;
if($_POST["phone"]=="") {
$error['phone'] = true;
$print_again = true;
$message.="You Must Enter Your Phone Number<br>";
}
if($print_again) {
show_form();

} else {
show_form();
$message="All Fields are valid<br>";
}
echo "$message";
}

?>

</td></tr></table>

</form>
[/code]

trq · December 17, 2006

[quote]the problem is that everytime you click the submit button it writes the data even if it is incomplete.[/quote]

Look at the order your code is in. The insert query is actually run before the form is even printed which would generate plenty of warning if you had error reporting switched up high enough.

Move your query to after the validation and place it within a conditional that make it only run if the form has been submitted. eg;

[code=php:0]
if (isset($_POST['submit'])) {
// execute query.
}
[/code]

PS; Please use the long <?php tags in your code and wrap your code in the boards [ code ] [ / code] tags (without the spaces), this enables syntax highlighting and the long <?php tags ensure your code will atleast run on all servers.

PPS; A more descriptive title wouldn't go astray either. A bit of thought never hurt.

ballhogjoni · December 18, 2006

thx thorpe. I am a newb at programming and this forum. Can you please tell me where to place this code [code]if (isset($_POST['submit'])) {
// execute query.
}
[/code]

and then what should I place where it says // execute query. Also what should I do about my image button and redirect?

trq · December 18, 2006

Im not going to rewrite it for you. The logic works like this.

First hit of the page, the form is displayed.
Once the form is submitted, the data needs to be validated.
Once validated, you can execute the query against the database.

For me to show you where this and that goes I would basically need to rewrite your entire script.

Sign In

Validation being bypassed.

Recommended Posts

ballhogjoni

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

ballhogjoni

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information