Jump to content

Recommended Posts

I wrote this code to validate a few fields on a form which will be submitted when a customer wants a refill of their prescription medication.

 

The first problem is none of the functions actually work properly. Both of the functions that validate names should throw an error if a name has less than 2 characters inputted in the field. Yet, it doesn't throw any errors if I insert only one letter in the field.

 

The next function should verify a phone number. I can put a phone number with 6 numbers in it and it won't throw an error even though it is to short based on my regular expressions requirements which says it needs 7 to 14.

 

The last function doesn't throw an error if I put <a href="bob"> in the comment box and it should throw an error if it finds a <a> tag.

 

 

Here is my php code:

 

<?PHP
  /**********************************************************************************
  // Refill Verification Script                                                     *
  // Coded by DevXTech                                                              *
  // This script consists of two major parts. The first part of it is the functions *
  // that are called upon to verify the integrity of the information contained in   *
  // the form itself. This form will throw an error if <a href=></a> tags are in the*
  // comments box and check that a certain field has been filled in and meets the   *
  // requirements.                                                                  *
  //                                                                                *
  // The second part of the script is to call the functions and verify the content. *
  // Once we have verified the content if any errors our found we will display them *
  // to the end user so they can fix the error and resubmit the form again.         *
  **********************************************************************************/

  // Grab the values from the form and create variables.
  $_POST['fname']     = $fname;
  $_POST['lname']     = $lname;
  $_POST['phone']     = $phone;
  $_POST['comments']  = $comments;
  $error = '0';
  
  // Check if the first name was supplied if not throw an error.
  function val_fname ($fname){
    if (!strlen($fname < 2))
       return TRUE;
    else
       return FALSE;
  }
  // Check if the last name was supplied if not throw an error.
  function val_lname ($lname){
    if (!strlen($lname < 2 ))
       return TRUE;
    else
       return FALSE;
  }

  // Check for the phone number for 7 to 10 digits with no letters.
  function val_phone ($phone){
    if (preg_match("[0-9,-]{7,14}", $phone))
       return TRUE;
    else
       return FALSE;
  }
  
  // Check the comment field for an href tag and if found throw an error.
  function val_comment ($comments){
    if (preg_match("<[aA] *[^>]*>", $comments))
       return TRUE;
    else
       return FALSE;
  }
  
  // If all the functions pass then out put a message stating the refill has been submitted to the queue.
  // If the functions do not pass then output the form again and show the errors they made at the top of the form
  // as well as reinput the values they originally entered into the form. Then recheck the form again.
  
  // Run if statements here to see if variables pass functions
  if (val_fname($fname)){
     echo "Invalid input of $fname for first name. Your first name must contain at least 2 characters.<br>";
     $error++; //Add one to error
  }
  if (val_lname($lname)){
     echo "Invalid input of $lname for last name. Your last name must contain at least 2 characters.<br>";
     $error++; //Add one to error
  }
  if (val_phone($phone)){
     echo "Invalid input of $phone for your phone number. Your phone number must be at least 7 digits.<br>";
     $error++; //Add one to error
  }
  if (val_comment($comments)){
     echo "Illegal input in your comments. We do not allow URL HTML tags in the comment field.<br>";
     $error++; //Add one to error
  }
  // Run another if to check the count on the errors and then determine we can proceed.
  if($error == 0)
  {
     echo 'We made it past validation!';
     /*require_once( "DSI_email.php" );
     $_POST['date'] = date("F j, Y, g:i a");
     $cons = new DSI_Email_Cust( "www.bob.com" );
     $cons->SetupContactsFor( "Refill" );
     $cons->GenerateEmailFromTemplate( "refill.tmp", $_POST );
     $cons->SendEmail( "Refill Request", "refills@pharmacy.com" );
     $cons->RedirectToThankYou( $_SERVER['HTTP_REFERER'] );    */
  }else{
     echo "Number of errors: $error <br>";
     echo "Please use the back button to go back and fix the errors.";
     unset ($fname,$lname,$phone,$comments,$error);
  }
?> 

 

And here is the form being used.

 

<!--Start of main body-->
<div id="main">

<h1>Refill Request</h1>
<form action="validation.php" method="post" name="refill_request">
<table align="left">
<tr>
<td align="right">First Name :</td>
<td align="left" colspan="5"><input type="text" name="fname" maxlength="256" size="30"/></td>
</tr>
<tr>
<td align="right">Last Name :</td>
<td align="left" colspan="5"><input type="text" name="lname" maxlength="256" size="30"/></td>
</tr>
<tr>
<td align="right">Phone Number :</td>

<td align="left" colspan="5"><input type="text" name="phone" maxlength="15" size="30"/></td>
</tr>
<tr>
<td align="right">Rx #1:</td>
<td align="left"><input type="text" name="rxnum1" maxlength="7" size="7"/></td>
<td align="right">Rx #2:</td>
<td align="left"><input type="text" name="rxnum2" maxlength="7" size="7"/></td>
<td align="right">Rx #3:</td>
<td align="left"><input type="text" name="rxnum3" maxlength="7" size="7"/></td>
</tr>
<tr>
<td align="right">Rx #4:</td>
<td align="left"><input type="text" name="rxnum4" maxlength="7" size="7"/></td>

<td align="right">Rx #5:</td>
<td align="left"><input type="text" name="rxnum5" maxlength="7" size="7"/></td>
<td align="right">Rx #6:</td>
<td align="left"><input type="text" name="rxnum6" maxlength="7" size="7"/></td>
</tr>
<tr>
<td align="right">Rx #7:</td>
<td align="left"><input type="text" name="rxnum7" maxlength="7" size="7"/></td>
<td align="right">Rx #8:</td>
<td align="left"><input type="text" name="rxnum8" maxlength="7" size="7"/></td>
<td align="right">Rx #9:</td>
<td align="left"><input type="text" name="rxnum9" maxlength="7" size="7"/></td>

</tr>
<tr>
<td align="right" valign="top">Comments :</td>
<td align="left" colspan="5"><textarea name="comments" maxlength="512" rows="4" cols="35"></textarea></td>
</tr>
<tr>
<td colspan="6" align="right"><input type="submit" name="sub" value="Send"/></td>
</tr>
<tr>
<td colspan="6" align="center"><div style="width:500px;text-align:justify; font-size:12pt;">You should be aware that sending personal information about the drugs you are taking and your personal health information through emails is not secure and that the information may be intercepted and read by others.  We recommend that you include only the prescription numbers on refill requests, which will not divulge protected health information and is HIPAA compliant.</div></td>
</tr>
</table>
</form>
</div>

<!--End of main body-->  

 

I hope someone can help me out as I'm new to PHP and could really use the help so I can get this working.

Link to comment
https://forums.phpfreaks.com/topic/69665-solved-need-help-debugging-my-functions/
Share on other sites

There are quite a few errors in this script. Firstly:

 

<?php
$_POST['fname']     = $fname;
  $_POST['lname']     = $lname;
  $_POST['phone']     = $phone;
  $_POST['comments']  = $comments;
?>

 

These have been assigned the wrong way around. You should do:

<?php
$fname = $_POST['fname'];
?>

 

Second, this kind of thing:

<?php
if (!strlen($fname < 2))
?>

 

Should be:

 

<?php
if (!strlen($fname) < 2)
?>

 

The strlen function takes the parameter of the string which you want to find the length of. You then need to test the result of the function to see if the length is what you want.

 

Next, your regular expressions are usnig the ereg() function syntax, rather than preg_match(). You'll need to change those.

 

And lastly, your functions making use of regular expressions have a logic error. You are returning true for those values which are valid, whilst you increase the error count and show an error if they return true.

 

 

 

Thanks for the reply GingerRobot.

 

I made the changes you pointed out that should be made. Now my script always throws an error even if I give it valid data on any of the functions.

 

Here is the new code:

 

<?PHP
  /**********************************************************************************
  // Refill Verification Script                                                     *
  // Coded by DevXTech                                                              *
  // This script consists of two major parts. The first part of it is the functions *
  // that are called upon to verify the integrity of the information contained in   *
  // the form itself. This form will throw an error if <a href=></a> tags are in the*
  // comments box and check that a certain field has been filled in and meets the   *
  // requirements.                                                                  *
  //                                                                                *
  // The second part of the script is to call the functions and verify the content. *
  // Once we have verified the content if any errors our found we will display them *
  // to the end user so they can fix the error and resubmit the form again.         *
  **********************************************************************************/

  // Grab the values from the form and create variables.
  $fname     = $_POST['fname'];
  $lname     = $_POST['lname'];
  $phone     = $_POST['phone'];
  $comments  = $_POST['comments'];
  $error = '0';
  
  // Check if the first name was supplied if not throw an error.
  function val_fname ($fname){
    if (!strlen($fname) < 2)
       return TRUE;
    else
       return FALSE;
  }
  // Check if the last name was supplied if not throw an error.
  function val_lname ($lname){
    if (!strlen($lname) < 2)
       return TRUE;
    else
       return FALSE;
  }

  // Check for the phone number for 7 to 10 digits with no letters.
  function val_phone ($phone){
    if (!ereg("/[0-9,-]{7,14}/", $phone))
       return TRUE;
    else
       return FALSE;
  }
  
  // Check the comment field for an href tag and if found throw an error.
  function val_comment ($comments){
    if (!ereg("/<[aA] *[^>]*>/", $comments))
       return TRUE;
    else
       return FALSE;
  }
  
  // If all the functions pass then out put a message stating the refill has been submitted to the queue.
  // If the functions do not pass then output the form again and show the errors they made at the top of the form
  // as well as reinput the values they originally entered into the form. Then recheck the form again.
  
  // Run if statements here to see if variables pass functions
  if (val_fname($fname)){
     echo "Invalid input of $fname for first name. Your first name must contain at least 2 characters.<br>";
     $error++; //Add one to error
  }
  if (val_lname($lname)){
     echo "Invalid input of $lname for last name. Your last name must contain at least 2 characters.<br>";
     $error++; //Add one to error
  }
  if (val_phone($phone)){
     echo "Invalid input of $phone for your phone number. Your phone number must be at least 7 digits.<br>";
     $error++; //Add one to error
  }
  if (val_comment($comments)){
     echo "Illegal input in your comments. We do not allow URL HTML tags in the comment field.<br>";
     $error++; //Add one to error
  }
  // Run another if to check the count on the errors and then determine we can proceed.
  if($error == 0)
  {
     echo 'We made it past validation!';
     /*require_once( "DSI_email.php" );
     $_POST['date'] = date("F j, Y, g:i a");
     $cons = new DSI_Email_Cust( "www.bob.com" );
     $cons->SetupContactsFor( "Refill" );
     $cons->GenerateEmailFromTemplate( "refill.tmp", $_POST );
     $cons->SendEmail( "Refill Request", "refills@pharmacy.com" );
     $cons->RedirectToThankYou( $_SERVER['HTTP_REFERER'] );    */
  }else{
     echo "Number of errors: $error <br>";
     echo "Please use the back button to go back and fix the errors.";
     unset ($fname,$lname,$phone,$comments,$error);
  }
?>

Try:

 

<?php
  /**********************************************************************************
  // Refill Verification Script                                                     *
  // Coded by DevXTech                                                              *
  // This script consists of two major parts. The first part of it is the functions *
  // that are called upon to verify the integrity of the information contained in   *
  // the form itself. This form will throw an error if <a href=></a> tags are in the*
  // comments box and check that a certain field has been filled in and meets the   *
  // requirements.                                                                  *
  //                                                                                *
  // The second part of the script is to call the functions and verify the content. *
  // Once we have verified the content if any errors our found we will display them *
  // to the end user so they can fix the error and resubmit the form again.         *
  **********************************************************************************/

  // Grab the values from the form and create variables.
  $fname     = $_POST['fname'];
  $lname     = $_POST['lname'];
  $phone     = $_POST['phone'];
  $comments  = $_POST['comments'];
  $error = '0';
  
  // Check if the first name was supplied if not throw an error.
  function val_fname ($fname){
    if (strlen($fname) < 2)
       return TRUE;
    else
       return FALSE;
  }
  // Check if the last name was supplied if not throw an error.
  function val_lname ($lname){
    if (strlen($lname) < 2)
       return TRUE;
    else
       return FALSE;
  }

  // Check for the phone number for 7 to 10 digits with no letters.
  function val_phone ($phone){
    if (!ereg("^[0-9,\-]{7,14}$", $phone))
       return TRUE;
    else
       return FALSE;
  }
  
  // Check the comment field for an href tag and if found throw an error.
  function clean_comment ($comments){
        strip_tags($comments);
  }
  
  // If all the functions pass then out put a message stating the refill has been submitted to the queue.
  // If the functions do not pass then output the form again and show the errors they made at the top of the form
  // as well as reinput the values they originally entered into the form. Then recheck the form again.
  
  // Run if statements here to see if variables pass functions
  if (val_fname($fname)){
     echo "Invalid input of $fname for first name. Your first name must contain at least 2 characters.<br>";
     $error++; //Add one to error
  }
  if (val_lname($lname)){
     echo "Invalid input of $lname for last name. Your last name must contain at least 2 characters.<br>";
     $error++; //Add one to error
  }
  if (val_phone($phone)){
     echo "Invalid input of $phone for your phone number. Your phone number must be at least 7 digits.<br>";
     $error++; //Add one to error
  }
  clean_comment($comments);
  // Run another if to check the count on the errors and then determine we can proceed.
  if($error == 0)
  {
     echo 'We made it past validation!';
     /*require_once( "DSI_email.php" );
     $_POST['date'] = date("F j, Y, g:i a");
     $cons = new DSI_Email_Cust( "www.bob.com" );
     $cons->SetupContactsFor( "Refill" );
     $cons->GenerateEmailFromTemplate( "refill.tmp", $_POST );
     $cons->SendEmail( "Refill Request", "refills@pharmacy.com" );
     $cons->RedirectToThankYou( $_SERVER['HTTP_REFERER'] );    */
  }else{
     echo "Number of errors: $error <br>";
     echo "Please use the back button to go back and fix the errors.";
     unset ($fname,$lname,$phone,$comments,$error);
  }
?>

 

Changes made:

 

Removed negation of if statment inside length checks on first and last names. Flawed logic.

Removed delimiters for ereg patterns - those are a feature of preg_match patters.

 

Changed pattern for phone number to:

(!ereg("^[0-9,\-]{7,14}$", $phone))

 

You must escape the second - in your character set, since it has a special meaning. Added start and end characters (^ and $ respectively) to prevent input such as 012312242abcd.

 

Changed the val_comments function to one just to clean them up. Its much easier to remove any html tags than to find them and throw an error. (However, if you're entering this into a database, you'll want further protection from malicious input e.g. mysql_real_escape_string)

 

The changes you made to the script work perfectly, however; I can't just strip the HTML tags from the comment field.

 

Let me explain why as I believe I failed to do this in my first post. The reason I am not stripping tags from the comment field is that is what the bots are using to auto fill the comment field with. The bots will submit a bunch of data and the unique key feature that is common across all the bots filling out the form is they are inputing HTML tags into the comment field and more specific they are using the <a href= > tag. The pharmacy refill email is being flooding with bogus refill requests that bots are filling out. So we need to have a function which validates data based on the note of it there is a HTML tag throw an error and prevent it from being processed.

Ah ok, didn't realise we were just looking for the <a href> tag. A pattern like:

 

"<.*href=.*>"

 

Should do.

 

So the function would look like this?

 

  function val_comment ($comments){
    if (!ereg("^<.*href=.*>$", $comments))
       return TRUE;
    else
       return FALSE;
  }

Finally got it working. The regular expression you provided GingerRoot would not work when you used <a href="blah"> however it would work if it was <a href=> so I made my own regular expression <[aA] *[^>]*> which worked like a charm. My logic in the function was also flawed. It needed to be if it did match my regular expression throw the error not if it doesn't match.

 

 

Thanks for all the help!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.