[SOLVED] Form validation

[Taffd]

Hi all,

I've googled, forummed, manualled and experimented but am unable to accomplish simple form validation.

Problem example; comment page.

I wish to validate a text area. I want it to contain text,numbers, punctuation and a few special characters ie/./,/"/£/$/!

I can accomplish the required regex.

Anyway, I would like to validate the input, send it to the database if ok and if not refresh the form page with existing text and an error message saying something like

"The following characters are not allowed."

I also need to know how to adjust the dreamweaver code accordingly.

 

I've been experimenting with simple validation over two pages using !preg_match and although I've had minor success, I've found that I can have (<) or (<<<<) show an error but if I input (<.) or (<anyletter), it validates as ok.

I haven't been able to make any headway with preg_match_all.

 

Is there anybody in the world who is able to help please?

 

[todding01]

Java script form validation has always worked well for me.

 

Check out this link http://www.w3schools.com/js/js_form_validation.asp

[Taffd]

Todding01,

Thanks but I was referring to server-side php. However I have found a solution to my problem, which I post in case it can help anyone else.

 

I post this solution to a form validation and redirect, as an addition to a comment page written with dreamweaver. Unfortunately Dreamweaver does not provide server-side validation for php. You're expected to purchase an extension.

My problem

I have a comments page with a comment form. I wanted the comment input to a database if ok but if a user tried to input code or a link, I wanted to redirect them back to the form page without their comment input to the database. I also needed to work out where in the Dreamweaver written code to place my validation and redirect.

The code below shows the part of the page which dreamweaver writes to input form data into the database, with the associated validation.

It works.

 

 

 

 

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "comments"))
{

$comment = htmlentities($_POST['comment']);

function check_field1($comment)
{
if (preg_match("/</", $comment))
{
return TRUE;
}
}
$error=0; 
if(check_field1($comment))
{
  
  $error++;
   $insertGoTo = "comments.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo)); // $error=$error+1;
}

if($error == 0)
   $insertSQL = sprintf("INSERT INTO comments (comment, `day`, `month`, `year`) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['comment'], "text"),
                       GetSQLValueString($_POST['day'], "int"),
                       GetSQLValueString($_POST['month'], "text"),
                       GetSQLValueString($_POST['year'], "int"));

  mysql_select_db($database_connection, $connection);
  $Result1 = mysql_query($insertSQL, $connection) or die(mysql_error());

  $insertGoTo = "comments.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
  }