Validate input value against calculated value

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
koolsamule
Forum Contributor
Posts: 130
Joined: Fri Sep 25, 2009 10:03 am

Validate input value against calculated value

Post by koolsamule »

Hi Chaps,

Need a bit of guidence with some PHP code.

I have a Query that estimates a quote ($price_total) for a job.

The estimate ($price_total) is the value of an input (jobquote), and the database is updated once the form is submitted (using a seperate script.php page).

What I need, is to validate the entered value of 'jobquote' against the estimated value of $price_total, just incase a 'custom' price has been agreed with a customer.
If the values are different, then I need an 'admin override' radio button (admin_quote enum('y','n')) to appear.

If someone can help or point me in the right direction, I'd be most grateful.

Cheers
koolsamule
Forum Contributor
Posts: 130
Joined: Fri Sep 25, 2009 10:03 am

Re: Validate input value against calculated value

Post by koolsamule »

what i need is:

if the entered value in 'jobquote' is different to $price_total, click confirm radio button, then jobquote and adminquote='y' get updated.
koolsamule
Forum Contributor
Posts: 130
Joined: Fri Sep 25, 2009 10:03 am

Re: Validate input value against calculated value

Post by koolsamule »

Got a bit further:

Code: Select all

<input type='text' name='jobquote' value="<?php echo $price_total; ?>"/>
<input type='hidden' name='original_jobquote' value="<?php echo $price_total; ?>"/>
<?php
if ($_POST['original_jobquote'] != $_POST['jobquote'])
{ ?>
<span id="spryradio1">
<input type="radio" name="jobquoteadmin" value="y" id="radio" />Confirm<br />
<span class="radioRequiredMsg">Please confirm Admin Override</span></span>
<?php };
?>
 
Problem 1. The information is '$_POST'ed to a script file, not to the page itself and at the moment, the $_POST takes place before the PHP validation takes place. If I remove the link to the script page, the validation works.

Problem 2. (link to script removed for testing) If I change the value (from the default 'original_quote'), then submit, the page reloads, the 'Confirm' radio button appears, but the value of 'job_quote' has reverted back thte default:
1. Start - job_quote = £350
2. Change - job_quote = £100
3. Submit
4. Page reloads - job_quote = £350, confirm appears

Is there a way around this?
mellowman
Forum Commoner
Posts: 62
Joined: Sat Nov 22, 2008 5:37 pm

Re: Validate input value against calculated value

Post by mellowman »

I think your making this alot harder then it is. :mrgreen: At least to me this seems to be a simple if else statement. Soooooo here is some code in lamens terms.

Code: Select all

 
 <?php
 
 if ("[b]$price_total[/b] == [b]$jobquote[/b]") 
  {
 [b]DO THIS FUNCTION IF THEY ARE THE SAME[/b]
}   
  else {
[b]POP UP AN ADMIN OVERRIDE [/b] :mrgreen:  
}
      
   ?>
If u have any questions then email me at....imcmellowman@hotmail.com
koolsamule
Forum Contributor
Posts: 130
Joined: Fri Sep 25, 2009 10:03 am

Re: Validate input value against calculated value

Post by koolsamule »

OK, hopefully this will give you an idea:

Quote.php // Query (note: there are 2 more tables linked together as part of a UNION query, which I have removed for simplicity)

Code: Select all

<?php 
$colname_rsInvQuote = "-1";
if (isset($_GET['id'])) {
  $colname_rsInvQuote = $_GET['id'];
}
$colname_rsInvQuote2 = "-1";
if (isset($_GET['proj'])) {
  $colname_rsInvQuote2 = $_GET['proj'];
}
mysql_select_db($database_conndb2, $conndb2);
$query_rsInvQuote = sprintf("
SELECT      tbl_projects.projid, 
            tbl_projects.projtitle, 
            tbl_projects.projdue, 
            DATE_FORMAT(tbl_projects.projdue, '%%d/%%m/%%Y') as projdue_format, 
            tbl_projects.projtype,  
            tbl_projects.projcat, 
            tbl_projects.FK_custid, 
            tbl_languaget.langtname,
            tbl_doctype.doctypename,
            tbl_jobs.jobid, 
            tbl_jobs.FK_projid,               
            tbl_jobs.jobname,               
            tbl_jobs.FK_langid,               
            tbl_jobs.jobpages,               
            tbl_jobs.jobshipped, 
            tbl_jobs.jobinvsent,
            tbl_jobs.jobquote,       
            tbl_customers.custid,
            tbl_costs.costcat,
            tbl_costs.costbase,   
            tbl_costs.costnm_84,   
            tbl_costs.cost85_99,   
            tbl_costs.cost100,   
            tbl_costs.costrep,   
            tbl_jobs.wordsgross,
            (tbl_jobs.wordsgross * costbase as translationcost,
            (tbl_jobs.wordsgross) * costproof_en as proofreadingcost,
            tbl_jobs.jobquotecomplete, 
            'tbl_jobs' as fromtable 
FROM        tbl_projects   
INNER JOIN  tbl_jobs               
            ON tbl_projects.projid=tbl_jobs.FK_projid   
INNER JOIN  tbl_languaget               
            ON tbl_languaget.langtid=tbl_jobs.FK_langid   
INNER JOIN  tbl_customers               
            ON tbl_customers.custid=tbl_projects.FK_custid 
INNER JOIN  tbl_costs
            ON tbl_costs.FK_custid=tbl_customers.custid  
INNER JOIN  tbl_doctype
            ON tbl_doctype.doctypeid=tbl_jobs.FK_doctypeid       
WHERE       tbl_projects.FK_custid = %s
            AND tbl_projects.projid = %s
            AND tbl_costs.costcat = %s
ORDER BY    tbl_projects.projid ASC", 
GetSQLValueString($colname_rsInvQuote, "int"), GetSQLValueString($colname_rsInvQuote2, "int"), GetSQLValueString($colname_rsCosts2, "text"));
$rsInvQuote = mysql_query($query_rsInvQuote, $conndb2) or die(mysql_error());
$row_rsInvQuote = mysql_fetch_assoc($rsInvQuote);
$totalRows_rsInvQuote = mysql_num_rows($rsInvQuote);
?>
Quote.php // Table

Code: Select all

<form action="../../admin/scripts/CompleteQuoteSingle.php" method="post" enctype="multipart/form-data"><table border="0" cellpadding="0" cellspacing="0" id="tblreport_invoice">    <caption>    <input type="submit" id="button" value="Submit" />    </caption>    <tr>      <th>Project No.</th>      <th>Project Title</th>      <th>Job Title</th>      <th>Type</th>      <th>Language</th>      <th>Deadline</th>      <th>Document Format</th>      <th>Pages</th>      <th>Word Count></th>      <th>Net Total</th>      <th>EN Proofreading Cost</th>      <th>Total</th>    </tr>      <?php if ($totalRows_rsInvQuote > 0) { // Show if recordset not empty ?>    <?php do { ?>      <tr>          <td><?php echo $row_rsInvQuote['projid']; ?></td>        <td><?php echo $row_rsInvQuote['projtitle']; ?></td>        <td><?php echo $row_rsInvQuote['jobname']; ?></td>        <td><?php echo $row_rsInvQuote['projtype']; ?></td>        <td><?php echo $row_rsInvQuote['langtname']; ?></td>        <td><?php echo $row_rsInvQuote['projdue_format']; ?></td>        <td><?php echo $row_rsInvQuote['doctypename']; ?></td>        <td><?php echo $row_rsInvQuote['jobpages']; ?></td>        <td><?php echo $row_rsInvQuote['wordsgross']; ?></td>        <td><?php echo number_format($row_rsInvQuote['translationcost'], 1, '.', '').'0'; ?></td>        <td><?php echo number_format($row_rsInvQuote['proofreadingcost'], 1, '.', '').'0'; ?></td>        <td><?php $price_total = ($row_rsInvQuote['translationcost']+$row_rsInvQuote['proofreadingcost']); ?>        <input type='text' name='jobquote[]' value="<?php echo number_format($price_total, 1, '.', '').'0'; ?>"/>        <input type='hidden' name='original_jobquote[]' value="<?php echo number_format($price_total, 1, '.', '').'0'; ?>"/>        <?php            if ($_POST['original_jobquote'] != $_POST['jobquote'])                { ?>                <span id="spryradio1">                <input type="radio" name="jobquoteadmin" value="y" id="radio" />Confirm<br />                <span class="radioRequiredMsg">Please confirm Admin Override</span></span>                <?php };        ?>        </td>      </tr>        <?php        $table_name = $row_rsInvQuote['fromtable'];        $item_id = $row_rsInvQuote['jobid'];        $proj_id = $row_rsInvQuote['projid'];        ?>        <input type="hidden" name="quote[]" value="<?php echo $table_name; ?>:<?php echo $item_id; ?>:<?php echo $proj_id; ?>" />      <?php } while ($row_rsInvQuote = mysql_fetch_assoc($rsInvQuote)); ?>    <?php } // Show if recordset not empty ?>  </table>
CompleteQuoteSingle.php

Code: Select all

<?php
$allowed_tables = Array('tbl_jobs','tbl_jobtransline','tbl_jobxml'); // to prevent SQL injection
 $i = 0;
foreach($_POST['quote'] as $var) {
    $arr = explode(':', $var);
    if(in_array($arr[0], $allowed_tables)) {
        $table = $arr[0];
        $rowid = $arr[1];
        $projid = $arr[2];
        $setprice = $_POST['jobquote'][$i];
        $i++;
        if(is_numeric($rowid)) {
            // run your SQL query here to update $table where row matches $rowid
            $query = sprintf("
            UPDATE $table 
            SET jobquote='$setprice', jobquotecomplete='y'
            WHERE jobid=$rowid");
            $result = mysql_query($query, $conndb2) or die(mysql_error());
            $mess = $ref = $_SERVER['HTTP_REFERER']; header( 'refresh: 0; url=../../projects/project_details.php?id='.$projid);
        }
    else {
  $mess = "<p>There was a problem</p>";
}
    }
}
?>
 
So the problem I'm having is that the info is posted to the CompleteQuoteSingle.php script file before any validation on whether the 'original_quote' different to the value posted in the 'jobquote' input
Post Reply