Pavilion wrote:Celauran wrote:Shouldn't be too hard, then. Strip all non-numeric characters then check that string length is 10. If not, return an error. If it is, you can then force the mask through substrings.
Code: Select all
$phone = preg_replace('/[^0-9]/', '', $_POST['phone']);
if (strlen($phone) == 10)
{
$masked = '(' . substr($phone, 0, 3) . ') ' . substr($phone, 3, 3) . '-' . substr($phone, 6);
}
else
{
// Some error condition
}
Yes - that makes sense. Thank you.
I'll work on the script during the next few days and run it by you for input early next week.
Hello Celauran:
Well - the profile.php is almost done and the only real problem I'm having is with the phone numbers. Firstly - following is the script for profile.php
Code: Select all
<?php
session_start();
// include database connection file, if connection doesn't work the include file will throw an error message
include '../schedule/include/db_connect.php';
ob_start(); // output buffering starts here. Ask Celauran why this is necessary.
if(!isset($_SESSION['user_id'])){
header("Location: login.php");
}
if (isset($_POST['formsubmitted']))
{ // This tests to make sure form is submitted before error handling. Without this check, error messages will appear on simply opening the page because defaults don't fill in BEFORE script runs.
// ___________________________________________________________________________________________________________//
// Error handling routine.
$errors = array(); //Declare an Array to store any error message. As php process the following "if" statement, true results are added to the $errors array.
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
$errors['email'] = "Not a valid email address.";
}
if (!$_POST['fname']) // If NOT $_POST - again exclamation point is "not" in php.
{
$errors['fname'] = "First name cannot be empty.";
}
if (!$_POST['lname'])
{
$errors['lname'] = "Last name cannot be empty.";
}
// Error handling is complete.
// ___________________________________________________________________________________________________________//
// clean phone numbers and apply variables before updating table.
// Clean desk phone first and assign to a variable for updating table.
$raw_dphone = mysql_real_escape_string(trim($_POST['dphone']));
if (!$raw_dphone)
{
$d_phone = NULL;
}
else
{
$dphone_replaced = preg_replace('/[^0-9]/', '', $raw_dphone); // takes out all characters except numbers.
if (strlen($dphone_replaced) == 10)
{
$d_phone = '(' . substr($dphone_replaced, 0, 3) . ') ' . substr($dphone_replaced, 3, 3) . '-' . substr($dphone_replaced, 6);
}
else
{
$errors['dphone'] = $raw_dphone . " is not a valid phone number.";
}
}
// Now clean cell phone and assign to a variable for updating table.
$raw_cell = mysql_real_escape_string(trim($_POST['cell']));
if (!$raw_cell)
{
$cell = NULL;
}
else
{
$cell_replaced = preg_replace('/[^0-9]/', '', $raw_cell); // takes out all characters except numbers.
if (strlen($cell_replaced) == 10)
{
$cell = '(' . substr($cell_replaced, 0, 3) . ') ' . substr($cell_replaced, 3, 3) . '-' . substr($cell_replaced, 6);
}
else
{
$errors['cell'] = $raw_cell . " is not a valid cell phone number.";
}
}
// Next declare remaining variables from $_POST data and run update query.
// ___________________________________________________________________________________________________________//
if (empty($errors)) // if empty $errors then proceed.
{
$user = $_SESSION['user_id'];
$fname = mysql_real_escape_string(trim($_POST['fname']));
$lname = mysql_real_escape_string(trim($_POST['lname']));
$ext = mysql_real_escape_string(trim($_POST['ext']));
// Update mySQL table user record.
$query = "UPDATE UserTbl
SET UserTbl.FName = '$fname', UserTbl.LName = '$lname', UserTbl.EmailAddress = '$email', UserTbl.DeskPhone = '$d_phone', UserTbl.Ext = '$ext', UserTbl.CellPhone = '$cell'
WHERE (((UserTbl.user_id)='$user'));";
mysql_query($query) or $errors['email'] = "The email address: ". $email ." is already registered.";
if (empty($errors)) // if phone numbers are masked as "(555) 555-5555" they are not displaying properly within the input control. The following script has been created to do some testing. Since all input controls display a $_SESSION variable I wanted to assure my $_SESSION variables were picking up the most recent data.
{
$find_new_data =
"SELECT UserTbl.EmailAddress, UserTbl.FName, UserTbl.LName, UserTbl.EmailAddress, DeskPhone, Ext, CellPhone
FROM UserTbl
WHERE (((UserTbl.user_id)='$user'));";
$result = mysql_query($find_new_data);
while($row = mysql_fetch_array($result))
{
$table_fname = $row['FName'];
$table_lname = $row['LName'];
$table_email = $row['EmailAddress'];
$table_deskphone = $row['DeskPhone'];
$table_ext = $row['Ext'];
$table_cell = $row['CellPhone'];
// re-assign appropriate variables to $_SESSION.
$_SESSION['fname'] = $table_fname;
$_SESSION['lname'] = $table_lname;
$_SESSION['email'] = $table_email;
$_SESSION['deskphone'] = $table_deskphone;
$_SESSION['ext'] = $table_ext;
$_SESSION['cell'] = $table_cell;
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Control Center</title>
<link rel="stylesheet" type="text/css" href="../schedule/include/formats.css"/>
</head>
<body>
<div class="shadow"><div class="header"></div></div>
<div class="shadow">
<?php
include '../schedule/include/menu.php';
?>
</div>
<h1>Welcome to your Control Center, <?php echo $_SESSION['fname'];?>.</h1><br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset id="standardForm">
<div class="headingbx">Edit Your Profile Here.</div><br />
<div id="standFormLeft">
<label>First Name</label>
<input tabindex="1" type="text" name="fname" <?php if (isset($_SESSION['fname'])){?> value= <?php echo $_SESSION['fname'];}?> /><br />
<label>Last Name</label>
<input tabindex="2" type="text" name="lname" <?php if (isset($_SESSION['lname'])){?> value= <?php echo $_SESSION['lname'];}?> /><br />
<label>Email Address</label>
<input tabindex="3" type="email" name="email" <?php if (isset($_SESSION['email'])){?> value= <?php echo $_SESSION['email'];}?> /><br />
</div>
<div id="standFormRight">
<label>Desk Phone</label>
<input tabindex="4" type="tel" name="dphone" <?php if (isset($_SESSION['deskphone'])){?> value= <?php echo $_SESSION['deskphone'];}?> /><br />
<label>Ext</label>
<input tabindex="5" type="text" name="ext" <?php if (isset($_SESSION['ext'])){?> value= <?php echo $_SESSION['ext'];}?> /><br />
<label>Cell Phone</label>
<input tabindex="6" type="tel" name="cell" <?php if (isset($_SESSION['cell'])){?> value= <?php echo $_SESSION['cell'];}?> /><br />
<input type="hidden" name="formsubmitted" value="TRUE" />
</div>
<input tabindex="7" type="submit" value="Submit" /> <br />
<?php if (!empty($errors)): ?>
<div class="headingbx">
<p class="error">The following errors were detected:</p>
<ul class="error">
<?php if (isset($errors['fname'])): ?>
<li><?php echo $errors['fname']; ?></li>
<?php endif; ?>
<?php if (isset($errors['lname'])): ?>
<li><?php echo $errors['lname']; ?></li>
<?php endif; ?>
<?php if (isset($errors['email'])): ?>
<li><?php echo $errors['email']; ?></li>
<?php endif; ?>
<?php if (isset($errors['dphone'])): ?>
<li><?php echo $errors['dphone']; ?></li>
<?php endif; ?>
<?php if (isset($errors['cell'])): ?>
<li><?php echo $errors['cell']; ?></li>
<?php endif; ?>
</ul>
</div>
<?php endif; ?>
</fieldset>
</form>
</body>
</html>
Celauran - the tip you gave me for masking phone numbers is working. When I give the profile.php a phone number it is properly masked and the field is updated at table level. However, the phone number does not properly display if it is masked. It does display if it is not masked. Following is a screen shot:
If you will notice desk phone is not masked (I edited it at table level) and it is displaying just fine. Cell phone is masked. It updates fine at table level and displays with all 10 digits, masked as they should be. However, when displaying through an input control only "(222)" shows up. It is almost as if the ")" is acting as a delimiter and cutting off the rest of the cell phone number.
Any advice you have on this particular problem would be welcome.
You will notice in reading through the profile.php script the "if (empty($errors)" block after running a successful update query. I completely understand this block is not necessary in a functioning page. I put the block in to assign new values to the $_SESSION variables and then to echo those new values out. You should know that when I echo the phone number $_SESSION variables, they echo just fine as masked numbers.
______________________________________________________________
I do want your input on the overall script but would prefer to wait until this problem is solved before moving on to analysis of the entire script.
Thanks Much:
Pavilion