Page 1 of 1

PHP form validation?

Posted: Mon Jul 05, 2004 8:25 pm
by C_Calav
hi guys, i was wondering if someone could tell me how php form validation works?

i have done javascript validation before.

i have seen on other sites if you dont fill the forms etc out propely it takes you to another page and tells you what you have done wrong OR a message box pops up and tells you whats missing (javascript)

the problem i have is that it tells you what the problems are but it posts it anyway. can some one give me a simple example or explanation of validation for php that stops it from posting all rthe deatils and lets the user type them again?

sorry if this is not where i am ment to post this question.

thanx!

Posted: Mon Jul 05, 2004 8:37 pm
by kettle_drum
just need to do something like:

Code: Select all

if(submitted-form){
   //check values
   if(isset($_POST['testing']) AND $_POST['testing']<12){
      //value was set and valid
   }else{
      show_form():
   }
}else{
   show_form();
}

function show_form(){
   echo "my form here <input type="text" name="testing"> .........";
}

Posted: Mon Jul 05, 2004 8:49 pm
by C_Calav
hey thanx kettle_drum!

can you explain this a bit please?

Posted: Mon Jul 05, 2004 9:25 pm
by C_Calav
ok heres my code im trying to validate. its not working. am i on the write track? been looking at other posts about this topic.

thanx!

Code: Select all

<?php

 
    $db = mysql_pconnect('xxxxx') or die ("Could not connect to database");

    # mysql_select_db('models') or die ("Could not select database!"); 

	# this is processed when the form is submitted
	# back on to this page (POST METHOD)
	if ($_SERVER['REQUEST_METHOD'] == "POST") 
        {
		# escape data and set variables
 		mysql_select_db('models') or die ("Could not select database!");

		$P_Stock = stripslashes($_POST["P_Stock"]);
		$P_Name = stripslashes($_POST["P_Name"]);
 		$P_Cat = stripslashes($_POST["P_Cat"]);
		$P_Scale = stripslashes($_POST["P_Scale"]);
		$P_Length = stripslashes($_POST["P_Length"]);	
		$P_Span = stripslashes($_POST["P_Span"]);
		$P_Price = stripslashes($_POST["P_Price"]);
		$P_Desc = stripslashes($_POST["P_Desc"]);
	
            
              if (!empty($P_Stock) || !empty($P_Name) || !empty($P_Cat) || !empty($P_Scale) || !empty($P_Length) || !empty($P_Span)) 
              { 
              $sql  = "INSERT INTO planes (P_Stock, P_Name, P_Cat, P_Scale, P_Length, P_Span, P_Price, P_Desc) VALUES ('$P_Stock','$P_Name','$P_Cat','$P_Scale','$P_Length','$P_Span','$P_Price','$P_Desc')";
              $result = mysql_query($sql, $db) or die ("Execution failed."); 

	      echo 'Uploading ' . $_FILES['file']['name'] . ' (' .
	      $_FILES['file']['type'] . ', ' .
	      ceil($_FILES['file']['size'] / 91024) . ' Kb).<br />';

	      move_uploaded_file($_FILES['file']['tmp_name'], '/var/users/modelair/modelaircraft.co.nz/htdocs/Pics/'.$_FILES['file']['name']); 
	      echo 'File has been stored in your uploads directory.';
        
	      print "<br><b>new aircraft added</b><br><br>";
              } 

              else 
              { 
              echo "Make sure you filled out all the required fields"; 
              } 


       }

?>

Posted: Mon Jul 05, 2004 10:01 pm
by John Cartwright
change

Code: Select all

<?php
if (!empty($P_Stock) || !empty($P_Name) || !empty($P_Cat) || !empty($P_Scale) || !empty($P_Length) || !empty($P_Span)) 
?>
to

Code: Select all

<?php
if (!empty($P_Stock) && !empty($P_Name) && !empty($P_Cat) && !empty($P_Scale) && !empty($P_Length) && !empty($P_Span)) 
?>
what do u mean its not working tho.. other than that ur script looks fine

Posted: Mon Jul 05, 2004 10:06 pm
by C_Calav
still does the same thing. what was thgat change ment to do?

its adding everything to database skipping the if empty part i think.

code looks like this now

Code: Select all

<?php
 
    $db = mysql_pconnect('db.iserve.net.nz', 'chris', 'cessna') or die ("Could not connect to database");

    # mysql_select_db('models') or die ("Could not select database!"); 

	# this is processed when the form is submitted
	# back on to this page (POST METHOD)
	if ($_SERVER['REQUEST_METHOD'] == "POST") 
        {
		# escape data and set variables
 		mysql_select_db('models') or die ("Could not select database!");

		$P_Stock = stripslashes($_POST["P_Stock"]);
		$P_Name = stripslashes($_POST["P_Name"]);
 		$P_Cat = stripslashes($_POST["P_Cat"]);
		$P_Scale = stripslashes($_POST["P_Scale"]);
		$P_Length = stripslashes($_POST["P_Length"]);	
		$P_Span = stripslashes($_POST["P_Span"]);
		$P_Price = stripslashes($_POST["P_Price"]);
		$P_Desc = stripslashes($_POST["P_Desc"]);
	
            
              if (!empty($P_Stock) && !empty($P_Name) && !empty($P_Cat) && !empty($P_Scale) && !empty($P_Length) && !empty($P_Span)) 
              { 
              $sql  = "INSERT INTO planes (P_Stock, P_Name, P_Cat, P_Scale, P_Length, P_Span, P_Price, P_Desc) VALUES ('$P_Stock','$P_Name','$P_Cat','$P_Scale','$P_Length','$P_Span','$P_Price','$P_Desc')";
              $result = mysql_query($sql, $db) or die ("Execution failed."); 

	      echo 'Uploading ' . $_FILES['file']['name'] . ' (' .
	      $_FILES['file']['type'] . ', ' .
	      ceil($_FILES['file']['size'] / 91024) . ' Kb).<br />';

	      move_uploaded_file($_FILES['file']['tmp_name'], '/var/users/modelair/modelaircraft.co.nz/htdocs/Pics/'.$_FILES['file']['name']); 
	      echo 'File has been stored in your uploads directory.';
        
	      print "<br><b>new aircraft added</b><br><br>";
              } 

              else 
              { 
              echo "Make sure you filled out all the required fields"; 
              } 


       }

?>

Posted: Mon Jul 05, 2004 10:09 pm
by C_Calav
sorry its working now!

thanx a lot!

Posted: Mon Jul 05, 2004 10:18 pm
by tim
what did you change so others can benefit from this

Posted: Mon Jul 05, 2004 10:46 pm
by C_Calav
i changed what Phenom said to. my last post with code is the working code.

thanx for everyones help :D