Page 1 of 1

[SOLVED] Validation and Insert problems

Posted: Tue Jan 18, 2005 1:56 am
by Addos
Hi,
This is my very first time posting here so I hope I’m following all the rules. If not, go easy as I’m also new to PHP but learning fast.
I wonder if anybody can see why the two codes will not work together.
For example at the moment if I enter details into the Form the info is
passed to the database without the validation kicking in. If I test each
separately i.e. validation without the 'insert record' code and the 'insert
recode' without the validation code, both work perfectly but just placing them
together causes the validation to be ignored.
I know that I need to make sure the insert code is only called when everything else is fine but I’m at this two days now and just can’t seem to see where I’m going in order to correct this.

Any help is much appreciated.

Thanks
Brian

Code: Select all

<?php require_once('Connections/b.php'); ?>
<?php
if ($_POST && array_key_exists('sendCom',$_POST)) &#123;
  $nomessage='';
  $GuestName='';
// Check each field and build errors array if problems found
if (isset($_POST&#1111;'GuestDetails']) && !empty($_POST&#1111;'GuestDetails'])) &#123;
  $message=strip_tags($_POST&#1111;'GuestDetails']);
  &#125;
else &#123;
  $nomessage = 'Message';
  &#125;
if (isset($_POST&#1111;'GuestName']) && !empty($_POST&#1111;'GuestName'])) &#123;
  $GuestName=trim($_POST&#1111;'GuestName']);
  &#125;
else &#123;
  $error&#1111;'GuestName'] = 'You must give your name';
&#125;
&#125;
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
&#123;
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;



  switch ($theType) &#123;
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
      break;
  &#125;
  return $theValue;
&#125;
$editFormAction = $_SERVER&#1111;'PHP_SELF'];
if (isset($_SERVER&#1111;'QUERY_STRING'])) &#123;
  $editFormAction .= "?" . htmlentities($_SERVER&#1111;'QUERY_STRING']);
&#125;
if ((isset($_POST&#1111;"MM_insert"])) && ($_POST&#1111;"MM_insert"] == "form1")) &#123;
  $insertSQL = sprintf("INSERT INTO tblguestbook (GuestName, GuestLocation,
GuestDetails, GuestWebsite, GuestEmail, GuestDate) VALUES (%s,%s, %s, %s,
%s, CURDATE())",
                       GetSQLValueString($_POST&#1111;'GuestName'], "text"),
                       GetSQLValueString($_POST&#1111;'GuestLocation'], "text"),
                       GetSQLValueString($_POST&#1111;'GuestDetails'], "text"),
                       GetSQLValueString($_POST&#1111;'GuestWebsite'], "text"),
                      GetSQLValueString($_POST&#1111;'GuestEmail'], "text"));
  mysql_select_db($database_brian, $brian);
  $Result1 = mysql_query($insertSQL, $brian) or die(mysql_error());
  $insertGoTo = "guestbook.php";
  if (isset($_SERVER&#1111;'QUERY_STRING'])) &#123;
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER&#1111;'QUERY_STRING'];
  &#125;
  header(sprintf("Location: %s", $insertGoTo));
&#125;
?>

<?php
// Display error message if errors have been found in submission
if (isset($nomessage) || isset($error)) &#123;
?>
Error.
<?php
  &#125;
?>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
GuestName:
              <?PHP
            if(isset($error)) &#123;//Display error essage.Otherwise skip row.
            foreach ($error as $key=> $value)&#123; //Loop through error message,
and display
            echo $value;
            &#125;
            &#125;
            ?>
      <input type="text" name="GuestName" value="" size="32">
    GuestLocation:
      <input type="text" name="GuestLocation" value="" size="32">
    GuestDetails:
              <?php if (isset($nomessage) && !empty($nomessage)) &#123;
                          echo $nomessage; &#125; else &#123;
                          &#125; ?>
   <textarea name="GuestDetails" cols="55" rows="10" id="GuestDetails"
 ><?php if (isset($_POST&#1111;'comments'])) echo $_POST&#1111;'comments']; ?></textarea>
GuestWebsite:
      <input type="text" name="GuestWebsite" value="" size="32">
    GuestEmail:
      <input type="text" name="GuestEmail" value="" size="32">
      <input name="sendCom" type="submit" id="sendCom" value="Post Message"
/>

               <input name="Reset" type="reset" value="Reset">
<input type="hidden" name="MM_insert" value="form1">
</form>

Posted: Tue Jan 18, 2005 4:54 am
by McGruff
Try sprinkling a few of these through the code.

Code: Select all

echo  __FILE__ . ' | line ' . __LINE__ . '<br />';
Start at the beginning. The first place you don't see anything being echo'd when you run the script is the line immediately after the problem. Probably.

Posted: Tue Jan 18, 2005 8:27 am
by magicrobotmonkey
you are always validating, but you are failing to check for passed validation before running the query. You need some boolean that you can set to true then change to false if something fails validation. Then do an if with that bool before running the query.

Posted: Tue Jan 18, 2005 8:52 am
by Addos
Thanks very much for all your replies. I just got this sorted. I appreciate your help very much.
Thanks
Brian