validation question
Posted: Sun Sep 09, 2007 11:45 am
Total noob here.
I wrote this script to evaluate user inputs from a standard form and enter the info into a database. It queries the database for existing info and compares the current form inputs to a set of three db results to see if there is a repeat request and exits if it is a repeat.
The problem I have is that I'm asking for some info in optional questions and I want to allow people to use a period, comma, dash, space, or apostrophe in their answers, then replace those in the (_POST) vars and check to see that they are ctype_alnum. This is effective for validating the info and works fine unless someone puts and apostrophe in the either of the last two form fields. It also works fine if an apostrophe is entered into any other field, just the last two cause a problem. The script keeps running but won't connect to the db and enter the info. All the form fields are set to accept the same kind of info and the db is set to varchars for all the rows in question.
Can anyone explain this to me? Here's my code. Thanks!
***** PLEASE USE
I wrote this script to evaluate user inputs from a standard form and enter the info into a database. It queries the database for existing info and compares the current form inputs to a set of three db results to see if there is a repeat request and exits if it is a repeat.
The problem I have is that I'm asking for some info in optional questions and I want to allow people to use a period, comma, dash, space, or apostrophe in their answers, then replace those in the (_POST) vars and check to see that they are ctype_alnum. This is effective for validating the info and works fine unless someone puts and apostrophe in the either of the last two form fields. It also works fine if an apostrophe is entered into any other field, just the last two cause a problem. The script keeps running but won't connect to the db and enter the info. All the form fields are set to accept the same kind of info and the db is set to varchars for all the rows in question.
Can anyone explain this to me? Here's my code. Thanks!
***** PLEASE USE
Code: Select all
AND OTHER TAGS FOR CODE *****[/color]Code: Select all
<?php
$successpage = $_POST['success_page'];
// check to see that all required fields are set
$problem = FALSE;
if (empty ($_POST['firstName']) || (!isset ($_POST['firstName']))) {
$problem = TRUE;
print '<p>Please enter your first name.</p>';
exit(); }
if (empty ($_POST['lastName']) || (!isset ($_POST['lastName']))) {
$problem = TRUE;
print '<p>Please enter your last name.</p>';
exit(); }
if (empty ($_POST['companyName']) || (!isset ($_POST['companyName']))) {
$problem = TRUE;
print '<p>Please enter your company name.</p>';
exit(); }
if (empty ($_POST['email']) || (!isset ($_POST['email']) || (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])))) {
$problem = TRUE;
print '<p>Please enter a valid e-mail address.</p>';
exit(); }
if (empty ($_POST['street']) || (!isset ($_POST['street']))) {
$problem = TRUE;
print '<p>Please enter your street address.</p>';
exit(); }
if (empty ($_POST['city']) || (!isset ($_POST['city']))) {
$problem = TRUE;
print '<p>Please enter your city.</p>';
exit(); }
if (empty ($_POST['state']) || (!isset ($_POST['state']))) {
$problem = TRUE;
print '<p>Please enter your state.</p>';
exit(); }
if (empty ($_POST['zip']) || (!isset ($_POST['zip']) || strlen($_POST['zip']) != 5 || (!ctype_digit($_POST['zip'])))) {
$problem = TRUE;
print '<p>Please enter your zip code.</p>';
exit(); }
// check to see that optional user inputs are ctype_alnum
if (!empty ($_POST['form_field1'])) {
$option1 = stripslashes($_POST['form_field1']);
} else {
$option1 = "XX";
}
if (!empty ($_POST['form_field2'])) {
$option2 = stripslashes($_POST['form_field2']);
} else {
$option2 = "XX";
}
if (!empty ($_POST['form_field3'])) {
$option3 = stripslashes($_POST['form_field3']);
} else {
$option3 = "XX";
}
if (!empty ($_POST['form_field4'])) {
$option4 = stripslashes($_POST['form_field4']);
} else {
$option4 = "XX";
}
if (!empty ($_POST['form_field5'])) {
$option5 = stripslashes($_POST['form_field5']);
} else {
$option5 = "XX";
}
if (!empty ($_POST['form_field6'])) {
$option6 = stripslashes($_POST['form_field6']);
} else {
$option6 = "XX";
}
if (!empty ($_POST['form_field7'])) {
$option7 = stripslashes($_POST['form_field7']);
} else {
$option7 = "XX";
}
if (!empty ($_POST['form_field8'])) {
$option8 = stripslashes($_POST['form_field8']);
} else {
$option8 = "XX";
}
if (!empty ($_POST['form_field9'])) {
$option9 = stripslashes($_POST['form_field9']);
} else {
$option9 = "XX";
}
$var = array($option1, $option2, $option3, $option4, $option5, $option6, $option7, $option8, $option9);
foreach ($var as $check_alphnum) {
$output = str_replace("-", "", $check_alphnum);
$output1 = str_replace(" ", "", $output);
$output2 = str_replace(".", "", $output1);
$output3 = str_replace(",", "", $output2);
$output4 = str_replace("'", "", $output3);
if (!ctype_alnum($output4)) {
$problem = TRUE;
print '<p>There seems to be a problem with one of your answers. <br /></p>';
print '<p>Please make sure you aren\'t using any special characters.<br /></p>';
exit();
}
}
// set User inputs to validated vars
$var1 = $_POST['form_field1'];
$var2 = $_POST['form_field2'];
$var3 = $_POST['form_field3'];
$var4 = stripslashes($_POST['form_field4']);
$var5 = strtolower($_POST['form_field5']);
$var6 = $_POST['form_field6'];
$var7 = $_POST['form_field7'];
$var8 = $_POST['form_field8'];
$var9 = $_POST['form_field9'];
$var10 = $_POST['form_field10'];
$var11 = stripslashes($_POST['form_field11']);
$var12 = stripslashes($_POST['form_field12']);
// Connect To Database
$dbc = mysql_connect ('server', 'user', 'pass');
mysql_select_db('db');
// check to see if repeat reqest
$compare = "SELECT * FROM table";
$results = mysql_query($compare, $dbc);
while($row = mysql_fetch_assoc($results)) {
if(($row['tableRow'] == $var1) && ($row['tableRow'] == $var2) && ($row['tableRow'] == $var3)) {
print "This is a repeat request";
exit();
}
}
$query = "INSERT INTO table
(id, form_field1, form_field2, ...form_field12)
VALUES (0,'$var1','$var2', ...form_field12)";
if (mysql_query($query)) {
print "You are entered in my database";
}
mysql_close();
?>