Form Validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
monkeymafia
Forum Commoner
Posts: 31
Joined: Mon Oct 08, 2007 3:08 pm

Form Validation

Post by monkeymafia »

Hi

I am trying to validate my form. Ive read a few books and none tell you how to validate a form before it gets sent to a database. how would I go about validating my form.

I want to it to be client side validation using javascript. this is the code i have for inserting data into database via form:

Code: Select all

<?php

if (!isset($_POST['submit'])) {
?>

  <?php
}
 else {
          $userid = $_POST['username'];
          $subject = $_POST['subject'];
          $cat = $_POST['category'];
          $subcat = $_POST['subcat'];
          $priority = $_POST['priority'];
          $tel = $_POST['telno'];
          $email = $_POST['email'];
          $message = $_POST['message'];
          
mysql_query("INSERT INTO technicalproblems (fk_memberid2, subject, cat1, cat2, priority, tel, email, message) 
VALUES ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($subject) . "', '" . mysql_real_escape_string($cat) . "', '" . mysql_real_escape_string($subcat) . "', '" . mysql_real_escape_string($priority) . "', '" . mysql_real_escape_string($tel) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($message) . "')");      
  header('Location: http://www.test.com?fk_memberid=' . $userid);
  }

Code: Select all


<FORM name="drop_list" action="useraccount.php" method="POST" >



<table width="660" cellpadding="0" cellspacing="0"><tr><td align=left>

<input type="hidden" name="action" value="tickets"><input type="hidden" name="id" value="new">
<table width="660" cellpadding="4" cellspacing="1" bgcolor="#3366CC">
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Username</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="username" type="text" size="50" readonly value="<?php echo $_GET['memberid']?>"</td>
  </tr>
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Subject</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="subject" type="text" size="50"></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Category</strong></td>
    <td bgcolor="#FFFFFF">
    
<SELECT  NAME="category" onChange="SelectSubCat();" >
<Option value="">Category</option>
</SELECT>&nbsp;
<SELECT id="SubCat" NAME="subcat">
<Option value="">SubCat</option>
</SELECT>

	</td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Priority</strong></td>
    <td bgcolor="#FFFFFF"><select name="priority">
      <option value="QUERY" selected>QUERY</option>
      <option value="LOW">LOW</option>

      <option value="MEDIUM">MEDIUM</option>
      <option value="HIGH">HIGH</option>
    </select></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Tel No. </strong></td>
    <td bgcolor="#FFFFFF"><input name="telno" type="text" id="telno" size="20"></td>

  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>E-Mail address</strong></td>
    <td bgcolor="#FFFFFF"><input name="email" type="text" id="email" size="40" value="<?php echo $row['email'] ?>" /></td>
  </tr>
  <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF">
    <br><b>Message</b><br><textarea name="message" cols="100" rows="10" class="message"></textarea><br></td>
      </tr>
      <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF"><b>Attachment</b><br>
    <br><input name="attach" type="file" id="attach"></td>
  </tr>
  <tr>

    <td colspan="2" align="center" bgcolor="#FFFFFF"><input type="submit"  value="Create ticket" name ="submit" onClick="return validate_form()" class="submit2";></td>
  </tr>
</table>
<br><br>
</td></tr></table><br>	</td>
  </tr>
</table>
<br /></td>
              </tr>
            </table></td>
          </tr>

          <tr>
            <td height="13" background="page_bottom.gif"></td>
          </tr>
        </table></td>
      </tr>
    </table>
    </td>
  </tr>

      </table>
  </form>


  ?>
any help and advice is greatly appreciated. thanks
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Post by aceconcepts »

Why not try searching for "javascript form validation" in a search engine.
monkeymafia
Forum Commoner
Posts: 31
Joined: Mon Oct 08, 2007 3:08 pm

Post by monkeymafia »

its okay i figured it out. thanks :lol:
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

Validation on the server side is always necessary even if you perform validation through javascript.

The server is the only place where you can be certain of the information you are processing. Remember bypassing javascript validation is achieved simply by switching javascript off. Either your form won't work or you may get incorrect information. Even if you insist on validation (javascript changes hidden field for instance before submitting), as it is based on the client's machine it can be bypassed.
Post Reply