Validate Form PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cupaball
Forum Commoner
Posts: 85
Joined: Sun Feb 12, 2006 1:46 pm

Validate Form PHP

Post by cupaball »

I am sure this has been covered a few times, but my internet search has come up kinda short. Can anyone tell me the best way to validate the form data below? I have it link to some jquery and want to provide the errors back if first name, last name e-mail and comments fields, are blank, and if the e-mail does not have a regular expression.

Here is PHP script

Code: Select all

 
<?php require_once('connection.php'); ?>
 
<?php
 
$firstname = "$_POST[firstname]";
$lastname = "$_POST[lastname]";
$company = "$_POST[company]";
$email = "$_POST[email]";
$phone = "$_POST[phone]";
$project = "$_POST[project_type]";
$comments = "$_POST[comments]";
 
 
        mysql_select_db($database_connUser);
        
        $sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
        VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
        
        if (!mysql_query($sql,$connUser))
          {
          die('Error: ' . mysql_error());
          }     
        echo 'Thank you  '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xyz.com';
 
 
?>
 
 
Any help would be appreciated.
Last edited by cupaball on Fri Jan 02, 2009 9:17 am, edited 1 time in total.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Validate Form PHP

Post by requinix »

  • You need to run all the fields through mysql_real_escape_string as you insert them into the query.
  • When you print firstname, project, email, and phone you need to run them through htmlentities.
  • Use empty to check if any field is empty. There are, of course, other ways of doing it.
  • firstname, lastname, company, project, and comments probably don't need any validation. Maybe company or project though, depends.
  • For an email regex search the internet.
  • For phone I'd strip out all non-numeric characters and ensure it's X, Y, or Z digits long.
cupaball
Forum Commoner
Posts: 85
Joined: Sun Feb 12, 2006 1:46 pm

Re: Validate Form PHP

Post by cupaball »

Thanks for the feedback. I am going to take this in baby steps.

First I would like to validate and provide the user feedback using the following:

Firstname, Lastname and Comments should not be less than 3 character, but when I used the following it did not work:

Code: Select all

 
if ( $firstname < 3) {
echo "Please enter your first name";
}
 
I tried to use preg_match for my regular expression but seemed not work either:

Code: Select all

 
elseif ( $email == "" ) {
echo "Please enter an email address";
} 
elseif (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) { 
echo "Please enter a valid e-mail address";
} 
 
Once I get that squared away then I am going to tackle mysql_real_escape_string and htmlentities (which by the way I got thoroughly confused).

Here is the full code:

Code: Select all

 
<?php require_once('connection.php'); ?>
 
<?php
 
$firstname = "$_POST[firstname]";
$lastname = "$_POST[lastname]";
$company = "$_POST[company]";
$email = "$_POST[email]";
$phone = "$_POST[phone]";
$project = "$_POST[project_type]";
$comments = "$_POST[comments]";
 
                if ( $firstname < 3) {
                echo "Please enter your first name";
                } elseif ( $lastname < 3 ) {
                echo "Please enter your last name";
                } 
                elseif ( $email == "" ) {
                echo "Please enter an email address";
                } 
                elseif (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) { 
                echo "Please enter a valid e-mail address";
                } 
                elseif ( $comments == "" ) {
                echo "Please enter your comment";
                } 
        else {
 
        mysql_select_db($database_connUser);
        
        $sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
        VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
                
        if (!mysql_query($sql,$connUser))
          {
          die('Error: ' . mysql_error());
          }     
        echo 'Thank you  '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xyz.com.';
}       
 
?>
 
 
Thanks for any help.
cupaball
Forum Commoner
Posts: 85
Joined: Sun Feb 12, 2006 1:46 pm

Re: Validate Form PHP

Post by cupaball »

One more thing, is there a way I could store all the errors in one variable and then echo them at once instead of one at a time??
watson516
Forum Contributor
Posts: 198
Joined: Mon Mar 20, 2006 9:19 pm
Location: Hamilton, Ontario

Re: Validate Form PHP

Post by watson516 »

cupaball wrote:One more thing, is there a way I could store all the errors in one variable and then echo them at once instead of one at a time??
You could. But, if I am not mistaken, you will only receive a single error because of the elseif. If the first check doesn't error you get no error and it goes on to the next one. If the next one errors, you get an error and it drops out of the if statement so no other checks are performed.
If you want to get multiple errors, you would have to put each check in it's own if statement.

For the checking of the length of a string, you need to use strlen to determine the length of the string and then check it against whatever value you wish.

Code: Select all

if (strlen($firstname)<3) echo "Your first name is too short. Please change it.";
cupaball
Forum Commoner
Posts: 85
Joined: Sun Feb 12, 2006 1:46 pm

Re: Validate Form PHP

Post by cupaball »

Thanks for your help, any idea about the preg_match?
cupaball
Forum Commoner
Posts: 85
Joined: Sun Feb 12, 2006 1:46 pm

Re: Validate Form PHP

Post by cupaball »

Here is what I have for the preg_match, what I noticed is, it does work but backwards for example if the e-mail is valid I keep printing " You email is invalid" and vice versa.

Can some please help me.

Code: Select all

 
                                if (strlen($firstname)<3) {
                echo "The first name you entered is too short. Please change it.";
                } elseif (strlen($lastname)<3) {
                echo "The last name you entered is too short. Please change it.";
                } 
                elseif ( $email == "" ) {
                echo "Please enter an email address";
                }               
                elseif (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)){ 
                echo "Please enter a valid e-mail address";
                } 
                elseif (strlen($comments)<3) {
                echo "The comment you entered is to short";
                } 
        else {
 
        mysql_select_db($database_connUser);
        
        $sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
        VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
                
        if (!mysql_query($sql,$connUser))
          {
          die('Error: ' . mysql_error());
          }     
        echo 'Thank you  '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xxx.com.';
}       
 
?>
 
watson516
Forum Contributor
Posts: 198
Joined: Mon Mar 20, 2006 9:19 pm
Location: Hamilton, Ontario

Re: Validate Form PHP

Post by watson516 »

I am not exactly sure but this might help.
cupaball
Forum Commoner
Posts: 85
Joined: Sun Feb 12, 2006 1:46 pm

Re: Validate Form PHP

Post by cupaball »

I found the answer!!!

I needed to add a "!" in front of preg match to mean if found then show error esle keep checking.

Code: Select all

 
elseif (!preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)){
 
mikelbring
Forum Commoner
Posts: 38
Joined: Sat Jan 05, 2008 5:28 pm

Re: Validate Form PHP

Post by mikelbring »

A few things I would like to mention.

I would not copy the post variables into separate variables unless you have to.
You can put each error into an array such as $errors[] ="Error"; and then run a foreach at the end to display each error.
Post Reply