Page 1 of 1
Validate Form PHP
Posted: Thu Jan 01, 2009 7:15 pm
by cupaball
I am sure this has been covered a few times, but my internet search has come up kinda short. Can anyone tell me the best way to validate the form data below? I have it link to some jquery and want to provide the errors back if first name, last name e-mail and comments fields, are blank, and if the e-mail does not have a regular expression.
Here is PHP script
Code: Select all
<?php require_once('connection.php'); ?>
<?php
$firstname = "$_POST[firstname]";
$lastname = "$_POST[lastname]";
$company = "$_POST[company]";
$email = "$_POST[email]";
$phone = "$_POST[phone]";
$project = "$_POST[project_type]";
$comments = "$_POST[comments]";
mysql_select_db($database_connUser);
$sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
if (!mysql_query($sql,$connUser))
{
die('Error: ' . mysql_error());
}
echo 'Thank you '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xyz.com';
?>
Any help would be appreciated.
Re: Validate Form PHP
Posted: Thu Jan 01, 2009 7:45 pm
by requinix
- You need to run all the fields through mysql_real_escape_string as you insert them into the query.
- When you print firstname, project, email, and phone you need to run them through htmlentities.
- Use empty to check if any field is empty. There are, of course, other ways of doing it.
- firstname, lastname, company, project, and comments probably don't need any validation. Maybe company or project though, depends.
- For an email regex search the internet.
- For phone I'd strip out all non-numeric characters and ensure it's X, Y, or Z digits long.
Re: Validate Form PHP
Posted: Fri Jan 02, 2009 9:16 am
by cupaball
Thanks for the feedback. I am going to take this in baby steps.
First I would like to validate and provide the user feedback using the following:
Firstname, Lastname and Comments should not be less than 3 character, but when I used the following it did not work:
Code: Select all
if ( $firstname < 3) {
echo "Please enter your first name";
}
I tried to use preg_match for my regular expression but seemed not work either:
Code: Select all
elseif ( $email == "" ) {
echo "Please enter an email address";
}
elseif (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
echo "Please enter a valid e-mail address";
}
Once I get that squared away then I am going to tackle mysql_real_escape_string and htmlentities (which by the way I got thoroughly confused).
Here is the full code:
Code: Select all
<?php require_once('connection.php'); ?>
<?php
$firstname = "$_POST[firstname]";
$lastname = "$_POST[lastname]";
$company = "$_POST[company]";
$email = "$_POST[email]";
$phone = "$_POST[phone]";
$project = "$_POST[project_type]";
$comments = "$_POST[comments]";
if ( $firstname < 3) {
echo "Please enter your first name";
} elseif ( $lastname < 3 ) {
echo "Please enter your last name";
}
elseif ( $email == "" ) {
echo "Please enter an email address";
}
elseif (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
echo "Please enter a valid e-mail address";
}
elseif ( $comments == "" ) {
echo "Please enter your comment";
}
else {
mysql_select_db($database_connUser);
$sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
if (!mysql_query($sql,$connUser))
{
die('Error: ' . mysql_error());
}
echo 'Thank you '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xyz.com.';
}
?>
Thanks for any help.
Re: Validate Form PHP
Posted: Fri Jan 02, 2009 9:19 am
by cupaball
One more thing, is there a way I could store all the errors in one variable and then echo them at once instead of one at a time??
Re: Validate Form PHP
Posted: Fri Jan 02, 2009 1:37 pm
by watson516
cupaball wrote:One more thing, is there a way I could store all the errors in one variable and then echo them at once instead of one at a time??
You could. But, if I am not mistaken, you will only receive a single error because of the elseif. If the first check doesn't error you get no error and it goes on to the next one. If the next one errors, you get an error and it drops out of the if statement so no other checks are performed.
If you want to get multiple errors, you would have to put each check in it's own if statement.
For the checking of the length of a string, you need to use
strlen to determine the length of the string and then check it against whatever value you wish.
Code: Select all
if (strlen($firstname)<3) echo "Your first name is too short. Please change it.";
Re: Validate Form PHP
Posted: Fri Jan 02, 2009 2:30 pm
by cupaball
Thanks for your help, any idea about the preg_match?
Re: Validate Form PHP
Posted: Fri Jan 02, 2009 5:08 pm
by cupaball
Here is what I have for the preg_match, what I noticed is, it does work but backwards for example if the e-mail is valid I keep printing " You email is invalid" and vice versa.
Can some please help me.
Code: Select all
if (strlen($firstname)<3) {
echo "The first name you entered is too short. Please change it.";
} elseif (strlen($lastname)<3) {
echo "The last name you entered is too short. Please change it.";
}
elseif ( $email == "" ) {
echo "Please enter an email address";
}
elseif (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)){
echo "Please enter a valid e-mail address";
}
elseif (strlen($comments)<3) {
echo "The comment you entered is to short";
}
else {
mysql_select_db($database_connUser);
$sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
if (!mysql_query($sql,$connUser))
{
die('Error: ' . mysql_error());
}
echo 'Thank you '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xxx.com.';
}
?>
Re: Validate Form PHP
Posted: Fri Jan 02, 2009 5:13 pm
by watson516
I am not exactly sure but
this might help.
Re: Validate Form PHP
Posted: Sat Jan 03, 2009 7:43 am
by cupaball
I found the answer!!!
I needed to add a "!" in front of preg match to mean if found then show error esle keep checking.
Code: Select all
elseif (!preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)){
Re: Validate Form PHP
Posted: Sat Jan 03, 2009 3:16 pm
by mikelbring
A few things I would like to mention.
I would not copy the post variables into separate variables unless you have to.
You can put each error into an array such as $errors[] ="Error"; and then run a foreach at the end to display each error.