PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Aug 19, 2017 7:58 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sun Jul 12, 2015 10:59 am 
Offline
Forum Newbie

Joined: Thu Jul 09, 2015 4:36 pm
Posts: 2
Hi Everybody,

i am a php/mysql newbie and i am trying to create form to send data into db. here are the condition i want to meet:
1-data should go to db only when all fiels are filled
2- prevent script from running when conditions are met

here is my code:

Syntax: [ Download ] [ Hide ]
<form METHOD="POST" ACTION="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

<label>Firstname : </label>
<input type="text" name="fname" id="fname" placeholder="enter your firstname" value="<?php if (isset($_POST["fname"]))
{echo $_POST["fname"];}?>" />
<span class="error">* <?php echo $fnameError;?></span>
<br><br>

<label>Surname : </label>
<input type="text" name="surname" id="surname" placeholder="Enter your surname" value="<?php if (isset($_POST["surname"]))
{echo $_POST["surname"];}?>" />
<span class="error">* <?php echo $surnameError;?></span>
<br><br>
<input type="submit" value="submit" name="submit" id="submit" />
</form>

<span style="font-weight: bold">PHP PART</span>
<?php
$first_name = $sur_name = "";
$fnameError = $surnameError ="";

if ($_SERVER["REQUEST_METHOD"]== "POST") {

function clean_input_provide ($value){
$value = trim($value);
$value = htmlspecialchars($value);
$value = stripslashes($value);
return ($value);
}
if (empty($_POST["fname"])) {

$fnameError = "Please enter your first name";

}
  else
 {

$first_name = clean_input_provide($_POST["fname"]);    

if (!preg_match("/^[a-zA-Z ]*$/", $first_name)) {

$fnameError = "Only letters and white space allowed";

 }
}

if (empty($_POST["surname"])) {

$surnameError = "Please enter your surname";
}

 else
 {

$sur_name = clean_input_provide($_POST["surname"]);

if (!preg_match("/^[a-zA-Z ]*$/", $sur_name)) {

$surnameError = "Only letters and white space allowed";

}
}      

if (!empty($first_name&&$sur_name&&$password&&$address)) {
 
 
$sql = "INSERT INTO tbl_address_book (First_Name, Surname, Address, Password) VALUES ('$first_name',

'$sur_name', '$address', '$password')"
;


 if (mysqli_query($db_connection, $sql)) {
 
 echo "Recorded added";
 }

   else
   {
        echo "No records";
   }

}
 
}
?>
 

My problem is, i want to prevent the script from running when the preg_match condition is met


Thanks


Top
 Profile  
 
PostPosted: Sun Jul 12, 2015 1:51 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13421
Location: New York, NY, US
You might want to research the Intercepting Filter pattern. A simple Filter Chain implementation would be a better solution for this kind of problem. If you use Composer, perhaps you can find a good implementation from a framework.

_________________
(#10850)


Top
 Profile  
 
PostPosted: Mon Jul 13, 2015 5:50 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6268
Location: Montreal, Canada
Definitely look into prepared statements (or some DBAL that handles that for you) for the insert itself. Valitron is a decent package for quick and easy validation. One note; what if I have an apostrophe or hyphen in my name. Brenda O'Malley. Sean Teller-William. Perfectly valid names that would be disallowed by your current regex. Something to consider.

_________________
Supported PHP versions No longer supported versions


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: Google [Bot] and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group