<form METHOD="POST" ACTION="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<label>Firstname : </label>
<input type="text" name="fname" id="fname" placeholder="enter your firstname" value="<?php if (isset($_POST["fname"]))
{echo $_POST["fname"];}?>" />
<span class="error">* <?php echo $fnameError;?></span>
<br><br>
<label>Surname : </label>
<input type="text" name="surname" id="surname" placeholder="Enter your surname" value="<?php if (isset($_POST["surname"]))
{echo $_POST["surname"];}?>" />
<span class="error">* <?php echo $surnameError;?></span>
<br><br>
<input type="submit" value="submit" name="submit" id="submit" />
</form>
<span style="font-weight: bold">PHP PART</span>
<?php
$first_name = $sur_name = "";
$fnameError = $surnameError ="";
if ($_SERVER["REQUEST_METHOD"]== "POST") {
function clean_input_provide ($value){
$value = trim($value);
$value = htmlspecialchars($value);
$value = stripslashes($value);
return ($value);
}
if (empty($_POST["fname"])) {
$fnameError = "Please enter your first name";
}
else
{
$first_name = clean_input_provide($_POST["fname"]);
if (!preg_match("/^[a-zA-Z ]*$/", $first_name)) {
$fnameError = "Only letters and white space allowed";
}
}
if (empty($_POST["surname"])) {
$surnameError = "Please enter your surname";
}
else
{
$sur_name = clean_input_provide($_POST["surname"]);
if (!preg_match("/^[a-zA-Z ]*$/", $sur_name)) {
$surnameError = "Only letters and white space allowed";
}
}
if (!empty($first_name&&$sur_name&&$password&&$address)) {
$sql = "INSERT INTO tbl_address_book (First_Name, Surname, Address, Password) VALUES ('$first_name',
'$sur_name', '$address', '$password')";
if (mysqli_query($db_connection, $sql)) {
echo "Recorded added";
}
else
{
echo "No records";
}
}
}
?>