PHP Developers Network
http://forums.devnetwork.net/

Advise for sending data into db with form
http://forums.devnetwork.net/viewtopic.php?f=34&t=141538
Page 1 of 1

Author:  rebeldeveloper' [ Sun Jul 12, 2015 10:59 am ]
Post subject:  Advise for sending data into db with form

Hi Everybody,

i am a php/mysql newbie and i am trying to create form to send data into db. here are the condition i want to meet:
1-data should go to db only when all fiels are filled
2- prevent script from running when conditions are met

here is my code:

Syntax: [ Download ] [ Hide ]
<form METHOD="POST" ACTION="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

<label>Firstname : </label>
<input type="text" name="fname" id="fname" placeholder="enter your firstname" value="<?php if (isset($_POST["fname"]))
{echo $_POST["fname"];}?>" />
<span class="error">* <?php echo $fnameError;?></span>
<br><br>

<label>Surname : </label>
<input type="text" name="surname" id="surname" placeholder="Enter your surname" value="<?php if (isset($_POST["surname"]))
{echo $_POST["surname"];}?>" />
<span class="error">* <?php echo $surnameError;?></span>
<br><br>
<input type="submit" value="submit" name="submit" id="submit" />
</form>

<span style="font-weight: bold">PHP PART</span>
<?php
$first_name = $sur_name = "";
$fnameError = $surnameError ="";

if ($_SERVER["REQUEST_METHOD"]== "POST") {

function clean_input_provide ($value){
$value = trim($value);
$value = htmlspecialchars($value);
$value = stripslashes($value);
return ($value);
}
if (empty($_POST["fname"])) {

$fnameError = "Please enter your first name";

}
  else
 {

$first_name = clean_input_provide($_POST["fname"]);    

if (!preg_match("/^[a-zA-Z ]*$/", $first_name)) {

$fnameError = "Only letters and white space allowed";

 }
}

if (empty($_POST["surname"])) {

$surnameError = "Please enter your surname";
}

 else
 {

$sur_name = clean_input_provide($_POST["surname"]);

if (!preg_match("/^[a-zA-Z ]*$/", $sur_name)) {

$surnameError = "Only letters and white space allowed";

}
}      

if (!empty($first_name&&$sur_name&&$password&&$address)) {
 
 
$sql = "INSERT INTO tbl_address_book (First_Name, Surname, Address, Password) VALUES ('$first_name',

'$sur_name', '$address', '$password')"
;


 if (mysqli_query($db_connection, $sql)) {
 
 echo "Recorded added";
 }

   else
   {
        echo "No records";
   }

}
 
}
?>
 

My problem is, i want to prevent the script from running when the preg_match condition is met


Thanks

Author:  Christopher [ Sun Jul 12, 2015 1:51 pm ]
Post subject:  Re: Advise for sending data into db with form

You might want to research the Intercepting Filter pattern. A simple Filter Chain implementation would be a better solution for this kind of problem. If you use Composer, perhaps you can find a good implementation from a framework.

Author:  Celauran [ Mon Jul 13, 2015 5:50 am ]
Post subject:  Re: Advise for sending data into db with form

Definitely look into prepared statements (or some DBAL that handles that for you) for the insert itself. is a decent package for quick and easy validation. One note; what if I have an apostrophe or hyphen in my name. Brenda O'Malley. Sean Teller-William. Perfectly valid names that would be disallowed by your current regex. Something to consider.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/