how i do transfer data after validating form

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
nnnpuri
Forum Newbie
Posts: 14
Joined: Tue Nov 25, 2008 6:50 am

how i do transfer data after validating form

Post by nnnpuri »

Hi

i have one user form ,here is problem like once i enter <form action ="sendmail.php">i do not validate data ,but if i remove this action ,its vallidate

my code is as under,can any one help me?,this code is really working fine

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>

</head>


<body>

<h1>Regestration Form</h1>
<h4> * indicates must select </h4>
<?php
error_reporting(E_ALL ^ E_NOTICE);
// Error Variable Declaration
$nameerror="";
$emailerror="";
$addresserror="";
$gendererror="";
$fileerror="";
$uploadfileerror="";
$hobbyerror="";
$stateerror="";
$cityerror="";
$usernameerror="";
$passworderror="";
$confirmpassworderror="";
$pc="";
$pwd = strip_tags(trim($_POST['password'])); //Value of Password Store
$conf_pwd = strip_tags(trim($_POST['confirm_password'])); //Valure of Confirm Password Store

//Validation Checking with IF Condition...

if (!empty($_POST['Submit']))
{

//Array of Name Field + Store Error Msg + Name Validation
$namearray=array('name' =>$_POST['name']);
$fname=(trim($_POST['name']));
{
if ($fname=="")
$nameerror="please enter name";
}

//Array of Email Field + Store Error Msg + Email Validation
$emailarray=array('email' =>$_POST['email']);
$femail=(trim($_POST['email']));
{
if ($femail=="")
//ereg("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$]", $femail);
$emailerror="please enter email";
}


//Array of Address Field + Store Error Msg + Address Validation
$addressarray=array('address' =>$_POST['address']);
$faddress=(trim($_POST['address']));
{
if ($faddress=="")
$addresserror="please enter address";
}

//Array of Gender Field + Store Error Msg + Gender Validation
$genderarray=array('m2'=>$_POST['m2']);
$fgender=(isset($_POST['m2']));
{
if($fgender=="")
$gendererror="please select gender";
}

//Array of File Upload Field + Store Error Msg + File Upload Validation
$filearray=array('file'=>$_FILES['file']);
$ffile=(trim($_FILES['file']));
{
if ($ffile=="")
$fileerror="please upload file";
}

//Array of Hobby Field + Store Error Msg + Hobby Validation
$hobbyarray=array('hobby'=>$_POST['hobby']);
$fhobby=(isset($_POST['hobby']));
{
if($fhobby=="")
$hobbyerror="please select hobby";
}

//Array of State Field + Store Error Msg + State Validation
$statearray=array('state'=>$_POST['state']);
$fstate=(trim($_POST['state']));
{
if($fstate=="")
$stateerror="please select state";
}

//Array of City Field + Store Error Msg + City Validation
$cityarray=array('city'=>$_POST['city']);
$fcity=(trim($_POST['city']));
{
if($fcity=="")
$cityerror="please select city";
}

//Array of User Name Field + Store Error Msg + User Name Validation
$usernamearray=array('user_name'=>$_POST['user_name']);
$fusername=(trim($_POST['user_name']));
{
if($fusername=="")
$usernameerror="please enter user name";
}

//Array of Password Field + Store Error Msg + Password Validation
$passwordarray=array('password'=>$_POST['password']);
$fpassword=(trim($_POST['password']));
{
if($fpassword=="")
$passworderror="please enter password";
}

//Array of Confirm Password Field + Store Error Msg + Confirm Password Validation
$confirmpasswordarray=array('confirm_password'=>$_POST['confirm_password']);
$fconfirmpassword=(trim($_POST['confirm_password']));
{
if($fconfirmpassword=="")
$confirmpassworderror="please enter Confirm password";
}

//Password & Confirm Password Matching Validation
if($pwd != $conf_pwd)
{
$pc="your password and confirm password do not match"."<br>";
}


// File Upload Valditation...

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/bmp")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] >20000)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{


if (file_exists("D:/Training/12.11.08/images/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. "."<br>";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"D:/Training/12.11.08/images/" . $_FILES["file"]["name"]);
echo "Image Stored in: " ."D:/Training/12.11.08/images/"."<br>". $_FILES["file"]["name"];
}
}
}

else
{
//echo "Invalid file"."<br>";
$infileerror="invalid file";
}

//file upload synapse code


}
?>


<?php
error_reporting(E_ALL ^ E_NOTICE);
// If There is an string in below mention variable field will be not Disply... Only Main Error Will Display...

$mainerror="";
if(
($nameerror=="") &&
($emailerror=="")&&
($addresserror=="")&&
($gendererror=="")&&
($hobbyerror=="")&&
($stateerror=="")&&
($cityerror=="")&&
($usernameerror=="")&&
($passworderror=="")&&
($confirmpassworderror=="")&&
($pc=="")&&
($fileerror=="")&&
($infileerror=="")
)
// Print of all fields Arrays...
{
echo "<br>"."Name :{$namearray['name']}"."<br>";
echo "Email :{$emailarray['email']}"."<br>";
echo "Address :{$addressarray['address']}"."<br>";
echo "Gender :{$genderarray['m2']}"."<br>";
echo "File :{$filearray['file']}"."<br>";
echo "Hobby :{$hobbyarray['hobby']}"."<br>";
echo "State :{$statearray['state']}"."<br>";
echo "City :{$cityarray['city']}"."<br>";
echo "Username :{$usernamearray['user_name']}"."<br>";
echo "Password :{$passwordarray['password']}"."<br>";
echo "Confirm Password :{$confirmpasswordarray['confirm_password']}"."<br>";

}
else
{
$mainerror="Please correct bellow mention error and try again ! Thanks";
}
?>
<table>
<tr><td><font color="#CC0066" size="+2"><?php echo $mainerror; ?></font></td></tr><br />
<tr><td><font color="#FF0000" size="+1"><?php echo $pc; ?></font></td></tr><br />


<form method="POST" ENCTYPE="multipart/form-data" ss>


<tr>
<td> <b> Name : </b> </td>
<td><input name="name" type="text" id="name" maxlength="20" value="<?php echo $_POST['name'] ?>"/>*(Maxlength 20)</td>
<td> <font color="#FF0000" size="+1"><?php echo $nameerror; ;?></font></td>
</tr>

<tr>
<td><b> Email : </b> </td>
<td><input name="email" type="text" id="email" maxlength="20" value="<?php echo $_POST['email'] ?>" />*(Maxlength 20)</td>
<td> <font color="#FF0000" size="+1"><?php echo $emailerror; ;?></font></td>
</tr>

<tr>
<td><b> address : </b> </td>
<td><input name="address" id="address" value="<?php echo $_POST['address'] ?>"/>*(Maxlength 40)</td>
<td> <font color="#FF0000" size="+1"><?php echo $addresserror; ;?></font></td>
</tr>

<tr>
<td><b> Gender : </b> </td>
<td><input type="radio" name="m2" value="Male" id="rdmale" <?php echo $_POST['m2'] ?>/>
Male
<input type="radio" name="m2" value="Female" id="rdfemale">
Female &nbsp; &nbsp; &nbsp;&nbsp; &nbsp;( * )</td>
<td> <font color="#FF0000" size="+1"><?php echo $gendererror; ;?></font></td>
</tr>

<tr>
<td> <b>Upload Photo : </b> </td>
<td><input type="file" name="file" id="file" value=""/> *(Upload Only .jpg,.jpeg,.gif,.png,.bmp files)</td>
<td><font color="#FF0000" size="+1"><?php echo $fileerror; ;?></font></td>
<td><font color="#FF0000" size="+1"><?php echo $infileerror; ?></font></td>
</tr>

<tr>
<td><b> Hobby : </b> </td>
<td><input type="checkbox" name="hobby" value="cricket" id="chk1" <?php echo $_POST['hobby'] ?> />cricket &nbsp;
<input type="checkbox" name="hobby" value="football" id="chk2"/>football &nbsp;
<input type="checkbox" name="hobby" value="rugby" id="chk3" />rugby &nbsp;
<input type="checkbox" name="hobby" value="other" id="chk4" />other &nbsp; &nbsp; &nbsp;*(Select Minimum 1) </td>
<td> <font color="#FF0000" size="+1"><?php echo $hobbyerror; ;?></font></td>
</tr>

<tr>
<td> <b> State : </b> </td>
<td><select name="state" id="state" >
<option value="<?php echo $_POST['state'] ?>" id="s0"> Select One </option>
<option id="s1">Gujarat</option>
<option id="s2">Maharashtra</option>
<option id="s3">MP</option>
</select> </td>
<td> <font color="#FF0000" size="+1"><?php echo $stateerror; ;?></font></td>
</tr>

<tr>
<td> <b> City : </b> </td>
<td><select size="5" name="city" id="city">
<option value="<?php echo $_POST['city'] ?>">ahmedabad</option>
<option id="c1">patan</option>
<option id="c2">surendranagar</option>
<option id="c3">ahmedabad</option>
<option id="c4">Mumbai</option>
<option id="c5">Rajkot</option>
<option id="c6">Wadhawan</option>
<option id="c7">Ratanpar</option>
</select>
*(Select Atleast 1)</td>
<td><font color="#FF0000" size="+1"><?php echo $cityerror; ;?></font></td>
</tr>

<tr>
<td> <b> User name : </b> </td>
<td><input type="text" name="user_name" value="<?php echo $_POST['user_name'] ?>" id="user_name" maxlength="15"/>*(Maxlength 15) </td>
<td> <font color="#FF0000" size="+1"><?php echo $usernameerror; ;?></font></td>
</tr>

<tr>
<td><b> Password : </b> </td>
<td><input type="password" name="password" id="password" maxlength="8"
value="<?php echo $_POST['password'] ?>"/>*(Maxlength 8)</td>
<td> <font color="#FF0000" size="+1"><?php echo $passworderror; ;?></font></td>
</tr>

<tr>
<td> <b> confirm password : </b> </td>
<td><input type="password" name="confirm_password" id="confirm_password" maxlength="8"
value="<?php echo $_POST['confirm_password'] ?>"/>*(Maxlength 8)</td>
<td> <font color="#FF0000" size="+1"><?php echo $confirmpassworderror; ;?></font></td>
</tr>

<tr>
<td><input type="submit" name="Submit" value="submit"/>
<input type="reset" value="Reset"/> </td>
</tr>
</form>
</table>




</body>
</html>
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: how i do transfer data after validating form

Post by alex.barylski »

Code: Select all

header('Location: http://www.wherever.com');
You need to be more to the point...and wrap your code in proper tags and shorten it and focus strictly on the problem...no one is going to look over 100 lines of code to find your error.

Cheers,
Alex
nnnpuri
Forum Newbie
Posts: 14
Joined: Tue Nov 25, 2008 6:50 am

Re: how i do transfer data after validating form

Post by nnnpuri »

Thanks for response



PCSpectra wrote:

Code: Select all

header('Location: http://www.wherever.com');
You need to be more to the point...and wrap your code in proper tags and shorten it and focus strictly on the problem...no one is going to look over 100 lines of code to find your error.

Cheers,
Alex
nnnpuri
Forum Newbie
Posts: 14
Joined: Tue Nov 25, 2008 6:50 am

Re: how i do transfer data after validating form

Post by nnnpuri »

i mean this is my code ,and i do validate all the fields,and code is also working fine but when i write <form action="sendmail.php"> it do not work
User avatar
allspiritseve
DevNet Resident
Posts: 1174
Joined: Thu Mar 06, 2008 8:23 am
Location: Ann Arbor, MI (USA)

Re: how i do transfer data after validating form

Post by allspiritseve »

nnnpuri wrote:i mean this is my code ,and i do validate all the fields,and code is also working fine but when i write <form action="sendmail.php"> it do not work
If you don't write anything in the action part, then the form submits to the same page. It looks like all of your validation is kept in the same page. When you send it to "sendmail.php", there's probably no validation in that file, so it won't validate your form.
nnnpuri
Forum Newbie
Posts: 14
Joined: Tue Nov 25, 2008 6:50 am

Re: how i do transfer data after validating form

Post by nnnpuri »

yes dear ,its work,thanks for your help,i always remember u,bye
Post Reply