You are here: Re: validating data from forms « PHP Language « IT news, forums, messages
Re: validating data from forms

Posted by Gleep on 07/06/07 17:43

On Fri, 6 Jul 2007 01:01:33 -0700, "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote:

>I have a set of function that work beautifully the first time that the form
>is processed, but the second time that I hit the submit button if any field
>contains data the form by passes all of my carefully planned validation and
>dumps the data into the DB.
>
>Have to tell you this is very disconcerting. I Have Been working with this
>for a couple of days now. And...
>
>Can you take a look at my logic and tell me if I over looked anything
>obvious?
>I should clue you in to what I am attempting to do.
>
>Nothing complicated, I just make several function calls and if their is
>output from the calls then I have an error somewhere.
>
>It should call my JS window.location function to redirect to the same page
>so that they can make corrections.
>
>However, for some reason the validation functions do exactly what they are
>supposed to do the first time around, but like I said above, the second time
>if any fields are loaded with data it completely by passes my validation
>proceedures. :-(
>
>code:
>--------------------------------------
> // looking at some function calls here, nothing special...
>
> if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
> $_SESSION['SES_userNameErr'] = $userNameErr;
> }
>
> if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
>trimWhiteSpace($_POST['pass2']))){
> $_SESSION['SES_userPassErr'] = $userPassErr;
> }
>
> if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
>trimWhiteSpace($_POST['lName']))){
> $_SESSION['SES_nameErr'] = $nameErr;
> }
>
> if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
> $_SESSION['SES_passHintErr'] = $passHintErr;
> }
>
> if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
> $_SESSION['SES_emailErr'] = $emailErr;
> }
>
>// my err check statement that only works on the first pass
>
> if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
> ?>
> <script language="javascript">
> window.location = "register.php";
> </script>
> <?php
> }else{
>//
>****************************************************************************
>**************
>//
>// here we encrypt the password and add slashes if needed
>//
>//
>****************************************************************************
>**************
>
>
>$_POST['pass'] = md5($_POST['pass']);
>
> if (!get_magic_quotes_gpc()) {
> $_POST['pass'] = addslashes($_POST['pass']);
> $_POST['username'] = addslashes($_POST['username']);
> $_POST['fName'] = addslashes($_POST['fName']);
> $_POST['lName'] = addslashes($_POST['lName']);
> $_POST['passHint'] = addslashes($_POST['passHint']);
> $_POST['email'] = addslashes($_POST['email']);
> }
> //
>****************************************************************************
>**************
> //
> //if there are no errors in data validation load the data into the database
> // now we insert it into the database
> //
> //
>****************************************************************************
>**************
> $insert = "INSERT INTO user (username, password, fName, lName, passHint,
>email, bMonth)
> VALUES ('".$_POST['username']."',
>'".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST['
>passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
> $add_member = mysql_query($insert);
>
>
>
>?>
>
><p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
>print "$fName $lName" ?> you have registered - you may now <a
>href="login.php">login</a>.</p>
><?php
> }// end if error
>
>insight would be greatly appreciated
>thank you
>Kevin
>




Well first off , in my opnion the validation logic seems a little convoluted, but the thing i
noticed first is if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr) {...
the ors should be || or OR not |

your saving session data if there is an error, why there is no need to save that data.
here is the logic pattern I'd use

the user fills out the form and submits..
(there might be errors i'm just gonna whip it out)....


if(isset($_POST['Submit'] AND $_POST['Submit']=='Submit' ) {

// collect form vars
if (!get_magic_quotes_gpc()) {
$pass = addslashes($_POST['pass']);
$username = addslashes($_POST['username']);
$fName = addslashes($_POST['fName']);
$lName = addslashes($_POST['lName']);
$passHint = addslashes($_POST['passHint']);
$email = addslashes($_POST['email']);
$bMonth = addslashes($_POST['bMonth']);
} else {
$pass = $_POST['pass'];
$username = $_POST['username'];
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$passHint = $_POST['passHint'];
$email = $_POST['email'];
$bMonth = $_POST['bMonth'];
}

// validate vars
$error = false;
if(!$pass) $error .= "password is required<br />";
if(!$username) $error .= "username is required<br />";
if(!$fName) $error .= "first name is required<br />";
if(!$lName) $error .= "last name is required<br />";
if(!$passHint) $error .= "password hint is required<br />";
if(!$enail) $error .= "email hint is required<br />";
if(userNameCheck(trimWhiteSpace($username))) $error .= "username failed<br />";
if(userPassCheck(trimWhiteSpace($pass))) $error .= "password failed<br />";
if(nameCheck(trimWhiteSpace($fName))) $error .= "first name failed<br />";
if(passHintCheck(trimWhiteSpace($passHint))) $error .= "pass hint failed<br />";
if(emailCheck(trimWhiteSpace($email))) $error .= "email failed<br />";

if(!$error) {
mysql_query("INSERT INTO user (username, password, fName, lName, passHint, email, bMonth) VALUES
('$username','$pass', '$fName', '$lName', '$passHint', '$email', '$bMonth')") or die(mysql_error());
// if everything is cool go to thank you page else return to same page
header("location: thank_you.php");
exit;
}

}


<form name="form1" method="post" action="<?=$_SERVER['PHP_SELF']?>" >
<lable>Username</lable> <input type="text" name="username" value="<?=$username?>"><br />
//repeat for all fields
<input type="submit" name="Submit" value="Submit">
<? if($error) echo "<p>$error</p>";?>
</form>



i think the logic here is easier to follow and tweakable if needed

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация