You are here: Re: VALIDATING MANDATORY FIELDS USING PHP NOT JAVA SCRIPT!?! « All PHP « IT news, forums, messages
Re: VALIDATING MANDATORY FIELDS USING PHP NOT JAVA SCRIPT!?!

Posted by ED on 05/04/06 15:33

"Starbuck" <spam@yahoo.com> wrote in message news:445979d7@news.eftel.com...
> Hi,
>
> I would really appreciate some points of view about the best way of
> validating mandatory fields and redirecting them back to the page that
> will outline the text fields label (in red) to denote values that are
> missing without losing the information that the user has already keyed in.
> There is a lot out there about how to do this in java script, however, my
> client has requested no java script is to be used. I have included a
> sample of my code so far, and I would be grateful for any suggestions or
> changes that I should be making to the functionality or any other
> suggestions/criticisms.
>
> Thanks in advance...
>
> <?php
> // Check to verify that the form has been submitted
> if ($_POST['Submit'] == "Submit")
> {
> // $errmsg is a global variable to be used for storing error
> messages
> $errmsg = "";
> // check to see if the 'firstname' and 'lastname' string length is
> at least one char
> if ((strlen($_POST['firstname']) >= 1) &&
> (strlen($_POST['lastname']) >= 1))
> {
> $firstname = trim($_POST['firstname']);
> $lastname = trim($_POST['lastname']);
> $errmsg= NULL;
> }
> else
> {
> // 'firstname' and 'lastname' was not submitted
> $errmsg = '<SPAN class="Normal">You didn\'t fill out the required
> fields. Please go back!</SPAN>';
> }
> // check to see if we have any errors
> if (isset($errmsg))
> {
> // there was at least one error
> echo $errmsg;
> exit();
> }
> else
> {
> // No errors found, all data validated
> // Connect MYSQL
> MYSQL_QUERY("INSERT INTO table VALUES($firstname, $lastname");
> echo "Your information has been posted.";
> }
> }
> else
> {
> // Form wasn't posted, escape PHP and show the form
> echo "Go back to main form because form wasn\'t posted.";
> header("location: signup.php");
> exit();
> }
> ?>
>

Hi Starbuck,
Just as an aside, the line:
mysql_query("INSERT INTO table VALUES($firstname, $lastname)");
leaves you wide open to SQL injection attacks.

You need to safely escape the values before inserting into the DB, look at
mysql_real_escape_string() or mysql_escape_string() depending on the version
of PHP you are using.

cheers,
ED

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация