Posted by shimmyshack on 03/29/07 21:15

On 29 Mar, 20:48, "Laiverd.COM" <share_your_knowle...@someserver.nl>
wrote:
> This probably very basic, but my searches and attempts sofar have brought me
> nowhere. This is the situation: I have a form with a city field which is
> submitted for validation before data are entered into a db. When errors are
> found, the user sees the form again with all posted values again in their
> respective fields. This all works pretty fine ... except when I have an
> entry which starts with a single quote ('). As soon as such an entry is
> posted, it will never turn up in the form again after validation.
> I found out (at least that is what people are making me believe ;) ) that
> this has something to do with magic_quotes being on in the php.ini.
> I have tried all kinds of combinations of stripslashes and addslashes, have
> used get_magic_quotes_gpc(); to turn it of, even set it to off in my
> configuration ... nothing helps: the value will not show up the second time
> the form is displayed.
>
> This is what i have
> THE FORM PART
> <input name='city' type='text' value='".$_POST['city']."' class='big' />
>
> THE VALIDATION
> if(!isValid("name", $_POST['city'])){
> $errorFlag = false;
> $errors['errors'] = true;
> $errors['city_err'] = true;
> }
>
> THE PART OF THE ISVALID function used
> function isValid($type, $string){
> $string = trim($string);
> switch ($type){
> //...
> case "name":
> return ereg(VALID_NAME,$string);
> break;
> //...
> default:
> echo "No valid type specified for check";
> break;
> }
>
> }
>
> THE REGEXP (which would now return a false for any city with a ' ,but that's
> beside the point I think)
> define("VALID_NAME","^([A-Z]{1})([a-zA-Z\s \-]+)([a-z])$");
>
> I'm really running out of options here, so if anyone could shed a light on
> this ..
>
> Thanks,
> John


if when you post the form it posts back to the same script which
displays again then
<input name='city' type='text' value='".$_POST['city']."' class='big' /
>
will _always_ result in showing whatever has been posted in the cirty
input despite the validation - unless there is more to your code that
you have shown us. (unless the $_POST['city'] is set to '' if it is
not valid)
It also seems odd that the $errorFlag is set to false if there /is/ an
error.

You seem to suggest that it is the only field that is validated in
this way. How is it alone submitted for validation before the data is
submitted? XHR? Is it submitted along with the rest of the form, and
yet the only one that is validated.

If you want to post more, do so, it's the only way you will get the
definitive answers you want. As it stands it's really only speculation
you have got, which is why people are talking about such things as
magic quotes and so on....

[Back to original message]