Validation going out of control (slightly).

Yay

01-16-2010, 11:12 AM

Hi there,

I'm having problems with my validation script for a form. Basically, it is not sending any data to the database, and not giving any confirmation messages. It's simply displaying an validation error message first, when nothing has been done with the form. Here's my code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Pyongyang Pair — Database Control Panel</title>


<link rel="stylesheet" href="style.css" media="screen" />


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://happykittens.co.uk/s2/gta/images/application.js"></script>

<script type="text/javascript" src="js/rounded-corners.js"></script>
<script type="text/javascript" src="js/form-field-tooltip.js"></script>

</head>
<body>


<div id="footer_wrap">
<div id="footer">

<div class="link1_wrap open">
<div class="link1_header">Manage</div>
<ul class="up">
<li><a href="records/add.php">Add</a></li>
<li><a href="records/view.php">View</a></li>
<li><a href="records/amend.php">Amend</a></li>

<li><a href="http://localhost:8888/WAMP/">phpMyAdmin</a></li>
</ul>
</div>
<div class="link2_wrap open">
<div class="link3_header">Guides</div>
<ul class="up">
<li><a href="guides/start.html">General</a></li>
<li><a href="guides/phpmyadmin.html">phpMyAdmin</a></li>
<li><a href="guides/adding.html">Adding Records</a></li>
</ul>
</div>

</div>
</div>



<div id="wrapper">

<div id="logo"><img src="/tests/a/img/logo.png" alt="CP Logo" /></div>


<h2>Welcome to the Database Control Panel</h2>



<?php
$con=mysql_connect('localhost', 'root', 'root');

if(!$con)
{
die('connection to the db failed. please contact a sysop');
}

if(isset($_POST['newrecord'])){

/* 2 */

echo

$name ='';
$gigs ='';
$mailing ='';
$mail ='';

$name = $_POST['name'];
$gigs = $_POST['gigs'];
$mailing = $_POST['mailing'];
$mail = $_POST['mail'];
}

if(trim($name)=='')
{
$errmsg ='Please enter the name of the person.';
}
else if(trim($gigs)=='')
{
$errmsg= 'Please enter a number in the gigs field.';
}
else if(trim($mailing)=='')
{
$errmsg= 'Please select a value in the mailing list field';
}
else if(trim($mail)=='')
{
$errmsg= 'Please enter the persons email.';
}

if(isset($errmsg)){
echo $errmsg;
}else{

mysql_select_db("pp", $con);
$name=($_POST['name']);
$gigs=($_POST['gigs']);
$mailing=($_POST['mailing']);
$mail=($_POST['mail']);

$sql="INSERT INTO members (Name,Gigs,Mailing,Mail) VALUES ('$name','$gigs', '$mailing','$mail')";

if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "<b>You have successfully entered this record into the database for <em>$name</em>.</b>";
mysql_close($con);

}

?>

<?php
$con =mysql_connect("localhost","root","root");

if (!$con)
{
//if there is no DB fail.
die('connection failed ' . mysql_error());
}
//carry on
else
{

//if there is something in the field sent from the post check it and see if you can add it to the database

if(isset($_POST['sent'])){

}else{
//display the error messages
}
}
//disply the form here

?>

<form action="add.php" name="newrecord" method="post">
<table border="0px solid #555555">

<tr>
<td><h3>Name   <h3></td>
<td><input type=xt class="form" name="name" width="650px" maxlength="30" id="name" tooltipText="Add the full name of the new database entrant."></td><br>
</tr>

<tr>
<td><h3>Age   <h3></td>
<td><input type=xt class="form" name="name" width="650px" maxlength="3" id="age" tooltipText="Enter the numeric age of the entrant."></td><br>
</tr>
<tr>
<td><h3>Gigs Attended   <h3></td>
<td><input type=xt class="form" name="name" width="650px" maxlength="2" id="name" tooltipText="Number of confirmed gigs this entrant has attended. Set at 0 if unsure."></td><br>
</tr>
<img src="lightbulb.png" alt="" class="lightbulb" />
<tr>
<td><h3>Mailing List   <h3></td>
<td><input type="checkbox" class="form" name="name" width="650px" maxlength="30" id="name" tooltipText="Did the entrant want to be signed up for the mailing list (newsletters, email notifications)?"></td><br>
</tr>

<tr>
<td><h3>E-mail   <h3></td>
<td><input type=xt class="form" name="name" width="650px" maxlength="80" id="name" tooltipText="Enter the given e-mail address here. Triple check this."></td><br>
</tr>

<input type="hidden" name="newrecord" value="1" />
<td><input type="submit" class="submit" value="Add new Record" name="newrecord"></td>

</div>

</table>
</form>
<script type="text/javascript">
var tooltipObj = new DHTMLgoodies_formTooltip();
tooltipObj.setTooltipPosition('left');
tooltipObj.setPageBgColor('#000');
tooltipObj.setCloseMessage('Exit');
tooltipObj.initFormFieldTooltip();
</script>
</body>
</html>

Any help is appreciated.

Dormilich

01-16-2010, 11:59 AM

what error message do you get?

Yay

01-16-2010, 12:04 PM

what error message do you get?

I get the error message produced by the form's validation script. Not a PHP error itself. This is what I get:

"Please enter the name of the person."

Basically, it's not sending anything to the MySQL database, which is what I'd like to do. (I'd like it to create a new record based on the information provided by the PHP form.

Dormilich

01-16-2010, 12:36 PM

Yay

01-16-2010, 12:59 PM

your form has several problems:

a) multiple field names, your input fields all have the same name, i.e.eventually there is only one of the field's values (usually the last) submitted

b) multiple IDs, this is a violation of the HTML syntax (IDs must be unique), you'll get problems with JavaScript there

c) fields are best tested with empty() or strlen(), or, if you like, with a filter (http://php.net/filter)

do var_dump($_POST); to check if the script receives all values correctly

Thank you for that, that's working now. All that needs done is to remove the error messages when nothing has actually been done to the form. For example, the message "Please enter a name for the person" shows up when you load the page.

Dormilich

01-16-2010, 01:11 PM

test, whether a submit has been done as all:
if (isset($_POST["submit"])) // if the submit button is named "submit"
{
// do form processing
}

Yay

01-16-2010, 01:21 PM

Hi,

I've already got things similar to that:

//if there is something in the field sent from the post check it and see if you can add it to the database

if(isset($_POST['newrecord'])){

}else{
//display the error messages
}

The validation error message keeps showing up when the page is loaded.

Dormilich

01-16-2010, 01:30 PM

the complete form handling belongs to the if block, including error tests and MySQL (otherwise the DB insert won't be executed if you submit the form).

PS. form name and submit name is the same, this may prove disadvantageous in javaScript

Yay

01-16-2010, 01:51 PM

Hi,

Im still not getting at what you're saying.

I just need the message "Please enter a name for the person" to be removed when you run the page.

Dormilich

01-16-2010, 03:14 PM

I say that you have the error messages in the wrong part. they are executed if the form is not submitted (i.e. when you firast load the page), therefore you get the errors.

you have to wrap your complete PHP code in the mentioned if block. anything outside that is executed on page load.

ninnypants

01-16-2010, 03:36 PM

What he's saying is this

<?php
$con=mysql_connect('localhost', 'root', 'root');

if(!$con)
{
die('connection to the db failed. please contact a sysop');
}

if(isset($_POST['newrecord'])){

/* 2 */

echo

$name ='';
$gigs ='';
$mailing ='';
$mail ='';

$name = $_POST['name'];
$gigs = $_POST['gigs'];
$mailing = $_POST['mailing'];
$mail = $_POST['mail'];
}

if(trim($name)=='')
{
$errmsg ='Please enter the name of the person.';
}
else if(trim($gigs)=='')
{
$errmsg= 'Please enter a number in the gigs field.';
}
else if(trim($mailing)=='')
{
$errmsg= 'Please select a value in the mailing list field';
}
else if(trim($mail)=='')
{
$errmsg= 'Please enter the persons email.';
}

if(isset($errmsg)){
echo $errmsg;
}else{

mysql_select_db("pp", $con);
$name=($_POST['name']);
$gigs=($_POST['gigs']);
$mailing=($_POST['mailing']);
$mail=($_POST['mail']);

$sql="INSERT INTO members (Name,Gigs,Mailing,Mail) VALUES ('$name','$gigs', '$mailing','$mail')";

if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "<b>You have successfully entered this record into the database for <em>$name</em>.</b>";
mysql_close($con);

}

?>

Needs to become this

<?php
$con=mysql_connect('localhost', 'root', 'root');

if(!$con){
die('connection to the db failed. please contact a sysop');
}

if(isset($_POST['newrecord'])){

/* 2 */

$name = '';
$gigs = '';
$mailing = '';
$mail = '';

$name = $_POST['name'];
$gigs = $_POST['gigs'];
$mailing = $_POST['mailing'];
$mail = $_POST['mail'];

if(trim($name) == '') {
$errmsg = 'Please enter the name of the person.';
}else if(trim($gigs) == ''){
$errmsg = 'Please enter a number in the gigs field.';
}else if(trim($mailing) == ''){
$errmsg = 'Please select a value in the mailing list field';
}else if(trim($mail) == ''){
$errmsg = 'Please enter the persons email.';
}

if(isset($errmsg)){
echo $errmsg;
}else{

mysql_select_db("pp", $con);
// escape input
$name = mysql_real_escape_string($_POST['name']);
$gigs = mysql_real_escape_string($_POST['gigs']);
$mailing = mysql_real_escape_string($_POST['mailing']);
$mail = mysql_real_escape_string($_POST['mail']);

$sql="INSERT INTO members (Name,Gigs,Mailing,Mail) VALUES ('$name','$gigs', '$mailing','$mail')";

if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "<b>You have successfully entered this record into the database for <em>$name</em>.</b>";
mysql_close($con);

}

}

?>

I also added some things in like escaping your database input. You should develop one style for when you write code too it makes it much more readable