|
PHP - Validating Drop Downs
A form on my website uses several drop down boxes.
One to select an id number from a list retrived by a query. The others to get a start and stop time. Using two for each, one for hours, one for minutes. I already have some validation code which works fine, however, I can't seem to be able to use > or < mathematical signs with the times (ie, the start time must be < than the stop time). Also, I have Code: [Select] value="<? echo $name; ?>" in each of the fields to re-insert the data as it gets erased if the form isn't correct. How do I do the same for the drop downs? I hope this makes sense. Code: [Select] <? // only validate form when form is submitted if(isset($Submit)){ $error_msg=''; if(trim($starttime)==(trim($stopttime))) { //drop down $error_msg.="starttime cannot equal stop time.<br>"; } if(trim($starttime)>(trim($stopttime))) { //drop down $error_msg.="starttime cannot be greater than stop time.<br>"; } if(trim($startfuel)<(trim($stopfuel))) { //text field $error_msg.="Departure fuel cannot be less than arrival fuel<br>"; } if(trim($id)=="sca") { //query powered drop down (this one works, but doesn't re-select the option $error_msg.="Please select the id number.<br>"; } http://southerncrossairlines.ausvirtual.com/New%20Site/Complete/validation/Untitled-1.php Similar TutorialsI have attempted to get a php reporting page built for our off site managers to run reports. Because of the number of employees I think it ouwld be best to sort by foreman, then be able to pick from the resulting drop down list of current employees under that foreman.
My issue I think really comes from having the first drop down be dynamic in that you would see a list of foremen which comes from a query of the main employees table and then picks up only active employees and their foreman. The tutorials I have seen all reference an 'id" field but since I am pulling the info for the drop down from a query, should I have some sort of rowID? If so how? The tutorial I have found checks to see if you pick a number which I seem to have gotten around but when I do the query and look for $GF (general foreman) then the query comes back empty (this is bolded and underlined below). Should this be some sort of rowID for the general foreman drop down?
Below is what I have been able to sort-of get working (adding in the URL handlers I think will be useful for people in the future to be able to bookmark it/send out emails with links already in it etc)
Here is the tutorial http://www.plus2net....p_down_list.php
Not sure if i understand why he used the $nocitia tags either
I know Im close on this but am starting to go crosseyed! Thanks for pointing me in the right direction.
<?php
require 'config.php'; // Database connection
//////// End of connecting to database ////////
?>
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<title>Multiple drop down list box</title>
<SCRIPT language=JavaScript>
function reload(form)
{
var val=form.GF.options[form.GF.options.selectedIndex].value;
var val2=form.EMPLOYEE_ID.options[form.EMPLOYEE_ID.options.selectedIndex].value;
var val3=form.SEPARATED.options[form.SEPARATED.options.selectedIndex].value;
self.location='dd3.php?GF=' + val + '&EMPLOYEE_ID=' + val2 + '&SEPARATED=' + val3 ;
}
</script>
</head>
<body>
<?Php
@$GF=$_GET['GF']; // Use this line or below line if register_global is off
@$EMPLOYEE_ID=$_GET['EMPLOYEE_ID']; // Use this line or below line if register_global is off
@$SEPARATED=$_GET['SEPARATED']; // Use this line or below line if register_global is off
///////// Getting the data from Mysql table for first list box//////////
$quer2="SELECT tbl_Employee_Master.Current_GF as GF FROM tbl_Employee_Master GROUP BY tbl_Employee_Master.Current_GF, tbl_Employee_Master.Separated HAVING (((tbl_Employee_Master.Separated)=0))";
///////////// End of query for first list box////////////
/////// for second drop down list we will check if category is selected else we will display all the subcategory/////
if(strlen($GF) > 0){
$quer="SELECT Employee_ID tbl_Employee_Master WHERE Current_GF=$GF";
}else{$quer="SELECT DISTINCT Employee_ID, Last_Name, First_Name FROM tbl_Employee_Master order by Last_Name"; }
////////// end of query for second subcategory drop down list box ///////////////////////////
echo "<form method=post name=f1 action='dd-check.php'>";
/// Add your form processing page address to action in above line. Example action=dd-check.php////
////////// Starting of first drop downlist /////////
echo "<select name='GF' onchange=\"reload(this.form)\"><option value=''>Select one</option>";
foreach ($dbo->query($quer2) as $noticia2) {
if($noticia2['GF']==@$GF){echo "<option selected value='$noticia2[GF]'>$noticia2[GF]</option>"."<BR>";}
else{echo "<option value='$noticia2[GF]'>$noticia2[GF]</option>";}
}
echo "</select>";
////////////////// This will end the first drop down list ///////////
////////// Starting of second drop downlist /////////
echo "<select name='EMPLOYEE_ID'><option value=''>Select one</option>";
foreach ($dbo->query($quer) as $noticia) {
echo "<option value='$noticia[Employee_ID]'>$noticia[Employee_ID] $noticia[Last_Name] $noticia[First_Name]</option>";
}
echo "</select>";
////////////////// This will end the second drop down list ///////////
//// Add your other form fields as needed here/////
echo "<input type=submit value=Submit>";
echo "</form>";
?>
<br><br>
<a href=dd.php>Reset and start again</a>
<br><br>
<center><a href='http://www.plus2net.com' rel="nofollow">PHP SQL HTML free tutorials and scripts</a></center>
</body>
</html>
Hello, I need help filtering an SQL query based on the combination of drop down menus. I have tried using this code found in another thread but I am still getting all rows selected. Any ideas?? Thank you. Here is my html Code: [Select] <form name="xml.php" method="POST"> <input type="button" id="showmarkers" value="Show Markers" /> <select name="meetingType"> <option value="All Types" selected="All Types">All Types</option> <option value="fun">fun</option> <option value="work">work</option> </select> <select name="meetingDay"> <option value="All Days" selected="All Days">All Days</option> <option value="Monday">Monday</option> <option value="Tuesday">Tuesday</option> <option value="Wednesday">Wednesday</option> <option value="Thursday">Thursday</option> <option value="Friday">Friday</option> <option value="Saturday">Saturday</option> <option value="Sunday">Sunday</option> </select> <select name="meetingTime"> <option value="All Times" selected="All Times">All Times</option> <option value="Early">Early</option> <option value="Noon">Noon</option> <option value="Late">Late</option> </select> </form> And the PHP: Code: [Select] $whereClauses = array(); if (! empty($_POST['meetingType'])) $whereClauses[] ="meetingType='".mysql_real_escape_string($_POST['meetingType'])."'"; if (! empty($_POST['meetingDay'])) $whereClauses[] ="meetingDay='".mysql_real_escape_string($_POST['meetingDay'])."'"; if (! empty($_POST['meetingTime'])) $whereClauses[] ="meetingTime='".mysql_real_escape_string($_POST['meetingTime'])."'"; $where = ''; if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); } $resultID = mysql_query("SELECT * FROM meetings".$where); Hello guys I've hit a problem whicle trying to validate my form. I have 3 drop down boxes where the user chooses from three options. But I can't seem to figure out how to set the validation so the user does not select the same option in each drop down. Can anyone help me solve this please. Thank you. <p><b>Course Choice 1</b> <select name="course1"> <option value="0"></option> <option value="Business computer Systems">Business computer Systems</option> <option value="Business computer Science">Business computer Science</option> <option value="Business computer Science (Games)">Business computer Science (Games)</option> <option value="Business Information Systems">Business Information Systems</option> <option value="Digital Media Development">Digital Media Development</option> <option value="Digital Media">Digital Media</option> </select></p> <p><b>Course Choice 2</b> <select name="course2"> <option value="Leave Blank">Leave Blank</option> <option value="Business computer Systems">Business computer Systems</option> <option value="Business computer Science">Business computer Science</option> <option value="Business computer Science (Games)">Business computer Science (Games)</option> <option value="Business Information Systems">Business Information Systems</option> <option value="Digital Media Development">Digital Media Development</option> <option value="Digital Media">Digital Media</option> </select></p> <p><b>Course Choice 3</b> <select name="course3"> <option value="Leave Blank">Leave Blank</option> <option value="Business computer Systems">Business computer Systems</option> <option value="Business computer Science">Business computer Science</option> <option value="Business computer Science (Games)">Business computer Science (Games)</option> <option value="Business Information Systems">Business Information Systems</option> <option value="Digital Media Development">Digital Media Development</option> <option value="Digital Media">Digital Media</option> </select></p> <div align="centre"><input type="submit" name="submit" value="send request" /></div> //Validate course choice 1 if (!empty($_REQUEST['course1'])) { $course1 = $_REQUEST['course1']; } else { $course1 = NULL; echo '<p><font color="red">Please enter your first choice</font></p>'; } //Validate course choice 2 if (!empty($_REQUEST['course2'])) { $course2 = $_REQUEST['course2']; } else { $course2 = NULL; echo '<p><font color="red">Please enter your second choice</font></p>'; } //Validate course choice 3 if (!empty($_REQUEST['course3'])) { $course3 = $_REQUEST['course3']; } else { $course3 = NULL; echo '<p><font color="red">Please enter your third choice</font></p>'; } //If everything is ok, print the message if ($name && $email && $course1 && $course2 && $course3) { echo "<p>Thank you, <b>$name</b>, You have chosen the following courses for information:<br /><br /> <b>$course1</b><br /> <b>$course2</b><br /> <b>$course3</b></p> <p>We will reply to you at <i>$email</i>.</p>\n"; } else { // One form element was not filled out properly echo '<p><font color="red">Please go back and fill out the form again.</font></p>'; } Hi All, I'm quite new to this PHP stuff and have been creating a site just for the hell of it really but i have a rather bizarre problem that has been driving me nuts for about a week... I have two drops downs, the first gives a list of teams from a mysql table and then this populates the next drop down with a list of players from the selected team.. so far so good. When I hit the select/submit button to select the player, what should happen is both the "team" and "player" are put into another query which gives the stats on the selected player for all the games that he has played in. however, what actually happens in the Session variable sets the "team" variable to blank. I can see this happening when I use Print_r ($_SESSION); So essentially when I click on either submit button from my drop down forms the other value is being removed from the Session array. Oh, the session is still valid (not being destroyed and replaced with another session). First drop down $query_teams="select Team from $teams"; $team_result=mysql_query($query_teams); $num_team=mysql_numrows($team_result); echo $num_team; print_r ($row_team); $team_count = 0; echo '<form method="post" action="map_selector.php">'; echo "<SELECT name='country'>"; while ($row_team1 = mysql_fetch_assoc($team_result)) { $team_info = $row_team1["Team"]; echo "<OPTION value='$team_info'>$team_info </option>"; } echo '</select>'; echo '<center><input type="submit" value="Search"></center>'; $country = $_POST["country"]; $_SESSION["country"] = $country; echo '</form>'; So SCOTLAND is selected Some sql queries to get the results for the possible players and then Drop down 2 $row_full = array_unique($row_home); echo '<form method="post" action="map_selector.php">'; echo "<SELECT name='Player'>"; foreach ($row_full as $key => $value) { echo "<OPTION value='$value'> $value"; } echo '</select>'; echo "@"; echo $country; echo "@"; echo '<center><input type="submit" value="Search"></center>'; $country=$_POST["country"]; $player=$_POST["Player"]; echo "#"; echo $country; echo "#"; echo '</form>'; $_SESSION["Player"] = $player; $selected_player = $_SESSION["Player"]; echo $player; echo $selected_player; echo $country; Print_r ($_SESSION); so Print_r ($_Session) returns: Array ( [Player] => [country] => Scotland [] => ) then a player "Paul Hartley" is selected from the player list and submit is click and then Print_r($_Session) shows: Array ( [Player] => Paul Hartley [country] => [] => ) Can anyone please help... I just can;t understand why this is happening when I'm using a Sessions which, I thought, would retain all variable values until a time-out or a destroy Thanks nhsal69 How much should you validate a First Name? This is my code... // Validate First Name. if (empty($trimmed['firstName'])){ $errors['firstName'] = 'Please enter your First Name.'; }else{ if (preg_match('#^[A-Z \'.-]{2,20}$#i', $trimmed['firstName'])){ $firstName = $trimmed['firstName']; }else{ $errors['firstName'] = 'First Name must be 2-20 characters (A-Z \' . -)'; } } I did this for fear if I left things wide-open it would be a security risk. And in the U.S. at least, the above would really cover all valid First Names. Thoughts? Debbie Hi, I have a user system where people login to my site with their emails. The thing I am after is when a person is registering I want to validate that they have entered a valid email with @.com in the string and not just some repetitive characters e.g. wwwwwww. Could some one guide me what is the best way to check for a valid email and for repetive characters in any given field examle firstname. One last thing I would also like to check that a person only enters Alphabets for name and stuff. Hello all, I need your help again. I have this page where the user inputs data: <?php include "include/dbc.php"; include "include/header.inc"; #error checking will go here ?> <style type="text/css"> .mydate{ color:#00F; text-decoration:underline; cursor:pointer; } </style> <script type="text/javascript"> function displayDate(d){ var date=new Date(); var D=date.getDate(); date.setDate(D+d); var YYYY=date.getFullYear(); var MM=date.getMonth()+1; MM<10?MM='0'+MM:null; var DD=date.getDate(); DD<10?DD='0'+DD:null; var span=document.getElementById('date'); span.innerHTML= 'Entries for '+MM+'/'+DD+'/'+YYYY; } onload=function(){displayDate(0)}; </script> <h1>Food Diary</h1> <div class="full"> <center><div><span class="mydate" onclick="displayDate(-1)"><img src="images/left_arrow.png" border="0">Yesterday</span> <span id="date" style="font-size:2em;"></span> <span class="mydate" onclick="displayDate(1)">Tomorrow<img src="images/right_arrow.png" border="0"></span></div><br /> <a href="#" onclick="displayDate(0);return false;">Today</a> </center> <div class="full"> <form name="exercise" id="exercise" method="GET" action=""> <center><table> <tr> <td><h3>Add an Activity</h3></td> </tr> <tr> <td><input name="NewSearchString" style="width: 100px" type="text"/> <input type="submit" value="Search" /> </td> </tr> <tr> <td> <select name="activity"> <option value="_">Activity Browse...</option> <option value="all">All Activities</option> <option value="biking">Biking</option> <option value="condition">Conditioning</option> <option value="dancing">Dancing</option> <option value="fish">Fishing & Hunting</option> <option value="Home">Home Activities</option> <option value="misc">Miscellaneous</option> <option value="music">Music Playing</option> <option value="occupation">Occupation</option> <option value="running">Running</option> <option value="sports">Sports</option> <option value="walking">Walking</option> <option value="water">Water Activities</option> <option value="winter">Winter Activities</option> </select> <input type="submit" value="Submit" /></td></tr></table></center></form> </td> </tr> </table> </center> <table width="100%"> <tr bgcolor="#66CC33"> <td><div>Activity</div></td> <td><div>Specific Activity</div></td> <td><div>Time (hh:mm)</div></td> <td><div>Distance</div></td> <td><div>Units</div></td> </tr> <tr bgcolor="#66CC33"> <td><div></div></td> <td><div></div></td> <td><div></div></td> <td><div class="Float"></div></td> <td class="cp_Distance"><div></div></td> </tr> <?php if(isset($_GET[activity])) { $category=$_GET[activity]; $result = mysql_query("SELECT * FROM exercise WHERE type='$category'"); ?> <form action="add_activity.php" method="POST"> <?php while($row = mysql_fetch_array($result)) { echo '<tr><td><div>'.$row[Type].'</div></td>'; echo '<td><div>'.$row[Name].'<input type="hidden" name="exerciseid[]" value="'.$row[Name].'"></div></td>'; echo '<td><div><input type="text" name="duration['.$row['Name'].']"></div></td>'; echo '<td><div><input type="text" name="distance['.$row['Name'].']"></div></td>'; echo '<td><div><select name="metric[]"> <option value=""></option> <option value="mile">mile</option> <option value="Km">km</option> <option value="M">m</option>; <option value="Yard">yrd</option> <option value="Feet">ft</option> </select></div></td></tr>'; echo'<input type="hidden" name="submitted" value="1">'; } mysql_close(); ?> <tr><td colspan="6" align="center"><input type="submit" name="submit" value="Add Activities" onClick="return confirm( 'Are you sure you want to submit the activities?');"></td></tr> </form> <?php } ?> <tr bgcolor="#66CC33"> <td><div></div></td> <td><div></div></td> <td><div></div></td> <td><div class="Float"></div></td> <td class="cp_Distance"><div></div></td> </tr></table> <div></div> <?php include "include/footer.inc"; ?> I want to validate that the user enters data for at least one of all the fields provided (distance, duration, metric). If someone could help me get started I'd greatly appreciate it. Hi all, Hi have a bit of a problem that I am completely stuck on. I have a form on a website that needs checkboxes to be processed by PHP, but i have no idea how to implement them. I have found examples, but my knowledge of php is exactly zero, so its confusing the hell out of me. The website is: http://www.geelongnannies.com.au/test/employment.html http://www.geelongnannies.com.au/test/freecontactformprocess3.php http://www.geelongnannies.com.au/test/freecontactformsettings.php if anyone can have a look and give me an example of how to change the php to process the checkboxes when submitted, I will be very grateful cheers! This topic has been moved to Other Programming Languages. http://www.phpfreaks.com/forums/index.php?topic=347582.0 Hello.. I have Two HTML form and one is a Check boxes form that enable users to select their category. Then I need to display second form according to the categories they selected in first form. I use this code in first form to validate form submission.. if ( isset( $_POST['category']) && sizeof( $_POST['category']) <= 3) { $category = $_POST['category']; } else { $errors[] = 'Please select atleast 1, not more than 3 categories'; } If errors array is empty I did this.. if ( empty( $errors )) { // If everything's OK $_SESSION = $category; $url = 'http://localhost/lanka_institute/tutorsignup/select_subjects.php? // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } Can I know and is this correct? I display category list from mysql category table, it has category name and category id this is my html part from first page echo '<td width="50%"><input type="checkbox" name="category[]" vlaue="' . $info['category_id'] . '" /> ' . $info['category_name'] . '</td>'; any help appreciated. Thanks in advance.. I have the following code below to validate a date that the user types in. But I am getting the following error: "Warning preg_match() [function.preg-match]: Unknown modifier '('" Code: [Select] if(!empty($_POST['exp_date'])) { $pattern = '(^[0-9]{1,2})' // 1 or 2 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,2})' // 1 or 2 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,4}$)'; // 1 to 4 digits $exp_date = trim($_POST['exp_date']); if(preg_match($pattern, $exp_date)){ $pattern = '(^[0-9]{1,2})' // 1 or 2 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([a-zA-Z]{1,})' // 1 or more alpha .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,4}$)'; // 1 to 4 digits if (preg_match($pattern, $exp_date)){ $pattern = '(^[a-zA-Z]{1,})' // 1 or more alpha .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,2})' // 1 or 2 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,4}$)'; // 1 to 4 digits if (preg_match($pattern, $exp_date)){ $pattern = '(^[a-zA-Z]{1,})' // 1 or more alpha .'([0-9]{2})' // 2 digits .'([0-9]{4}$)'; // 4 digits if (preg_match($pattern, $exp_date)){ $pattern = '(^[0-9]{4})' // 4 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,2})' // 1 or 2 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,2}$)'; // 1 to 2 digits if (preg_match($pattern, $exp_date)){ $pattern = '(^[0-9]{2})' // 2 digits .'([0-9]{2})' // 2 digits .'([0-9]{4}$)'; // 4 digits if (preg_match($pattern, $exp_date)){ $pattern = '(^[0-9]{4})' // 4 digits .'([^0-9a-zA-Z])' // not alpha or numeric .'([a-zA-Z]{1,})' // 1 or more alpha .'([^0-9a-zA-Z])' // not alpha or numeric .'([0-9]{1,2}$)'; // 1 to 2 digits } else { $errors[]= 'Please enter a valid expiration date.'; } } else { $errors[]= 'Please enter a valid expiration date.'; } } else { $errors[]= 'Please enter a valid expiration date.'; } } else { $errors[]= 'Please enter a valid expiration date.'; } } else { $errors[]= 'Please enter a valid expiration date.'; } } else { $errors[]= 'Please enter a valid expiration date.'; } } else { $errors[]= 'Please input an expiration date.'; } i'm trying to an if statement so that a piece of code is only executed if a returned variable equals a letter in the alphabet(any letter) the variable is from a $_GET, and all i want to check is if the variable contains a letter. This is what i have so far, but it doesnt work $sort=$_GET[orderby]; if ($sort=="[A-Z]") { $read=mysql_query("SELECT * FROM films WHERE title LIKE '".$sort."%'") or die(mysql_error()); $result=mysql_num_rows($read); } else { $read=mysql_query("SELECT * FROM films ORDER BY title") or die("query failed"); $result=mysql_num_rows($read); } Any help would be great. Hello, I am trying to validate my form using php and would like some advice as this is the first time I have attempted this. I have a script which runs when the user clicks the submit button. What I am trying to do is validate the user input before inserting it into the database. This is the script: [font=monospace]<?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = check_input($_POST['fname']); $loc = check_input($_POST['loc']); $com = check_input($_POST['com']); function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.php'); mysql_close(); ?> [/font] What's happening is that when it is submitted to the database, it is displaying < and > characters as < and >. Yet once being redirected with the header function the input is displayed with the < and > signs. I'm not sure if the function in the action script is in the wrong place or not. I have tried moving it around above and below the post variables. Just looking for a bit of advice really. Thank you, Regards, BuNgLe This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=310792.0 OK, so one of my cameras includes a "Copyright" field in the array returned from the exif data and one doesn't. Does anyone have any ideas how one would test for this field, and if it doesn't exist fill the relevant variable with the copyright info. I have been trying to solve this for a couple of hours now without a great deal of success, what I have is:- Code: [Select] $exif = exif_read_data('thistle.jpg', 'EXIF'); $name = $exif['FileName']; $height = $exif['ExifImageWidth']; $width = $exif['ExifImageLength']; $copy = $exif['Copyright']; $model = $exif['Model']; $exposuretime = $exif['ExposureTime']; $fnumber = $exif['COMPUTED']['ApertureFNumber']; $iso = $exif['ISOSpeedRatings']; $date = $exif['DateTime']; echo "File Name: $name<br />"; echo "Comment: " . $exif['COMMENT'][0] . "<br />"; echo "Height: $height<br />"; echo "Width: $width<br />"; echo "Copyright: $copy<br />"; echo "Camera: $model<br />"; echo "Shutter Speed: $exposuretime<br />"; echo "F number: $fnumber<br />"; echo "ISO: " . $iso . "<br />"; echo "Date & Time: $date<br /><br />"; Whatever I try always seems to end with "Notice: Undefined index: Copyright in C:\wamp\www\php\exif-read.php on line 11" it is obviously Code: [Select] $copy = $exif['Copyright'];that is causing the problem, and I can't work out just how to test for the existence of "Copyright" and head this problem off... I am debugging a PHP file that validates a user registration form. I'm very confused on this error message I'm receiving. ( Parse error: syntax error, unexpected '[' in C:\wamp\www\reg.php on line 17 ) I have looked until I cross-eyed to finf the syntax error. Here is a copy of my code: <?php // Post registration to database // Connects to your Database $userName = "taft65_admin"; $passWord = "taft65_paris4505"; $host="localhost"; $dbName = "taft65_members"; mysql_connect("dbName", "userName", "passWoord", "host") or die(mysql_error()); mysql_select_db("dbn") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { [color=yellow]//This makes sure they did not leave any fields blank if (!$_POST['id'] | !_POST['userName'] | !$_POST['passWord'] | !$_POST['confpassWord'] | !$_POST['email'] ) { die('You did not complete all of the required fields'); }[/color] // checks if the userName is in use if (!get_magic_quotes_gpc()) { $_POST['userName'] = addslashes($_POST['userName']); } $usercheck = $_POST['userName']; $check = mysql_query("SELECT userName FROM users WHERE userName = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the userName '.$_POST['userName'].' is already in use.'); } // this makes sure both passWoords entered match if ($_POST['passWord'] != $_POST['ConfPassWord']) { die('Your passWoords did not match. '); } // here we encrypt the passWord and add slashes if needed $_POST['passWord'] = md5($_POST['passWord']); if (!get_magic_quotes_gpc()) { $_POST['passWord'] = addslashes($_POST['passWord']); $_POST['userName'] = addslashes($_POST['userName']); } // now we insert it into the database $insert = "INSERT INTO registration (userName, passWord, email ) VALUES ('".$_POST['userName']."', '".$_POST['passWord'].", '".$_POST['email']."')"; $add_member = mysql_query($insert); ?> <p>Thank you, you have successfully registered. <a href="memPage.html"></a>you may now login.</p> Can someone help me with this by checking the code and tell me where I wen in error. BobLan66 Hi, what is they best way to validate user input of strings? A couple of examples would be : 1> If i wanted to check for the existance on the coma ',' character in a string and replace it with a dash '-' character? 2> To check wether a user has entered a valid ip address in the form of x.x.x.x where x can range from 0-255? I think i may need ereg/preg to do this but i have no idea about how to layout the syntax. Thanks for looking. Hi Guys Can anyone tell me why this doesn't work? Code: [Select] <?php $form = "<form action='test.php' method='POST'><input type='text' name='test' /> <input type='submit'>"; echo $form; $name = $_POST['test']; class validate { function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } } $z = new validate(); echo $z->check_input($name); ?> Also, when it comes to validating POST data that's input via a form and retrieving it is it secure to set a variable for the Post i.e. Code: [Select] $name = $_POST['test']; or is more secure to pass Code: [Select] $_POST['test'] straight into the validation? It just occurs to me if you pull the post into a variable then you're inviting insecure code into your script. Though i am a complete noob at this so might be talking rubbish! Any light you can shed on why my little script isn't working would be appreciated and any tips on the best method for validating data securely would also be welcome Thank you Drongo Hi All, I'm trying to validate file types and keep seeing an error. I only allow .gif, .jpg or .png. However, if I upload any of those file types, I get an error message.... If I echo out $filetypeCheck, I get image/png, which is corrent... Code: [Select] $filetypeCheck = $_FILES["file"]["type"]; if( ($filetypeCheck != "image/gif") || ($filetypeCheck != "image/jpeg") || ($filetypeCheck != "image/png") ) { $val_error[] = 'File Type Error! (.gif, .jpg and .png only)'; } Whats going on here? Hi , As we know we validate the user input data while processing the from. We validate to avoid XSS for that we use html filter to filter invalid tags and all. If the data it self contains some tag like data Ex: <HOMETOWN RANGE> . the html filters truncating it to <HOMETOWN> though the the tag is not a HTML tag . Presently i am using Input class filter it s truncating the text. Can any one suggest me some filters where we can avoid data truncation with non- html tags like above..... |
|||||||