PHP - Where Should I Validate The Return Value?

Hi Everyone..   I am not sure if I should post this question here. I would like to fix this problem using PHP rather than HTML. I am new to PHP. This code is part of an old PHP gallery file. I am trying to validate my site but the site's links have some characters that makes the link throw errors in W3C Validator. So I tried to replace the characters with HTML characters for example ? are now replaced by ?   so my original link before using valid HTML characters looked like

www.awebsite.com/viewgallery.php?cname=Colorado-Fall&pcaption=Lost-In-The-art

And now it looks like this ...

www.awebsite.com/viewgallery.php?cname=Colorado-Fall&pcaption=Lost-In-The-art

But now W3C Validator shows an error like this Line 32, Column 240: an attribute value must be a literal unless it contains only name characters

…n class='next'><a href=viewgallery.php&#63;cname&#61;Colorado-Journeys&amp;pca…

✉ You have used a character that is not considered a "name character" in an attribute value. Which characters are considered "name characters" varies between the different document types, but a good rule of thumb is that unless the value contains only lower or upper case letters in the range a-z you must put quotation marks around the value. In fact, unless you have extreme file size requirements it is a very very good idea to always put quote marks around your attribute values. It is never wrong to do so, and very often it is absolutely necessary.

I do not know whats going on.  I have tried two different methods of validating and email and it keeps saying invalid email
I have even tried to debug it by putting errors and nothing
i have tried
preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $e)
and
fliter_var($e, FLITER_VALIDATE_EMAIL);

the email i am trying to debug is a valid one.  its one I use daily.  I have tried different emails and still no luck.... someone help me please!

Hi, I am fairly new to php and I wanted to know whether you could validate a "input type = text ". I have made a class where i've made functions to validate test fields but i dont know how to call them with the html form.

Any suggestions or tips .... Thanks in advance. 

Hi,

I want to control a variable (decide whether to track click if coming from a specific site oppose to hitting the final site (destination) directly.
For example:

www.portal.com - this will be a management site that will redirect viewers to the the final destination based on variable info - for exmample $a=123 or $a= 567 - which would come in as www.portal.com?a=123 or www.portal.com?a=567

Note: 123 would redirect to www.abc.com?a=123 and/or 567 would redirect to www.xyz.com?a=567 with said variable(s).
------

My question is this: What is the best method to authenticate (both on) www.abc.com and/or www.xyz.com that the referred viewer came from www.portal.com?
I know about the super globals (HTTP_REFERER) but want to know if there are other (more) secure method to manage this interaction between external domains /websites?

Any insight on this appreciated - thanks!

I am working on a script for a simple form with only 2 options that are dropdowns.  I need to validate these two options that there is a selection made.

I have gotten the first one to validate, but I cannot get the second one to validate.  Can anyone steer me in the right direciton why only one is working?  I get no errors in the script, so I assume I am just missing something.

Code: [Select]
<?php
// options for drop-down menu
$choices = array('-- Choose Your Item','Anniversary Jacket', 'Anniversary T-Shirt');
$sizes = array('-- Choose Your Size','L', 'XL');

if($_SERVER['REQUEST_METHOD'] == 'GET'){
    // display form when GET
    showForm(array());
}
else{
    // process form if POST
    $errors = validateForm();
    if(count($errors)) showForm($errors); // if errors show again
    else print 'Form submitted succesfully!'; // no errors
}


// function generating form
function showForm($errors){

    global $choices,$sizes;

    // set defaults
    $defaults = array();
    foreach($choices as $key => $choice){
        if(isset($_POST['item']) && ($_POST['item'] == $key)) $defaults['item'][$key] = 'selected';
        else $defaults['item'][$choice] = '';
    } 
    foreach($sizes as $key => $size){
        if(isset($_POST['size']) && ($_POST['size'] == $key)) $defaults['size'][$key] = 'selected';
        else $defaults['size'][$size] = '';
    } 


    // print form
    print "<form action='{$_SERVER['SCRIPT_NAME']}' method='post'>";

    print "<div>";
    print "<select name='item'>";
    foreach($choices as $key => $choice){
        print "<option value='{$key}' {$defaults['item'][$key]}>{$choice}</option>"; 
    }
    print "</select>";
    showError('item', $errors);
    print "</div>";



print "<div>";
    print "<select name='size'>";
    foreach($sizes as $key => $size){
        print "<option value='{$key}' {$defaults['size'][$key]}>{$size}</option>"; 
    }
    print "</select>";
    showError('size', $errors);
    print "</div>";
    
    
    print "<input type='submit'/>";




    print "</form>";

}

// display error
function showError($type, $errors){
    if(isset($errors[$type])) print "<b>{$errors[$type]}</b>";
}

// validate data
function validateForm(){

    global $choices,$sizes;
    
    // start validation and store errors
    $error = array();
    

    // validate drop-down
    if(!(isset($_POST['item']) && (array_key_exists($_POST['item'], $choices)) && $_POST['item'] != 0)) $errors['item'] = 'Select Item';


     return $errors;
    

    // validate drop-down
    if(!(isset($_POST['size']) && (array_key_exists($_POST['size'], $choices)) && $_POST['size'] != 0)) $errors['size'] = 'Select Size';


     return $errors;

}







?>

Hey everyone, im building my first newsletter sign up and wanted to add the validation of checking if the email is already in the database.

This is the top part of the code that works.
<?php

switch ($_REQUEST['action']) {

default:

foreach($_POST as $key=>$value){
$$key = $value;
}

if ($email == ''){
$error_msg = 'email required';
}

elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { 
    $error_msg = 'Invalid email address'; 
}
echo "";


if ($error_msg == ''){

foreach($_POST as $key=>$value){
$$key = htmlentities(stripslashes($value));
}
 $Q = mysql_query("INSERT INTO newsletter (`email`) VALUES ('$email')");

But when i add my attempted validation it doesn't work.

$check = mysql_query("SELECT FROM newsletter WHERE email = '$email'") or die(mysql_error()); 
 $check2 = mysql_num_rows($check); 
 if ($check2 != 1) {
 
 $error_msg = 'email exists'; 

Could someone be so kind to add this code where it should go, iv tried everything.

Hello. So I already know an extremely elementary way to check to see if a form field is blank using PHP. For example:
Code: [Select]
if ($subject == "")
The question I have is, is there a way to have php check every field in a form to make sure it has some sort of value? I want to create an 'if' statement which basically says, "If all form fields have something filled in, then do this" For example

Code: [Select]
if ($subject == "any value") & ($name == "any value") & ($comment == "any value")

Not sure if that makes sense. Any help would be greatly appreciated!!!

I need to validate the POST fields below except a few hidden inputs like User_id & category: They are not huge but i would not like to write for each a line of code like if(empty($_popst['field'])) ...
How can simplify this by checking only if they are empty and display a message that lists all fields that were not filled?

Code: [Select]
array('user_id'=>$data['Id'], 'surname'=>$_POST['surname'], 'firstname'=>$_POST['firstname'], 'middlename'=>$_POST['middlename'], 'id_number'=>$_POST['id_number'], 'pin_number'=>$_POST['pin_number'], 'street'=>$_POST['street'], 'estate'=>$_POST['estate'], 'hse_number'=>$_POST['hse_number'], 'town'=>$_POST['town'], 'tele'=>$_POST['tele'], 'mobi'=>$_POST['mobi'], 'work_street'=>$_POST['work_street'], 'work_building'=>$_POST['work_building'], 'company'=>$_POST['company'], 'work_town'=>$_POST['work_town'], 'work_tele'=>$_POST['work_tele'], 'work_fax'=>$_POST['work_fax'], 'cont_surname'=>$_POST['cont_surname'], 'cont_firstname'=>$_POST['cont_firstname'], 'cont_middlename'=>$_POST['cont_middlename'], 'cont_street'=>$_POST['cont_street'], 'cont_building'=>$_POST['cont_building'], 'cont_company'=>$_POST['cont_company'], 'cont_home_tele'=>$_POST['cont_home_tele'], 'cont_office_tele'=>$_POST['cont_office_tele'], 'cont_mobi'=>$_POST['cont_mobi']);

Hi

How to get value of all $_Request variable so that we can validate for cross scripting. see below

http://srijanlinux.com/consentRequestNew.php?requestId=24753

print count($_GET); 

// return ----------  1


print_r($_GET);

// return -----------  Array ( [requestId] => 24753 )


Now I want to validate value of requestId. I know I can validate by getting using $_GET['requestId'].

But there are changes that I don't know variable name then How validate unknown variable which might be put by hacker.

Thanks

akash

Having trouble trying to validate a user name and password. This is my code:

Code: [Select]
//check username/password
$user_name_check = mysql_query("SELECT * FROM users WHERE user_name=" . $_POST["user_name"] . "\" AND password=" . $_POST["password"] . "\"");
if(mysql_num_rows($user_name_check))
{
//Do stuff here...
}
But I get the following error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /xxxx/xxxxxxxx/xxxxx/xxxxxxxxxxxxx/xxxx.php on line 32

Any ideas as to why? $user_name_check is a result set right (which is what the mysql_num_rows() requires)??

Is there a class out there that validates window filenames?

Thank you.

There is a login page called login.php, after user type their username and password into textbox, then the page direct it to the page validate, which is validate.php. In validate.php, if user do not type anything, then direct it to the login.php again; if user type their username and password worng less than 3 times, then direct it to the login.php also. However, if user type their username and password more than 3 times, then direct it to the register.php.   Question: i don't know how to make 3 attempts (maybe there are something worng in my page), it doesn't work, Please help, here is my validate.php

<?php
$loginErrorV = false;
$loginErrorW = false;
if(!empty($_POST['username']) && !empty($_POST['password']) && strlen($_POST['username'])!=0 && strlen($_POST['password'])!=0)
{
	//
	$username = $_POST['username'];
	$password = $_POST['username'];

	//Connect to Database
	$conn = mysql_connect("localhost", "root", "");
	if(!$conn){
		die('Could not connect:'.mysql_error());
	}
	mysql_select_db("logindb", $conn);

	//
	$sql = "Select count(username) as user_exist from logint where username = '$username' and password = '$password'";
	$result = mysql_query($sql, $conn);
	$row = mysql_fetch_assoc($result);

	//
	if($row['user_exist'] == 1){
		session_start();
		$_SESSION['username'] = $username;
		header('Location: 10586740.html');
		mysql_close($conn);
	} else {
		$loginErrorV = true;
	}
} else {
	$loginErrorW = true;
}

if($loginErrorV){
	if(isset($_COOKIE['login'])){
		if($_COOKIE['login']<3){
			header('Location:login.php');
			$attempts = $_COOKIE['login'] + 1;
		} else {
			header('Location:register.php');
		}
	}
}

if($loginErrorW){
	header('Location:login.php');
}
?>

This topic has been moved to HTML Help.

http://www.phpfreaks.com/forums/index.php?topic=332254.0

Hello,
I had this code that checks for a form validity using AJAX:
ereg("^[a-zA-Z0-9]+$
This will check only for a-z,0-9 and A-Z, how can I allow white spaces to be inserted?
Thanks