473,324 Members | 2,356 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Confused About PHP!?

Hi folks,

I am creating a site in FrontPage, and want to use PHP to validate a form I
have created, however I would like the return of the users input (which the
user reviews to check for errors), to be in the same design or style which
the rest of my site has been created in. I have found a script wich does the
basics of what I want, but it needs a lot of modifying, and I have a few
questions. Here is the script:

<?php
/* Program name: checkRegInfo.php
* Description: Program checks all the form fields for
* blank fields and incorrect format.
*/
?>
<html>
<head><title>Registration Validation</title></head>
<body>
<?php
/* set up array of field labels */
$label_array = array ( "first_name" ="First Name",
"middle_name" ="Middle Name",
"last_name" ="Last Name",
"phone" ="Phone");
foreach ($_POST as $field =$value)
{
/* check each field except middle name for blank fields */
if ( $value == "" )
{
if ($field != "middle_name")
{
$blank_array[$field] = "blank";
}
}
elseif ($field == "first_name" or $field == "middle_name"
or $field == "last_name" )
{
if (!ereg("^[A-Za-z' -]{1,50}$",$_POST[$field]) )
{
$bad_format[$field] = "bad";
}
}
elseif ($field == "phone")
{
if(!ereg("^[0-9)( -]{7,20}(([xX]|(ext)|(ex))?[ -]?[0-9]{1,7})?$",$value))
{
$bad_format[$field] = "bad";
}
}
}
/* if any fields were not okay, display error message and form */
if (@sizeof($blank_array) 0 or @sizeof($bad_format) 0)
{
if (@sizeof($blank_array) 0)
{
/* display message for missing information */
echo "<b>You didn't fill in one or more required fields. You must
enter:</b><br>";
/* display list of missing information */
foreach($blank_array as $field =$value)
{
echo "&nbsp;&nbsp;&nbsp;{$label_array[$field]}<br>";
}
}
if (@sizeof($bad_format) 0)
{
/* display message for bad information */
echo "<b>One or more fields have information that appears to be
incorrect. Correct the format for:</b><br>";
/* display list of bad information */
foreach($bad_format as $field =$value)
{
echo "&nbsp;&nbsp;&nbsp;{$label_array[$field]}<br>";
}
}
/* redisplay form */
$first_name = $_POST['first_name'];
$middle_name = $_POST['middle_name'];
$last_name = $_POST['last_name'];
$phone = $_POST['phone'];
echo "<p><hr>
<form action='checkRegInfo.php' method='POST'>
<center>
<table width='95%' border='0' cellspacing='0' cellpadding='2'>
<tr><td align='right'><B>{$label_array['first_name']}:</br></td>
<td><input type='text' name='first_name' size='65' maxlength='65'
value='$first_name' </td>
</tr>
<tr><td align='right'><B>{$label_array['middle_name']}:</br></td>
<td><input type='text' name='middle_name' size='65' maxlength='65'
value='$middle_name' </td>
</tr>
<tr><td align='right'><B>{$label_array['last_name']}:</B></td>
<td<input type='text' name='last_name' size='65' maxlength='65'
value='$last_name'</td>
</tr>
<tr><td align='right'><B>{$label_array['phone']}:</B></td>
<td<input type='text' name='phone' size='65' maxlength='65'
value='$phone'</td>
</tr>
</table>
<p><input type='submit' value='Submit name and phone number'>
</form>
</center>";
exit();
}
echo "Welcome";
?>
</body></html>

(The code, with modifications, was from PHP & MySQL For Dummies - By Janet
Valade)

Can someone let me know if I am on the right track with these assumptions or
answer any questions?

1) I am assuming that because of the HTML tags, that this page is designed
to return on a plain HTML page (without any site design features). Can I
split up the code, and push it into the relevant areas so that the page
returns within my design template?

2) Concerning the initial array right after the <?php statement; this seems
to be crafted by the author of the code, am I right to assume that I would
have to change this "label_array" to represent the fields I have used on my
form?

3) Is this the type of form, where if a user input an error (characters not
allowed by the ereg statement), will the program star "*" fields that are
incorrectly filled or leave the user guessing?

3a) How can the program be modified to star or otherwise indicate fields
that need to be changed?

4) Can anyone see any security issues in this form at present?

5) I actually have one field "Username" where I will need to query my
database, to ensure that the Username a user enters is not the same as one
already in the database. I have read a little on MySQL injection, am I right
in thinking that it is only where a form has to query a database, that a
MySQL Injection attack can occur, or can they also occur when data is
written to a database? Check out this article from PHP.NET:

http://www.php.net/manual/en/functio...ape-string.php

OK that's all I can think to ask for now, so if anyone can help a struggling
newbie, blessings on you...

Regards,
C.B.
Sep 21 '06 #1
2 1463
It looks like the script keeps track of and then displays the names of
the fields that are incorrect above the form. If you want to put a "*"
next to bad fields then when it redisplays the form you will need to
check the array of bad labels if the label is in that array display an
* before the lable. I'm unclear about what you mean by split the code
up. If you mean that your input elements are in different places than
this example script then just cut and past the iinput elements into
their correct places. Yes you would change the label array at the top
of the code to fit your form but you will also need to change the form
that it redisplays to include all of your fields. I did not notice any
extra security measures but it does do a lot in the way of validation
and restricting what characters can be used (I'm no expert but that
should reduce your risk of SQL injection). If you're having trouble w/
the php you can probably find JavaScript validators to do the same
thing. If you try to add the validation to your page and then post the
code if you have problems I'm sure someone will be able to help you.
Cerebral Believer wrote:
Hi folks,

I am creating a site in FrontPage, and want to use PHP to validate a form I
have created, however I would like the return of the users input (which the
user reviews to check for errors), to be in the same design or style which
the rest of my site has been created in. I have found a script wich does the
basics of what I want, but it needs a lot of modifying, and I have a few
questions. Here is the script:

<?php
/* Program name: checkRegInfo.php
* Description: Program checks all the form fields for
* blank fields and incorrect format.
*/
?>
<html>
<head><title>Registration Validation</title></head>
<body>
<?php
/* set up array of field labels */
$label_array = array ( "first_name" ="First Name",
"middle_name" ="Middle Name",
"last_name" ="Last Name",
"phone" ="Phone");
foreach ($_POST as $field =$value)
{
/* check each field except middle name for blank fields */
if ( $value == "" )
{
if ($field != "middle_name")
{
$blank_array[$field] = "blank";
}
}
elseif ($field == "first_name" or $field == "middle_name"
or $field == "last_name" )
{
if (!ereg("^[A-Za-z' -]{1,50}$",$_POST[$field]) )
{
$bad_format[$field] = "bad";
}
}
elseif ($field == "phone")
{
if(!ereg("^[0-9)( -]{7,20}(([xX]|(ext)|(ex))?[ -]?[0-9]{1,7})?$",$value))
{
$bad_format[$field] = "bad";
}
}
}
/* if any fields were not okay, display error message and form */
if (@sizeof($blank_array) 0 or @sizeof($bad_format) 0)
{
if (@sizeof($blank_array) 0)
{
/* display message for missing information */
echo "<b>You didn't fill in one or more required fields. You must
enter:</b><br>";
/* display list of missing information */
foreach($blank_array as $field =$value)
{
echo "&nbsp;&nbsp;&nbsp;{$label_array[$field]}<br>";
}
}
if (@sizeof($bad_format) 0)
{
/* display message for bad information */
echo "<b>One or more fields have information that appears to be
incorrect. Correct the format for:</b><br>";
/* display list of bad information */
foreach($bad_format as $field =$value)
{
echo "&nbsp;&nbsp;&nbsp;{$label_array[$field]}<br>";
}
}
/* redisplay form */
$first_name = $_POST['first_name'];
$middle_name = $_POST['middle_name'];
$last_name = $_POST['last_name'];
$phone = $_POST['phone'];
echo "<p><hr>
<form action='checkRegInfo.php' method='POST'>
<center>
<table width='95%' border='0' cellspacing='0' cellpadding='2'>
<tr><td align='right'><B>{$label_array['first_name']}:</br></td>
<td><input type='text' name='first_name' size='65' maxlength='65'
value='$first_name' </td>
</tr>
<tr><td align='right'><B>{$label_array['middle_name']}:</br></td>
<td><input type='text' name='middle_name' size='65' maxlength='65'
value='$middle_name' </td>
</tr>
<tr><td align='right'><B>{$label_array['last_name']}:</B></td>
<td<input type='text' name='last_name' size='65' maxlength='65'
value='$last_name'</td>
</tr>
<tr><td align='right'><B>{$label_array['phone']}:</B></td>
<td<input type='text' name='phone' size='65' maxlength='65'
value='$phone'</td>
</tr>
</table>
<p><input type='submit' value='Submit name and phone number'>
</form>
</center>";
exit();
}
echo "Welcome";
?>
</body></html>

(The code, with modifications, was from PHP & MySQL For Dummies - By Janet
Valade)

Can someone let me know if I am on the right track with these assumptions or
answer any questions?

1) I am assuming that because of the HTML tags, that this page is designed
to return on a plain HTML page (without any site design features). Can I
split up the code, and push it into the relevant areas so that the page
returns within my design template?

2) Concerning the initial array right after the <?php statement; this seems
to be crafted by the author of the code, am I right to assume that I would
have to change this "label_array" to represent the fields I have used on my
form?

3) Is this the type of form, where if a user input an error (characters not
allowed by the ereg statement), will the program star "*" fields that are
incorrectly filled or leave the user guessing?

3a) How can the program be modified to star or otherwise indicate fields
that need to be changed?

4) Can anyone see any security issues in this form at present?

5) I actually have one field "Username" where I will need to query my
database, to ensure that the Username a user enters is not the same as one
already in the database. I have read a little on MySQL injection, am I right
in thinking that it is only where a form has to query a database, that a
MySQL Injection attack can occur, or can they also occur when data is
written to a database? Check out this article from PHP.NET:

http://www.php.net/manual/en/functio...ape-string.php

OK that's all I can think to ask for now, so if anyone can help a struggling
newbie, blessings on you...

Regards,
C.B.
Sep 22 '06 #2
Daniel,

Thanks for your reply. I think I understandmost of what you have written.
As for splitting the code up, well what I mean is my form is presented on a
HTML page within a table, and I am curious to know whther PHP will realise
what data to extract from the form when the user sends it. So really I want
to present the form so that its design is consistent with the rest of my
site, and also, if the form is redisplayed for any input errors to be
corrected by the user, I would like the form to be displayed in like manner.

Regards,
C.B.

"Daniel" <Cu************@gmail.comwrote in message
news:11*********************@b28g2000cwb.googlegro ups.com...
It looks like the script keeps track of and then displays the names of
the fields that are incorrect above the form. If you want to put a "*"
next to bad fields then when it redisplays the form you will need to
check the array of bad labels if the label is in that array display an
* before the lable. I'm unclear about what you mean by split the code
up. If you mean that your input elements are in different places than
this example script then just cut and past the iinput elements into
their correct places. Yes you would change the label array at the top
of the code to fit your form but you will also need to change the form
that it redisplays to include all of your fields. I did not notice any
extra security measures but it does do a lot in the way of validation
and restricting what characters can be used (I'm no expert but that
should reduce your risk of SQL injection). If you're having trouble w/
the php you can probably find JavaScript validators to do the same
thing. If you try to add the validation to your page and then post the
code if you have problems I'm sure someone will be able to help you.
Cerebral Believer wrote:
>Hi folks,

I am creating a site in FrontPage, and want to use PHP to validate a form
I
have created, however I would like the return of the users input (which
the
user reviews to check for errors), to be in the same design or style
which
the rest of my site has been created in. I have found a script wich does
the
basics of what I want, but it needs a lot of modifying, and I have a few
questions. Here is the script:

<?php
/* Program name: checkRegInfo.php
* Description: Program checks all the form fields for
* blank fields and incorrect format.
*/
?>
<html>
<head><title>Registration Validation</title></head>
<body>
<?php
/* set up array of field labels */
$label_array = array ( "first_name" ="First Name",
"middle_name" ="Middle Name",
"last_name" ="Last Name",
"phone" ="Phone");
foreach ($_POST as $field =$value)
{
/* check each field except middle name for blank fields */
if ( $value == "" )
{
if ($field != "middle_name")
{
$blank_array[$field] = "blank";
}
}
elseif ($field == "first_name" or $field == "middle_name"
or $field == "last_name" )
{
if (!ereg("^[A-Za-z' -]{1,50}$",$_POST[$field]) )
{
$bad_format[$field] = "bad";
}
}
elseif ($field == "phone")
{
if(!ereg("^[0-9)( -]{7,20}(([xX]|(ext)|(ex))?[ -]?[0-9]{1,7})?$",$value))
{
$bad_format[$field] = "bad";
}
}
}
/* if any fields were not okay, display error message and form */
if (@sizeof($blank_array) 0 or @sizeof($bad_format) 0)
{
if (@sizeof($blank_array) 0)
{
/* display message for missing information */
echo "<b>You didn't fill in one or more required fields. You must
enter:</b><br>";
/* display list of missing information */
foreach($blank_array as $field =$value)
{
echo "&nbsp;&nbsp;&nbsp;{$label_array[$field]}<br>";
}
}
if (@sizeof($bad_format) 0)
{
/* display message for bad information */
echo "<b>One or more fields have information that appears to be
incorrect. Correct the format for:</b><br>";
/* display list of bad information */
foreach($bad_format as $field =$value)
{
echo "&nbsp;&nbsp;&nbsp;{$label_array[$field]}<br>";
}
}
/* redisplay form */
$first_name = $_POST['first_name'];
$middle_name = $_POST['middle_name'];
$last_name = $_POST['last_name'];
$phone = $_POST['phone'];
echo "<p><hr>
<form action='checkRegInfo.php' method='POST'>
<center>
<table width='95%' border='0' cellspacing='0' cellpadding='2'>
<tr><td align='right'><B>{$label_array['first_name']}:</br></td>
<td><input type='text' name='first_name' size='65' maxlength='65'
value='$first_name' </td>
</tr>
<tr><td align='right'><B>{$label_array['middle_name']}:</br></td>
<td><input type='text' name='middle_name' size='65'
maxlength='65'
value='$middle_name' </td>
</tr>
<tr><td align='right'><B>{$label_array['last_name']}:</B></td>
<td<input type='text' name='last_name' size='65' maxlength='65'
value='$last_name'</td>
</tr>
<tr><td align='right'><B>{$label_array['phone']}:</B></td>
<td<input type='text' name='phone' size='65' maxlength='65'
value='$phone'</td>
</tr>
</table>
<p><input type='submit' value='Submit name and phone number'>
</form>
</center>";
exit();
}
echo "Welcome";
?>
</body></html>

(The code, with modifications, was from PHP & MySQL For Dummies - By
Janet
Valade)

Can someone let me know if I am on the right track with these assumptions
or
answer any questions?

1) I am assuming that because of the HTML tags, that this page is
designed
to return on a plain HTML page (without any site design features). Can I
split up the code, and push it into the relevant areas so that the page
returns within my design template?

2) Concerning the initial array right after the <?php statement; this
seems
to be crafted by the author of the code, am I right to assume that I
would
have to change this "label_array" to represent the fields I have used on
my
form?

3) Is this the type of form, where if a user input an error (characters
not
allowed by the ereg statement), will the program star "*" fields that are
incorrectly filled or leave the user guessing?

3a) How can the program be modified to star or otherwise indicate fields
that need to be changed?

4) Can anyone see any security issues in this form at present?

5) I actually have one field "Username" where I will need to query my
database, to ensure that the Username a user enters is not the same as
one
already in the database. I have read a little on MySQL injection, am I
right
in thinking that it is only where a form has to query a database, that a
MySQL Injection attack can occur, or can they also occur when data is
written to a database? Check out this article from PHP.NET:

http://www.php.net/manual/en/functio...ape-string.php

OK that's all I can think to ask for now, so if anyone can help a
struggling
newbie, blessings on you...

Regards,
C.B.

Sep 23 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

16
by: Rod Carrol | last post by:
Hello all, As a beginner I've been exeperiencing lots of errors while building my website, (I'm currently attempting to implement a member login/registration piece for my site using mySQL and...
3
by: R | last post by:
Hello everybody. I'm looking for PHP API function for 'die' I'm messing with my own function - it's my own 'var_dump' - 'myDump' It works fine, but I want to end script after dumping...
6
by: Wescotte | last post by:
I'm having an issue where what should be global variables are not in scope and I'm confused as to why. In Case 1 the variables are not in scope for functions in File2 In Case 2 the varibales are...
6
by: prieditis | last post by:
I need some very basic advice. Let's suppose I need to do some mysql queries and updates to a database. I also need to dynamically update parts of a web page that the user is looking at based on...
26
by: Dodger | last post by:
Okay, background... yes, I am another of those evil, spurned, damnable Perl mongers, but I'm not trying to start a flamewar, I'm juust tryung to understand something... I can write a script in...
3
by: itfetish | last post by:
I've been programming a bit in PHP and then recently learnt classic ASP for projects at work, now I'm working on another project that they want done in .net. I've got my head around web parts, that...
2
by: abshirf2 | last post by:
Hello all, I am really confused, please help! :( I have tomcat 5.5 installed on my machine and i have the JDK/JRE installed. Everything is working fine. Now what i want to do is install php...
6
by: orfiyus | last post by:
Wutup Im trying to write a php script that has a link. When the user clicks the link the link turns into a text field which the user can modify. When the user clicks elsewhere the text that the...
5
by: jeddiki | last post by:
I am building my subscriber list which is held in the mySQL database "client" table and I want to start sending them a newsletter. My list will probably get up to around 20,000 I would like...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.