Uncaught TypeError: trim(): Argument #1 ($string) must be of type string, array given in C:\xampp\htdocs\php\required_valid_form.php:52
Is there any Syntax issue, which is collapsing with each other?
<?php
$name=$email=$website=$comment=$gender="";
$nameErr=$emailErr=$genderErr="";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is Required";
} else {
$name = test_input($_POST=["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Your Email is Required";
} else {
$email = test_input($_POST=["email"]);
}
if(empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST=["website"]);
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST=["comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "It is required!";
} else {
$gender = test_input($_POST=["gender"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Issue : $_POST=["name"] I was using assignment operator here which is not right.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<style>
.error {
color:#FF0000;
}
</style>
</head>
<body>
<?php
$name=$email=$website=$comment=$gender="";
$nameErr=$emailErr=$genderErr="";
if($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is Required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Your Email is Required";
}
else {
$email = test_input($_POST["email"]);
}
if(empty($_POST["website"])) {
$website="";
}
else {
$website = test_input($_POST["website"]);
}
if (empty($_POST["comment"])) {
$comment="";
}
else {
$comment = test_input($_POST["comment"]);
}
if(empty($_POST["gender"])) {
$genderErr = "It is required!";
}
else {
$gender = test_input($_POST["gender"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<p><span class="error">Required Field *</span> </p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
Name : <input type="text" name="name"><span class="error">* <?php echo $nameErr; ?></span>
<br><br>
Email : <input type="email" name="email"><span class="error">* <?php echo $emailErr; ?> </span>
<br><br>
Website: <input type="text" name="website" id=""><br><br>
Comment: <textarea name="comment" id="" cols="30" rows="10"></textarea><br>
Gender : <input type="radio" name="gender" value="Male">Male
<input type="radio" name="gender" value="Female">Female
<input type="radio" name="gender" value="Other">Other <span class="error">*<?php echo $genderErr; ?></span>
<br><br>
<input type="submit" value="Submit Here">
</form>
<?php
echo "<h2>Your Input</h2>";
echo $name;
echo "<br><br>";
echo $email;
echo "<br><br>";
echo $website;
echo "<br><br>";
echo $comment;
echo "<br><br>";
echo $gender;
?>
</body>
</html>
Related
I'm new to PHP and I just want to make some form like a basic form. But I have trouble in the values entered by the user. For example if they enter a empty field it should not redirect or if in the email they didn't enter a correct format the form should not redirect. But in my case it always redirect even though the input is invalid. Can you help me out on how can I stop redirecting to another page if the value entered by the user is invalid?
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>FG4</title>
</head>
<style>
.error {color: red}
</style>
<body>
<?php
$fname = $lname = $fgender = $mail = $dob = $address = "";
$fnameErr = $lnameErr = $genderErr = $mailErr = $dobErr = $addressErr = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["fname"])) {
$fnameErr = "Please enter your first name.";
} else {
$fname = input($_GET["fname"]);
// check if name only contains letters and space
if (!preg_match("/^[a-zA-Z-' ]*$/",$fname)) {
$fnameErr = "Please enter a valid name";
}
}
if (empty($_GET["lname"])) {
$lnameErr = "Please enter your last name.";
} else {
$lname = input($_GET["lname"]);
// check if name only contains letters and space
if (!preg_match("/^[a-zA-Z-' ]*$/",$lname)) {
$lnameErr = "Please enter a valid name";
}
}
if (empty($_GET["gender"])) {
$genderErr = "Please select a gender.";
} else{
$gender = input($_GET["gender"]);
}
if (empty($_GET["mail"])) {
$mailErr = "Please enter your email.";
} else {
$mail = input($_GET["mail"]);
// check if email contain gmail.com or yahoo.com
if (!preg_match("/#gmail.com|#yahoo.com/", $mail)) {
$mailErr = "Please enter a valid email.";
}
}
if (empty($_GET["dob"])) {
$dobErr = "Please select your date of birth.";
} else{
$lname = input($_GET["lname"]);
}
if (empty($_GET["address"])) {
$addressErr = "Please enter your address.";
} else {
$address = input($_GET["address"]);
// check if address contain the following characters
if (!preg_match(" /#|[0-9]|[a-z]|[A-Z]/ ",$address)) {
$address = "Please enter a valid address";
}
}
}
function input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form method="get" action="trial.php">
First Name: <input type="text" name="fname">
<span class="error">* <?php echo $fnameErr;?></span>
<br><br>
Larst Name: <input type="text" name="lname">
<span class="error">* <?php echo $lnameErr;?></span>
<br><br>
Gender: <input type="radio" name="gender" value="male"> Male
<input type="radio" name="gender" value="female"> Female
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Email: <input type="text" name="mail">
<span class="error">* <?php echo $mailErr;?></span>
<br><br>
Date of Birth: <input type="date" name="dob">
<span class="error">* <?php echo $dobErr;?></span>
<br><br>
Address: <br><textarea type="text" name="address" rows="5" cols="40"></textarea>
<span class="error"><?php echo $addressErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
Here is the other code where it just print the values entered by the user
<?php
if ($_SERVER["REQUEST_METHOD"] == "GET") {
// collect value of input field
$fname = $_GET['fname'];
$lname = $_GET['lname'];
$gender = $_GET['gender'];
$mail = $_GET['mail'];
$dob = $_GET['dob'];
$address = $_GET['address'];
echo "<h2> Final Output:</h2>";
echo "First Name :$fname";
echo "<br>";
echo "Last Name :$lname";
echo "<br>";
echo "Gender :$gender";
echo "<br>";
echo "Email :$mail";
echo "<br>";
echo "Date of Birth :$dob";
echo "<br>";
echo "Address :$address";
}
?>
</body>
</html>
There are many ways to do what you want.
One of them is to use a hidden form and submit it only if there is no error found after the validation.
Hence the amended code (based on your original code) will be:
trial.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>FG4</title>
</head>
<style>
.error {color: red}
</style>
<body>
<?php
$fname = $lname = $fgender = $mail = $dob = $address = "";
$fnameErr = $lnameErr = $genderErr = $mailErr = $dobErr = $addressErr = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["fname"])) {
$fnameErr = "Please enter your first name.";
} else {
$fname = input($_GET["fname"]);
// check if name only contains letters and space
if (!preg_match("/^[a-zA-Z-' ]*$/",$fname)) {
$fnameErr = "Please enter a valid name";
}
}
if (empty($_GET["lname"])) {
$lnameErr = "Please enter your last name.";
} else {
$lname = input($_GET["lname"]);
// check if name only contains letters and space
if (!preg_match("/^[a-zA-Z-' ]*$/",$lname)) {
$lnameErr = "Please enter a valid name";
}
}
if (empty($_GET["gender"])) {
$genderErr = "Please select a gender.";
} else{
$gender = input($_GET["gender"]);
}
if (empty($_GET["mail"])) {
$mailErr = "Please enter your email.";
} else {
$mail = input($_GET["mail"]);
// check if email contain gmail.com or yahoo.com
if (!preg_match("/#gmail.com|#yahoo.com/", $mail)) {
$mailErr = "Please enter a valid email (only #gmail.com or #yahoo.com).";
}
}
if (empty($_GET["dob"])) {
$dobErr = "Please select your date of birth.";
} else{
$lname = input($_GET["lname"]);
}
if (empty($_GET["address"])) {
$addressErr = "Please enter your address.";
} else {
$address = input($_GET["address"]);
// check if address contain the following characters
if (!preg_match(" /#|[0-9]|[a-z]|[A-Z]/ ",$address)) {
$address = "Please enter a valid address";
}
}
}
function input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form id="form_id" method="get" action=#>
First Name: <input type="text" name="fname" value="<?php echo $_GET["fname"];?>">
<span class="error">* <?php echo $fnameErr;?></span>
<br><br>
Larst Name: <input type="text" name="lname" value="<?php echo $_GET["lname"];?>">
<span class="error">* <?php echo $lnameErr;?></span>
<br><br>
Gender: <input type="radio" name="gender" value="male"
<?php if ($_GET["gender"]=="male") { echo " checked ";} ?>
> Male
<input type="radio" name="gender" value="female"
<?php if ($_GET["gender"]=="female") { echo " checked ";} ?>
> Female
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Email: <input type="text" name="mail" value="<?php echo $_GET["mail"];?>">
<span class="error">* <?php echo $mailErr;?></span>
<br><br>
Date of Birth: <input type="date" name="dob" value="<?php echo $_GET["dob"];?>">
<span class="error">* <?php echo $dobErr;?></span>
<br><br>
Address: <br><textarea type="text" name="address" rows="5" cols="40"><?php echo $_GET["address"];?></textarea>
<span class="error"><?php echo $addressErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
if ($fnameErr=="" && $lnameErr=="" && $genderErr=="" && $mailErr=="" && $dobErr=="" && $addressErr=="") { ?>
<form id="form_id2" method=GET action="trial2.php">
<input type=hidden name="fname" value="<?php echo $_GET["fname"];?>">
<input type=hidden name="lname" value="<?php echo $_GET["lname"];?>">
<input type=hidden name="gender" value="<?php echo $_GET["gender"];?>">
<input type=hidden name="mail" value="<?php echo $_GET["mail"];?>">
<input type=hidden name="dob" value="<?php echo $_GET["dob"];?>">
<textarea name=address style="display:none;"><?php echo $_GET["address"];?></textarea>
</form>
<script>
document.getElementById("form_id2").submit();
</script>
<?php } ?>
trial2.php
<?php
if ($_SERVER["REQUEST_METHOD"] == "GET") {
// collect value of input field
$fname = $_GET['fname'];
$lname = $_GET['lname'];
$gender = $_GET['gender'];
$mail = $_GET['mail'];
$dob = $_GET['dob'];
$address = $_GET['address'];
echo "<h2> Final Output:</h2>";
echo "First Name :$fname";
echo "<br>";
echo "Last Name :$lname";
echo "<br>";
echo "Gender :$gender";
echo "<br>";
echo "Email :$mail";
echo "<br>";
echo "Date of Birth :$dob";
echo "<br>";
echo "Address :$address";
}
?>
</body>
</html>
I currently have my code working to some state.
When the user inputs data name, email and company they submit the form and it will echo the inputs out which is fine, but when I enter invalid data into the form and submit it will still post but displays the else statement.
Have I missed something in my Preg_match or is this just a bad way to code the validation?
<!DOCTYPE html>
<html>
<head>
<title>Visitor Sign in</title>
<meta charset="utf-8" />
<link rel="stylesheet" type="text/css" href="visitor.css"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js" type="text/javascript"></script>
</head>
<body>
<div id="wrapper">
<img src="Wincanton.png" alt="wincantonLogo" class="wincantonLogo" />
<img src="Screwfix.png" alt="screwfixLogo" class="screwfixLogo" />
<div style="clear:both"></div><br>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $companyErr = "";
$fullname = $email = $company = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fullname"])) {
$nameErr = "Name is required";
} else {
$fullname = test_input($_POST["fullname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fullname)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!preg_match("/^\w+([\.-]?\w+)*#\w+([\.-]?\w+)*(\.\w{2,3})+$/",$email)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["company"])) {
$companyErr = "Name is required";
} else {
$company = test_input($_POST["company"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$company)) {
$companyErr = "Only letters and white space allowed";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h1>Visitor Sign in</h1><br>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="fullname" >
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Company: <input type="text" name="company">
<span class="error"><?php echo $companyErr;?></span>
<br><br>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $fullname;
echo "<br>";
echo $email;
echo "<br>";
echo $company;
echo "<br>";
?>
</body>
</html>
try if isset condition.
if(isset($_POST['submit'])){
}
I'm new to php coding and have been told by others that I need to be using parameterized queries/prepared statements for my php scripts and MySQL database. I've looked at other examples of scripting these prepared statements and they usually refer to user login functions. My query is just a web form to capture user inputted data and store in database (SQL insert as opposed to SQL select). I am hoping someone can help me with how to script the php to prevent sql injections. Also hoping someone can let me know whether these prepared statements should also be used in php SQL Select scripts where I am only displaying database records on a form. Thanks in advance!
Here are the two php files I am using, the first is my database connection script:
<?php
DEFINE ('DB_USER', 'fakeuser');
DEFINE ("DB_PSWD", 'fakepassword');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'newspaper');
$dbcon = mysqli_connect(DB_HOST, DB_USER, DB_PSWD, DB_NAME);
?>
Web form PHP script:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
$errors = "false";
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = $subErr = "";
$name = $email = $gender = $comment = $website = $sub = $newrecord = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Name"])) {
$nameErr = "Name is required";
$errors = "true";
} else {
$name = test_input($_POST["Name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
$errors = "true";
}
}
if (empty($_POST["Email"])) {
$emailErr = "Email is required";
$errors = "true";
} else {
$email = test_input($_POST["Email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
$errors = "true";
}
}
if (empty($_POST["Website"])) {
$website = "";
} else {
$website = test_input($_POST["Website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["Comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["Comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
$errors = "true";
} else {
$gender = test_input($_POST["gender"]);
}
if (empty($_POST["Subscription"])) {
$subErr = "Subscription is required";
$errors = "true";
}
else {
$sub = test_input($_POST["Subscription"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Southern Tier Daily News</h2>
<form method="post" action="Newspaper3.php">
<input type="hidden" name="submitted" value="true"/>
<img src="https://bloximages.newyork1.vip.townnews.com/dnews.com/content/tncms/custom/image/5eec4204-483e-11e6-93c8-97ef236dc6c5.jpg?_dc=1468334339" alt="HTML5 Icon" style="width:128px;height:128px;">
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Newspaper Subscription Request</legend>
Name: <input type="text" name="Name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="Website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="Comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Subscription:
<select name="Subscription">
<option value=""></option>
<option value="Daily">Daily</option>
<option value="Evening">Evening</option>
<option value="Weekly">Weekly</option>
<option value="Monthly">Monthly</option>
</select>
<span class="error">* <?php echo $subErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
<br><br>
Visit Admin Page
</fieldset>
</form>
<?php
if (isset($_POST['submitted']) && $errors == "false")
{
include('connect-mysql.php');
$fname = $_POST['Name'];
$femail = $_POST['Email'];
$fcomment = $_POST['Comment'];
$fsubsciption = $_POST['Subscription'];
$sqlinsert = "INSERT INTO subscriptions (Name, Email, Comment, Subscription) VALUES ('$fname',
'$femail', '$fcomment', '$fsubsciption')";
if (!mysqli_query($dbcon, $sqlinsert)) {
die(mysqli_error($dbcon)); //and die('error inserting new record') ;
} // end of nested if statement
// else
$newrecord = "1 record added to the database";
} // end of main if statement
?>
<?php
echo $newrecord
?>
</body>
</html>
UPDATED CODE with Prepared Statement 9/3/17: See bottom of script (Please tell me if you see any issues with this) Also I've commented out the !mysqli_query IF statement below the prepared statement as I thought this was now redundent, but please tell me if it is still required.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
$errors = "false";
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = $subErr = "";
$name = $email = $gender = $comment = $website = $sub = $newrecord = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Name"])) {
$nameErr = "Name is required";
$errors = "true";
} else {
$name = test_input($_POST["Name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
$errors = "true";
}
}
if (empty($_POST["Email"])) {
$emailErr = "Email is required";
$errors = "true";
} else {
$email = test_input($_POST["Email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
$errors = "true";
}
}
if (empty($_POST["Website"])) {
$website = "";
} else {
$website = test_input($_POST["Website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["Comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["Comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
$errors = "true";
} else {
$gender = test_input($_POST["gender"]);
}
if (empty($_POST["Subscription"])) {
$subErr = "Subscription is required";
$errors = "true";
}
else {
$sub = test_input($_POST["Subscription"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Southern Tier Daily News</h2>
<form method="post" action="Newspaper3.php">
<input type="hidden" name="submitted" value="true"/>
<img src="https://bloximages.newyork1.vip.townnews.com/dnews.com/content/tncms/custom/image/5eec4204-483e-11e6-93c8-97ef236dc6c5.jpg?_dc=1468334339" alt="HTML5 Icon" style="width:128px;height:128px;">
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Newspaper Subscription Request</legend>
Name: <input type="text" name="Name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="Website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="Comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Subscription:
<select name="Subscription">
<option value=""></option>
<option value="Daily">Daily</option>
<option value="Evening">Evening</option>
<option value="Weekly">Weekly</option>
<option value="Monthly">Monthly</option>
</select>
<span class="error">* <?php echo $subErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
<br><br>
Visit Admin Page
</fieldset>
</form>
<?php
if (isset($_POST['submitted']) && $errors == "false")
{
include('connect-mysql.php');
$fname = $_POST['Name'];
$femail = $_POST['Email'];
$fcomment = $_POST['Comment'];
$fsubsciption = $_POST['Subscription'];
$sqlinsert = "INSERT INTO subscriptions (Name, Email, Comment, Subscription) VALUES (?,?,?,?)";
$stmt = mysqli_stmt_init($dbcon);
if (!mysqli_stmt_prepare($stmt,$sqlinsert)) {
echo "SQL error"; }
else {
mysqli_stmt_bind_param($stmt,"ssss",$fname, $femail, $fcomment, $fsubsciption);
mysqli_stmt_execute($stmt);
echo '1 record added to the database';
//if (!mysqli_query($dbcon, $sqlinsert)) {
//die(mysqli_error($dbcon));
} // end of nested IF statement
// else
//$newrecord = "1 record added to the database";
} // end of main if statement
?>
<?php
echo $newrecord
?>
</body>
</html>
I'm recieving an issue in the following php code. I am recieiving an unknown variable error in line 146, (echo $newrecord) variable. I'm not sure what is wrong with this variable, I have defined it in the IF statement, and am simply echoing if it is successful. I originally had that segment of code (after ) at the top of the script, but it was causing issues with the mandatory field error messages displaying properly. Any help is appreciated!
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = $subErr = "";
$name = $email = $gender = $comment = $website = $sub = $newrecord = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["Name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["Email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["Email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["Website"])) {
$website = "";
} else {
$website = test_input($_POST["Website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["Comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["Comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
if (empty($_POST["Subscription"])) {
$subErr = "Subscription is required"; }
else {
$sub = test_input($_POST["Subscription"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Southern Tier Daily News</h2>
<form method="post" action="Newspaper3.php">
<input type="hidden" name="submitted" value="true"/>
<img src="https://bloximages.newyork1.vip.townnews.com/dnews.com/content/tncms/custom/image/5eec4204-483e-11e6-93c8-97ef236dc6c5.jpg?_dc=1468334339" alt="HTML5 Icon" style="width:128px;height:128px;">
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Newspaper Subscription Request</legend>
Name: <input type="text" name="Name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="Website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="Comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Subscription:
<select name="Subscription">
<option value=""></option>
<option value="Daily">Daily</option>
<option value="Evening">Evening</option>
<option value="Weekly">Weekly</option>
<option value="Monthly">Monthly</option>
</select>
<span class="error">* <?php echo $subErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
<br><br>
Visit Admin Page
</fieldset>
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
echo "<br>";
echo $sub;
?>
<?php
if (isset($_POST['submitted'])) {
include('connect-mysql.php');
$fname = $_POST['Name'];
$femail = $_POST['Email'];
$fcomment = $_POST['Comment'];
$fsubsciption = $_POST['Subscription'];
$sqlinsert = "INSERT INTO newspaper (Name, Email, Comment, Subscription) VALUES ('$fname',
'$femail', '$fcomment', '$fsubsciption')";
if (!mysqli_query($dbcon, $sqlinsert)) {
die('error inserting new record');
} // end of nested if statement
$newrecord = "1 record added to the database";
} // end of main if statement
?>
<?php
echo $newrecord
?>
</body>
</html>
newrecord is defined and initialized inside the if statement, therefore if your code opts to the else, it will skip the if and your newrecord variable won't exist.
$newrecord is defined within an if statement, when the if is not executed the variable is not available. You can define it by default adding $newrecord = ''; before you start the if for the submit.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm doing an assignment in which I am required to use separate html and php files but am having trouble understanding how to validate my forms input as all examples I've found have both html and php in one file.
I've been following the example on w3schools:http://www.w3schools.com/php/php_form_validation.asp
My w3_example.html:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="w3_example.php">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="website">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="comment" rows="5" cols="40"></textarea>
<br><br>
Gender:
<input type="radio" name="gender" value="female">Female
<input type="radio" name="gender" value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
My w3_example.php:
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
if (empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST["website"]);
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
}
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
?>
</body>
</html>
I now get an "Call to undefined function test_input()" error on this line $name = test_input($_POST["name"]); in w3_example.php
Just a tip! Because you studying as I can imagine, always care about from where you study. w3schools doesn't have a good quality
code. Use http://php.net/manual/en/tutorial.forms.php from example
which is the official PHP documentation. Their sample codes, comments
etc. are by far better than w3schools.
I checked again your sample code:
Create 2 files:
index.html / index.php (in this example it doesn't care if it is .html or .php format.
handler.php
You 1st file: index.html / index.php
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<h2>PHP Form Validation Example</h2>
<form method="post" action="handler.php">
Name: <input type="text" name="name">
<br><br>
E-mail: <input type="text" name="email">
<br><br>
Website: <input type="text" name="website">
<br><br>
Comment: <textarea name="comment" rows="5" cols="40"></textarea>
<br><br>
Gender:
<input type="radio" name="gender" value="female">Female
<input type="radio" name="gender" value="male">Male
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
Your 2nd file: handler.php
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
?>
This option will show your inputs in the form in a different page-URL.
That will work!
By the way, I really don't like that poor sample code.
Please, use:
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if (isset($_POST["submit"])){
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
instead of
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}