So in the form I have this input
<input type="text" name="squareFoot" value="<?PHP if(isset($_POST['squareFoot'])) echo $squareFoot ?>"><span class="error_message"><?PHP echo " " . $squareFootError; ?></span>
And here's my validation (which is yes above the form)
if(isset($_POST['submit'])){
$isSubmitted = true;
$squareFoot = $_POST['squareFoot'];
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND);
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_SPECIAL_CHARS);
if(!is_numeric($squareFoot)){
$isValid = false;
$squareFootError = "Please enter a numeric value";
}
else if(empty($squareFoot)){
$isValid = false;
$squareFootError = "Please enter a numeric value";
}
else if($squareFoot < 200){
$isValid = false;
$squareFootError = "Please enter a number between 200 and 500,000";
}
else if($squareFoot > 500000){
$isValid = false;
$squareFootError = "Please enter a number between 200 and 500,000";
}
else{
/// do math (code not shown)
// Format Square Footage
$squareFootFormat = number_format($squareFoot, 0, '', ',');
// Display to user
<p>1. Square Footage being stripped <span class="right_al"><?PHP echo $squareFootFormat; ?></span></p>
So I have it set up so that the user can't put in html or script, the user must put in a number that has to be between two numbers, and that number can have a comma.
I also want the user to be able to put in something like 500.5, but when testing 500.5 turns into 5,005.
Is it because of
$squareFootFormat = number_format($squareFoot, 0, '', ',');
Or is something else wrong with it?
I kinda want to keep the number_format() in because it makes the number easier to read if it's some large number like 100,000. Can I do that?
Thanks for helping.
Your filter_var is not going to allow 500.5 as a value.
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND);
What about only doing this:
<?php
$squareFoot = $_POST['squareFoot'];
$smallest = 1;
$greatest = 100000;
if(is_numeric($squareFoot)) {
if($squareFoot < $greatest && $squareFoot > $smallest) {
//do what you want
echo number_format($squareFoot, 1, '.', ',');
}
else {
echo "Please enter a number between " .$smallest . " and ".$greatest;
}
}
else {
echo "Please enter a numeric value";
}
?>
Looks simplier to me.
Related
I'm trying to learn validation and below is where a form for user to enter the 4 fields which I need to validate the user's entry.
1st question: For the variable $a to check if there's content in error array, where should I define it ?
2nd question: for each field(productname/desc/cat/price), should i create a different array to store the error message ?
<?php
$productName = filter_has_var(INPUT_GET, 'pName') ? $_GET['pName']: null;
$desc = filter_has_var(INPUT_GET, 'description') ? $_GET['description']: null;
$cat = filter_has_var(INPUT_GET, 'category') ? $_GET['category']: null;
$pPrice = filter_has_var(INPUT_GET, 'price') ? $_GET['price']: null;
$productName = trim ($productName);
$desc = trim ($desc);
$cat = trim ($cat);
$pPrice = trim ($pPrice);
echo "<h1>Product details</h1>\n";
$nameerror = array();
if (empty($productName))
{
$nameerror[] = "You have not enter a Product";
}
elseif (strlen($productName) >50)
{
$nameerror[] = "Exceed product field length";
}
if (empty($desc))
{
$nameerror[] = "You have not enter description in the Description field";
}
elseif (strlen($desc) >100)
{
$nameerror[] = "Exceed descrption field length";
}
if (empty($cat))
{
$nameerror[] = "You have not enter category in the Category field";
}
if (empty($pPrice))
{
echo"<p>You have not enter price in the Price field</p>\n";
}
elseif (strlen($pPrice) >10)
{
echo"<p>Exceed price field length</p>\n";
}
if (!empty($nameerror))
for ($a=0;$a<count($nameerror);$a++)
{
echo "$nameerror[$a] <br />\n";
}
else
{
echo "<p>Name: $productName</p>\n";
echo "<p>Description: $desc</p>\n";
echo "<p>Category: $cat</p>\n";
echo "<p>Price: $pPrice</p>\n";
}
?>
Your aim is to collect all the errors in the form and tell the user of those.
Everything is correct except that you are using the wrong array name in your loop. It should be:
for ($a=0;$a<count($nameerror);$a++)
{
echo "$nameerror[$a] <br />\n";
}
Answer to your second question is: No - you can store all your error messages in a single array just as you have already done.
I used to rely on is_numeric() for making sure data passed from users is numeric. I recently discovered that users can also pass data 0xFF (hexdec = 255).
I'd like to disallow anything that is not a whole number (and not a hex representation).
Here's what I've tried so far.
$i_haxors_u = $_GET['id'];
$regex = '/[0-9]*/';
if (!empty($i_haxors_u) && !preg_match($regex, $i_haxors_u))
{
echo '<p>Invalid $i_haxors_u ' . strip_tags($i_haxors_u);
} else {
echo '<p>$i_haxors_u is numeric... maybe.';
}
This is still giving values like 0xFF a pass. How do I allow non-hex numbers only?
UPDATE Nov 12 2014.
Note that the selected answer works fine for data passed via GET, but will not work if a variable is set to a hex value.
$x = 0xFF;
if (is_numeric($x))
{
echo "<p>$x is a number.";
} else {
echo "<p>$x is not a number.";
}
if (preg_match('/^[\d]+$/',$x))
{
echo "<p>$x is a number.";
} else {
echo "<p>$x is not a number.";
}
$x = '0xFF';
if (is_numeric($x))
{
echo "<p>$x is a number.";
} else {
echo "<p>$x is not a number.";
}
if (preg_match('/^[\d]+$/',$x))
{
echo "<p>$x is a number.";
} else {
echo "<p>$x is not a number.";
}
Prints
255 is a number.
255 is a number.
0xFF is a number.
0xFF is not a number.
use match non-digit in your regex: $regex = '/\D/';
assume failure and pass when confirming that no non-digits are present in the input.
following code succeeds on id =7, give fail on id = 7.2, 7.2x, ffff, 0xff, -1
$id = $_GET['id'];
//assuming failure:
$valid = false;
if (!preg_match('/\D/',$id)) { $valid = true; } //fail if containing non-digit
if ($valid) {
echo "$id provided is valid";
}
else {
echo "$id provided is not valid";
}
You need to use anchors and use + quantifier to only allow integers:
$regex = '/^\d+$/';
Using + quantifier will also let you take out !empty($i_haxors_u) condition since \d+ will enforce 1 or more digits.
It's just because you have to test all the number:
$regex = '/^[0-9]+$/';
no need to test empty with +
My form has Phone and Email fields.
Many people might not be wanting/able to put both,
so I thought, that the validator would require only
one of those two filled, instead of requiring the both filled.
I've tried thinking of different ways to do it but I'm pretty new to PHP,
so I couldn't come with any.
Would this be possible?
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["name"]))
{$nameErr = "Name is required";}
else
{$name = test_input($_POST["name"]);}
if (empty($_POST["email"]))
{$emailErr = "Email is required";}
else
{$email = test_input($_POST["email"]);}
if (empty($_POST["phone"]))
{$phone = "";}
else
{$website = test_input($_POST["website"]);}
if (empty($_POST["comment"]))
{$comment = "";}
else
{$comment = test_input($_POST["comment"]);}
}
Thank you.
As your title states, 1 / 2 form fields is filled in.
$i = 0; // PUT THIS BEFORE YOUR IF STATEMENTS
Inside of your statements:
if (empty($_POST["phone"])) {
$phone = "";
} else {
$i++; // PUT THIS IN ALL YOU WANT TO COUNT, IT WILL ADD 1 to $i EACH TIME YOU CALL IT
$website = test_input($_POST["website"]);
}
Now at the end, if
// YOU NEED TO CHANGE YOUR NUMBERS TO WHATEVER COUNT YOU WANT
if ($i < 2) { // IF $i IS LESS THAN 2
// YOUR CODE HERE
} else { // IF $i IS 2 OR MORE
// YOUR CODE HERE
}
Hope this is somewhat useful!
or as stated above, you can use an
if (#$A && #$B) { // REQUIRES BOTH TO BE TRUE
// YOUR CODE HERE
} elseif (#$A || #$B) { // REQUIRES ONLY ONE TO BE TRUE
// YOUR CODE HERE
} else { // NONE ARE TRUE
// YOUR CODE HERE
}
if you are wondering about the # signs above, they are simply checking if they are set, you could change the code to !empty($A) which is what you used above. Putting the ! before the empty function checks that it is false or that $A is actually set.
If i would have to check a form like you, i'd do it this way:
$res = '';
if(empty($_POST['name']))
$res .= 'The name is required.<br>';
if(empty($_POST['email']))
$res .= 'The email is required.<br>';
if(empty($_POST['phone']) && empty($_POST['email']))
$res .= 'You need to enter phone or email.<br>';
if(strlen($res) > 0) {
echo 'We have these errors:';
echo $res;
}
else {
echo 'No Errors!';
}
If you want to show only one error each time, use this code:
$res = '';
if(empty($_POST['name']))
$res = 'The name is required.<br>';
elseif(empty($_POST['email']))
$res = 'The email is required.<br>';
elseif(empty($_POST['phone']) && empty($_POST['email']))
$res = 'You need to enter phone or email.<br>';
if(strlen($res) > 0) {
echo $res;
}
else {
echo 'No Error!';
}
Even if i think it's very basic, i'll explain the mentioned part, even if you could look it up from php.net:
$res .= 'The name is required';
The ".=" operator adds the part 'The name is required' to the variable $res. If this happens the first time, the variable will be empty, because i initialized it as an empty string. With every ongoing line, another error Message will be added to the string.
if(strlen($res) > 0) {
strlen() will return the length of the string in $res. If no error occured, it would still be empty, so strlen() would return 0.
I have coded a nice script but i am constantly getting
Error on line 29: Parse error, unexpected T_IF(if)
I have tried debugging code, wasted plenty of time. But nothing, came out.
Here is my code.
<?php
include("geoip.inc");
$ip=$_SERVER['REMOTE_ADDR'];
$gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
$country_code = geoip_country_code_by_addr($gi, "$ip");
$referrer=$_SERVER['HTTP_REFERER'];
// Country name is not used so commented
// Get Country Name based on source IP
//$country = geoip_country_name_by_addr($gi, "$ip");
$real=0;
geoip_close($gi);
if(strstr(strtolower($_SERVER['HTTP_USER_AGENT']), "googlebot")) {
$real = 1;
}
else {
if ($_COOKIE['iwashere'] != "yes") {
setcookie("iwashere", "yes", time()+315360000);
if ($country_code="IN") {
if(preg_match('/google/i', $referrer)) {
$key = "g17x9erm28n7cgifddssfqhgorjf3e"; // Account API Key
$ip = $_SERVER['REMOTE_ADDR']; // IP to Lookup
$result = file_get_contents('http://www.ipqualityscore.com/api/ip_lookup.php?KEY='.$key.'&IP='.$ip);
$real=$result
//$result will be equal to 1 for detected proxies & vpns or equal to 0 for clean IP's
{if($real==0)
{setcookie("testcookie", "testvalue");
if( isset( $_COOKIE['testcookie'] ) ) {
if (isset($_POST['jstest'])) {
$nojs = FALSE;
} else {
// create a hidden form and submit it with javascript
echo '<form name="jsform" id="jsform" method="post" style="display:none">';
echo '<input name="jstest" type="text" value="true" />';
echo '<script language="javascript">';
echo 'document.jsform.submit();';
echo '</script>';
echo '</form>';
// the variable below would be set only if the form wasn't submitted, hence JS is disabled
$nojs = TRUE;
}
if ($nojs){
$real=1;
}
}
else
$real=1;
}
else
$real=1;
} else
$real = 1;
}
else {
$real = 1;
}
} }
if ($real==1) {
include_once('Biggenius1.htm');
}
?>
It is if inside. Please give me advice, on how can i avoid these error. And also is there any alternative to code such complex script with multiple nested if statements?
Please post entire code:
try this
$real = 0;
geoip_close($gi);
if (strstr(strtolower($_SERVER['HTTP_USER_AGENT']), "googlebot")) {
$real = 1;
} else {
if ($_COOKIE['iwashere'] != "yes") {
setcookie("iwashere", "yes", time() + 315360000);
if ($country_code = "IN") {
if (preg_match('/google/i', $referrer)) {
$key = "g17x9erm28n7cgifddssfqhgorjf3e"; // Account API Key
$ip = $_SERVER['REMOTE_ADDR']; // IP to Lookup
$result = file_get_contents('http://www.ipqualityscore.com/api/ip_lookup.php?KEY=' . $key . '&IP=' . $ip);
$real = $result;
//$result will be equal to 1 for detected proxies & vpns or equal to 0 for clean IP's {
if ($real == 0) {
setcookie("testcookie", "testvalue");
if (isset($_COOKIE['testcookie'])) {
if (isset($_POST['jstest'])) {
$nojs = FALSE;
} else {
}
// create a hidden form and submit it with javascript
echo '<form name="jsform" id="jsform" method="post" style="display:none">';
echo '<input name="jstest" type="text" value="true" />';
echo '<script language="javascript">';
echo 'document.jsform.submit();';
echo '</script>';
echo '</form>';
// the variable below would be set only if the form wasn't submitted, hence JS is disabled
$nojs = TRUE;
}
if ($nojs) {
$real = 1;
}
}
else
$real = 1;
}
else
$real = 1;
} else
$real = 1;
}
else {
$real = 1;
}
}
if ($real == 1) {
include_once('Biggenius1.htm');
}
On line 29, $real=$result should end in a semi-colon and on the following line {if($real==0) should be if($real==0){.
The error message is your friend, it suggested you look to line 29.
You placed a curely braces before the if condition
//$result will be equal to 1 for detected proxies & vpns or equal to 0 for clean IP's
{if($real==0)
remove it then your error wil be removed
From reading over your code, it seems like the only errors I can find are these:
{if($real==0)
And:
$real=$result
Which should be changed into:
if($real==0){
And:
$real=$result;
Here are the few errors I found:
if ($country_code="IN") : This is an assignment not comparision, will always return true
$real=$result : Missing Termination ; on the end
Okay, everything I've checked on this site referring to validation isn't what I'm looking for.
What I'm looking to do is a minimum length and maximum length of a value in firstname and secondname, this is the code which I currently have.
if (isset($_POST['submit'])) {
$errors = array();
if (isset($_POST['firstname'])) {
$fn = $_POST['firstname'];
} else {
$errors[] = "You have not entered a first name";
}
if (isset($_POST['secondname'])) {
$sn = $_POST['secondname'];
} else {
$errors[] = "You have not entered a second name";
}
I was just wondering how would I apply preg_match to those which the minimum is 4 letters and the maximum is 15?
I do know it's something to do with
if(preg_match('/^[A-Z \'.-]{4,15}$/i', $_POST['firstname']))
In doing this I tried to do
if (isset($_POST['firstname']) && preg_match('/^[A-Z \'.-]{4,15}$/i', $_POST['firstname')) {
But that also gave me an error :/
Could anyone give me a solution for this?
Thanks!
UPDATE:-
Nvm, I found a way around it. I just did this
if (isset($_POST['firstname'])) {
if (preg_match('/^[A-Z \'.-]{4,15}$/i', $_POST['firstname'])) {
$fn = $_POST['firstname'];
} else {
$errors[] = "<center> <h3> You must enter between 4 and 15 characters! </h3></center>";
}
} else {
$errors[] = "You have not entered a name";
}
For both the firstname and secondname. :)
Why don't you just use strlen() to get the string length, and then test it against your limits ?
$length = strlen($nick);
if ($length > 3 AND $length < 16) {
//Do STuff
} else {
//Do stuff for failed requirement
}
I found a way around it. I just did this
if (isset($_POST['firstname'])) {
if (preg_match('/^[A-Z \'.-]{4,15}$/i', $_POST['firstname'])) {
$fn = $_POST['firstname'];
} else {
$errors[] = "<center> <h3>You must enter between 4 and 15 characters!</h3> </center>";
}
} else {
$errors[] = "You have not entered a name";
}
For both the firstname and secondname.