We Keep Coding

What would be better Practice when sanitizing/validating php from html inputs?

When doing php validation should I First do the filter sanitizing/validating or is it okay to do it as part of an if statement see the examples below
First Example
$vvalidation = 0;
if (isset($_POST['db9_name']) && $_POST['db9_name'] != ''){
$name = $_POST['db9_name'];
if (filter_var($name, FILTER_SANITIZE_STRING === null)){
$vvalidation++;
}
} else{
$vvalidation++;
}
Second Example
$vvalidation = 0;
if (isset($_POST['db9_name']) && $_POST['db9_name'] != ''){
$name = $_POST['db9_name'];
$vname = filter_var($name, FILTER_SANITIZE_STRING);
if ($vname === null)){
$vvalidation++;
}
} else{
$vvalidation++;
}
and for email ?
example 1
if (isset($_POST['txtemail']) && $_POST['txtemail'] !== '') {
$vEmail = strtolower(strip_tags(trim($_POST['txtemail'])));
$vEmail = str_replace(' ', '', $vEmail);
if (filter_var($vEmail, FILTER_SANITIZE_EMAIL) === null) {
$vValidation++;
} elseif (filter_var($vEmail, FILTER_VALIDATE_EMAIL) === null) {
$vValidation++;
}
} else {
$vValidation++;
}
example 2
if (isset($_POST['txtemail']) && $_POST['txtemail'] !== '') {
$vEmail = strtolower(strip_tags(trim($_POST['txtemail'])));
$vEmail = str_replace(' ', '', $vEmail);
$email = (filter_var($vEmail, FILTER_SANITIZE_EMAIL);
$email .= (filter_var($vEmail, FILTER_VALIDATE_EMAIL);
if (email === null){
$vValidation++;
} else {
$vValidation++;
}
or does it not really matter?

wordpress - frontend post form issue

I have a post form on front end where users can post (post_type = product) from the form. As a part of it I have tried implementing few server side validations as in below code. The issue is that the validations are all working fine but the data is getting saved on form submission even when the validation fails.
Ideally the form submission should fail when there is a field validation failure.
I am not sure if $hasError = true is working or not, there might be a very simple logic I am missing which I am not getting. Any help regarding this?
Thanks in advance.
$postTitleError = '';
if (isset($_POST['submitted']) && isset($_POST['post_nonce_field']) && wp_verify_nonce($_POST['post_nonce_field'], 'post_nonce')) {
if (trim($_POST['postTitle']) === '') {
$postTitleError = 'msg 1';
$hasError = true;
}
if (trim($_POST['postCat1']) === '') {
$postTitleError = 'msg2';
$hasError = true;
}
if (trim($_POST['postPrice']) === '') {
$postTitleError = 'msg3';
$hasError = true;
}
if (trim($_POST['postTime']) === '') {
$postTitleError = 'msg4';
$hasError = true;
}
if (trim($_POST['postTimeMin']) === '') {
$postTitleError = 'msg5';
$hasError = true;
}
if (trim($_POST['postContent']) === '') {
$postTitleError = 'msg6';
$hasError = true;
}

<?php
//$postTitleError = '';
$resultArr = array();
$error_msg = false;
if (isset($_POST['submitted']) && isset($_POST['post_nonce_field']) && wp_verify_nonce($_POST['post_nonce_field'], 'post_nonce')) {
if (isset($_POST['postTitle']) && !empty($_POST["postTitle"])) {
//$postTitleError = 'msg 1';
//$hasError = true;
$postTitle=$_POST['postTitle'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postTitle']= "msg 1";
$error_msg = true;
}
if (isset($_POST['postCat1']) && !empty($_POST["postCat1"]) ) {
// $postTitleError = 'msg2';
// $hasError = true;
$postCat1=$_POST['postCat1'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postCat1']= "msg2";
$error_msg = true;
}
if (isset($_POST['postPrice']) && !empty($_POST["postPrice"]) ) {
// $postTitleError = 'msg3';
//$hasError = true;
$postPrice=$_POST['postPrice'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postPrice']= "msg3";
$error_msg = true;
}
if (isset($_POST['postTime']) && !empty($_POST["postTime"]) ) {
//$postTitleError = 'msg4';
//$hasError = true;
$postTime=$_POST['postTime'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postTime']= "msg4";
$error_msg = true;
}
if (isset($_POST['postTimeMin']) && !empty($_POST["postTimeMin"]) ) {
// $postTitleError = 'msg5';
// $hasError = true;
$postTimeMin=$_POST['postTimeMin'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postTimeMin']= "msg5";
$error_msg = true;
}
if (isset($_POST['postContent']) && !empty($_POST["postContent"]) ) {
//$postTitleError = 'msg6';
// $hasError = true;
$postContent=$_POST['postContent'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postContent']= "msg6";
$error_msg = true;
}
if($error_msg == false)
{
//here publish post code
}
else
{
//here Error message prine
}
?>

Codeigniter update records error

I am using codeigniter framework, and I keep getting this error when I submit my from to post to my database.
Controller
public function profilePic()
{
if ($this->session->userdata('userLogin')) {
$user_id = $this->session->userdata('user_id');
$data = array();
if (isset($_POST['add'])) {
$pic = $this->input->post('profileFace');
$front = $this->input->post('frontView');
$left = $this->input->post('leftView');
$right = $this->input->post('rightView');
$back = $this->input->post('backView');
$updtResult = $this->main_model->updateProfilePic($pic,$front,$left,$right,$back,$user_id);
redirect("userProfile");
} else {
$data['userdata'] = $this->main_model->getUserData();
$this->load->view("frontend/ajax-view", $data);
}
} else {
redirect("/fitness");
}
}
Model
function updateProfilePic($pic,$front,$left,$right,$back,$user_id) {
$check = $this->getUserData();
if(count($check)!=0)
{
if($pic != "")
{
$data['image'] = $pic;
}
if($front != "")
{
$data['front_view'] = $front;
}
if($left != "")
{
$data['left_view'] = $left;
}
if($right != "")
{
$data['right_view'] =$right;
}
if($back != "")
{
$data['back_view'] = $back;
}
// pr($data);
$this->db->where('user_id',$user_id);
$result = $this->db->update('fitness_users', $data);
}
return $result;
}
and the error i am getting is:

You can use set method to update your data and check your variable is set or not using isset()
if (isset($pic) && $pic != "") {
$this->db->set("image", $pic);
}
if (isset($front) && $front != "") {
$this->db->set("front_view", $front);
}
if (isset($left) && $left != "") {
$this->db->set("left_view", $left);
}
if (isset($right) && $right != "") {
$this->db->set("right_view", $right);
}
if (isset($back) && $back != "") {
$this->db->set("back_view", $back);
}
// pr($data);
$this->db->where('user_id', $user_id);
$result = $this->db->update('fitness_users');

Header location not working on live server but works on localhost [duplicate]

This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 8 years ago.
Header location not working on live server but works on localhost.
This code worked until last week, but it does not work anymore.
So, I have started testing on localhost. It is working as before.
I tried to add "ob_start()" on the top of the code; not working.
Please review this code and comment.
<?php session_start();
$fnameErr ="";
$lnameErr ="";
$emailErr ="";
$phoneErr = "";
$dateErr = "";
$timeErr = "";
$errMsg = "";
$area = "";
$local3 = "";
$local4 = "";
$cust_info = "";
$charOnly = "/^[a-z]+[a-z]$/i";
$reg_email = "/^[^0-9~!##$%^&*()_+=?.,][a-z0-9_]+([.][a-z0-9_]+)*[#][a-z0-9_]+([.][a-z0-9_]+)*[.][a-z]{2,3}$/i";
$reg_phone = "/^(\d{3}+\d{3}+\d{4}|\d{3}\d{3}+[\s]{1}+\d{4}|\d{3}+[\s]{1}+\d{3}+[\s]{1}+\d{4}||\d{3}+[-]{1}+\d{3}+[-]{1}+\d{4}|\d{3}+[\s]{1}+\d{7}|\(\d{3}\)\s{1}\d{3}[\s-]{1}\d{4})$/";/*"/^(\d{3}|[(]\d{3}[)]|\d{3}[)])[ -]*\d{3}[ -]*\d{4}$/";*/
$dataValid = true;
$phone = $area .''. $local3 .''. $local4;
$phoneValid = true;
// If submit with POST
if ($_POST) {
$errMsg = "Debugging";
$area = $_POST['c_area'];
$local3 = $_POST['c_local3'];
$local4 = $_POST['c_local4'];
$cust_info = array( "first" => $_POST['c_fname'],
"last" => $_POST['c_lname'],
"email" => $_POST['c_email'],
"phone" => array("area"=> $area,
"mid" => $local3,
"last" => $local4),
"date" => $_POST['c_date'],
"time" => $_POST['c_time']);
// Test for nothing entered in field
if ($_POST['c_fname'] == "") {
$fnameErr = "Please enter your first name.";
$dataValid = false;
}
else {
if ( preg_match($charOnly, $_POST['c_fname']) )
{
$fnameErr = "";
} else {
$fnameErr = "This is an invalid name.";
$dataValid = false;
}
}
if ($_POST['c_lname'] == "") {
$lnameErr = "Please enter your last name.";
$dataValid = false;
}
else {
if ( preg_match($charOnly, $_POST['c_lname']) )
{
$lnameErr = "";
} else {
$lnameErr = "This is an invalid name.";
$dataValid = false;
}
}
if ($_POST['c_email'] == "") {
$emailErr = "Please enter E-mail address.";
$dataValid = false;
}
else {
if ( preg_match($reg_email, $_POST['c_email']) )
{
$emailMsg = "";
} else {
$emailMsg = "E-mail is not Valid.";
$dataValid = false;
}
}
if ($_POST['c_area'] == "") {
$phoneErr = "Please enter phone number.";
$dataValid = false;
$phoneValid = false;
}
if ($_POST['c_local3'] == "") {
$phoneErr = "Please enter phone number.";
$dataValid = false;
$phoneValid = false;
}
if ($_POST['c_local4'] == "") {
$phoneErr = "Please enter phone number.";
$dataValid = false;
$phoneValid = false;
}
if( $phoneValid ) {
$phone = $area . "" . $local3 . "" .$local4;
if ( preg_match($reg_phone, $phone) ) {
$phoneErr = "";
} else {
$phoneErr = "Phone number is not Valid.";
$dataValid = false;
}
} else {
$area = "";
$local3 = "";
$local4 = "";
$phone = "";
}
if ($_POST['c_date'] == "") {
$dateErr = "Please choose a date.";
$dataValid = false;
}
if ($_POST['c_time'] == "" || $_POST['c_time'] == "Morning" || $_POST['c_time'] == "Afternoon") {
$timeErr = "Please choose a time.";
$dataValid = false;
} else {
if ("07:00" == $_POST['c_time']){
$Checked0700 = 'selected';
}
else if ("07:30" == $_POST['c_time']){
$Checked0730 = 'selected';
}
else if ("08:00" == $_POST['c_time']){
$Checked0800 = 'selected';
}
else if ("08:30" == $_POST['c_time']){
$Checked0830 = 'selected';
}
else if ("09:00" == $_POST['c_time']){
$Checked0900 = 'selected';
}
else if ("09:30" == $_POST['c_time']){
$Checked0930 = 'selected';
}
else if ("10:00" == $_POST['c_time']){
$Checked1000 = 'selected';
}
else if ("10:30" == $_POST['c_time']){
$Checked1030 = 'selected';
}
else if ("11:00" == $_POST['c_time']){
$Checked1100 = 'selected';
}
else if ("11:30" == $_POST['c_time']){
$Checked1130 = 'selected';
}
else if ("12:00" == $_POST['c_time']){
$Checked1200 = 'selected';
}
else if ("12:30" == $_POST['c_time']){
$Checked1230 = 'selected';
}
else if ("13:00" == $_POST['c_time']){
$Checked1300 = 'selected';
}
else if ("13:30" == $_POST['c_time']){
$Checked1330 = 'selected';
}
else if ("14:00" == $_POST['c_time']){
$Checked1400 = 'selected';
}
else if ("14:30" == $_POST['c_time']){
$Checked1430 = 'selected';
}
else if ("15:00" == $_POST['c_time']){
$Checked1530 = 'selected';
}
else if ("15:30" == $_POST['c_time']){
$Checked1530 = 'selected';
}
else if ("16:00" == $_POST['c_time']){
$Checked1600 = 'selected';
}
else if ("16:30" == $_POST['c_time']){
$Checked1630 = 'selected';
}
else if ("17:00" == $_POST['c_time']){
$Checked1700 = 'selected';
}
else if ("after" == $_POST['c_time']){
$Checkedafter = 'selected';
}
}
}
if ($_POST && $dataValid) {
$_SESSION['token1'] = "ok";
$_SESSION['cust'] = $cust_info;
header('Location:innout-booking-step2.php');
exit();
?>

I also faced such problem so I tried following steps to resolve it.
1. Remove or comment spaces, echos, print_r, error reporting before calling header location.
2. Remove spaces after php end tag (after ?> )
3. Modify header location syntax for this what I generally do is open w3schools copy header location syntax and paste it. In your case you should try to change your header code as
header('Location: innout-booking-step2.php'); (space after : )

giving a error while calling a function in php that variable is undefined

I m using the following code in a PHP script I am trying to call a set of code through function calling(). When I call that function and run that script if shows me the error that the variable $querydigit is undefined.
Can any body tell me how I can call that set of code where I want it.
<?php
//$querynum = $_SERVER['QUERY_STRING'];
function calling()
{
if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==1)) {$photoname = '1'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==2)) {$photoname = '2'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==3)) {$photoname = '3'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==4)) {$photoname = '4'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==5)) {$photoname = '5'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==6)) {$photoname = '6'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==7)) {$photoname = '7'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==8)) {$photoname = '8'; }
}
if(isset($_GET['1']))
{
$querydigit = 1;
$photoseries = 8;
$foldername = 'founder';
calling();
}
else if(isset($_GET['2']))
{
$querydigit = '2';
$photoseries = 8;
$foldername = 'founder';
calling;
}
}
?>

$querydigit is not defined within function's scope.
You can fix it in following way:
function calling($querydigit) {
and then call your function like this:
calling($querydigit);
Here is your code fixed:
<?php
//$querynum = $_SERVER['QUERY_STRING'];
function calling($querydigit)
{
if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==1)) {$photoname = '1'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==2)) {$photoname = '2'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==3)) {$photoname = '3'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==4)) {$photoname = '4'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==5)) {$photoname = '5'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==6)) {$photoname = '6'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==7)) {$photoname = '7'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==8)) {$photoname = '8'; }
}
if(isset($_GET['1']))
{
$querydigit = 1;
$photoseries = 8;
$foldername = 'founder';
calling($querydigit);
}
else if(isset($_GET['2']))
{
$querydigit = '2';
$photoseries = 8;
$foldername = 'founder';
calling($querydigit);
}
?>