I am very new to php and have been working on a website which contains a form for a restaurant reservation. Currently, I have one file, which contains both html and php code. The form is validated once the user clicks submit, however I was wondering how it might be possible to redirect the user to a new page, confirming their reservation, if all of the information they have entered into the form is correct.
Basically this is the process I wish the website to perform:
user fills out form
if validation not complete
display error messages, loop back to form so user can correct fields
if form is validated fully
Send user to confirmation page
Here is the necessary code for my reservations page:
....
<?php
$nameErr = $teleErr = $emailErr = $partyErr = $vipErr = $reservationErr = $timeErr = "";
$name = $tele = $email = $party = $vip = $reservation = $time = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Please enter a full name";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Invalid name entered";
}
}
if (empty($_POST["tele"])) {
$teleErr = "Please enter a telephone number";
} else {
$tele = test_input($_POST["tele"]);
if (!preg_match("/^[0-9 ]{7,}$/",$tele)) {
$teleErr = "Invalid telephone number entered";
}
}
if (empty($_POST["email"])) {
$emailErr = "Please enter an email address";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email entered";
}
}
if($_POST['party']=="") {
$partyErr = "Please select the party size";
} else {
$party = test_input($_POST["party"]);
}
if (empty($_POST["vip"])) {
$vipErr = "Please make a VIP area selection";
} else {
$vip = test_input($_POST["vip"]);
}
if (empty($_POST["reservation"])) {
$reservationErr = "Please enter the reservation date";
} else {
$reservation = test_input($_POST["reservation"]);
if (!preg_match("/^[0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4}$/",$reservation)) {
$reservationErr = "Invalid reservation date";
}
}
if($_POST['time']=="") {
$timeErr = "Please select the reservation time";
} else {
$time = test_input($_POST["time"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<body>
<div id= "container">
<div id="header">
<div id="logo">
<img src="Steakhouselogo.png" width="440" height="152" alt="This is an image of the Steakhouse® logo">
</div>
<br>
<p class="slogan"> <strong> Welcome to Steakhouse®, the number 1 restaurant for flame grilled goodness. </strong> </p>
</div>
<div id="links">
<ul class="nav">
</ul>
</div>
<br>
<!-- Introduction of HTML form -->
<div id="body">
<h1> Book a Table </h1>
<br><br>
<br>
<div class="view">
<img src="view.png" width="451" height="227" alt="A view of our restaurant">
</div>
<br>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<!-- Personal information -->
<div class="form">
<div class="indicates">
<br>
* indicates a required field
</div>
<p class="ex">
<br><br>
<strong> Full Name* : </strong> <br> <input type="text" placeholder="John Doe" name="name" value="<?php echo $name;?>">
<span class="error"> <?php echo $nameErr;?></span>
<br><br><br>
<strong> Contact Telephone* : </strong> <br> <input type="text" placeholder="Telephone Number" name="tele" value="<?php echo $tele;?>">
<span class="error"><?php echo $teleErr;?></span>
<br><br><br>
<strong> Contact Email* : </strong> <br> <input type="text" placeholder="Example#email.com" name="email" value="<?php echo $email;?>">
<span class="error"><?php echo $emailErr;?></span>
<br><br>
<!-- Party requirments -->
<br>
<strong>Select Party Size* :</strong>
<br>
<select name="party" id="party" value="<?php echo $party;?>">
<option value="">Please Select</option>
<option <?php if (isset($party) && $party=="5") echo "selected";?> value="5">1 Person (+£5)</option>
<option <?php if (isset($party) && $party=="10") echo "selected";?> value="10">2 People (+£10)</option>
<option <?php if (isset($party) && $party=="15") echo "selected";?> value="15">3 People (+£15)</option>
<option <?php if (isset($party) && $party=="20") echo "selected";?> value="20">4 People (+£20)</option>
<option <?php if (isset($party) && $party=="25") echo "selected";?> value="25">5 People (+£25)</option>
<option <?php if (isset($party) && $party=="30") echo "selected";?> value="30">6 People (+£30)</option>
<option <?php if (isset($party) && $party=="35") echo "selected";?> value="35">7 People (+£35)</option>
<option <?php if (isset($party) && $party=="40") echo "selected";?> value="40">8 People (+£40)</option>
<option <?php if (isset($party) && $party=="45") echo "selected";?> value="45">9 People (+£45)</option>
<option <?php if (isset($party) && $party=="50") echo "selected";?> value="50">10+ People (+£50)</option>
</select>
<span id="party" class="error"><?php echo $partyErr;?></span>
<br><br><br>
<strong>Dietary Requirements:</strong>
<br><br>
Vegetarian <input type="checkbox" name="diet[]" value="Vegetarian">
<br><br>
Vegan <input type="checkbox" name="diet[]" value="Vegan">
<br><br>
Peanut Allergy <input type="checkbox" name="diet[]" value="Peanut Allergy">
<br><br>
Gluten Allergy <input type="checkbox" name="diet[]" value="Gluten Allergy">
<br><br><br>
<strong> VIP area* : </strong> <br><br>
Yes (+£5) <input type="radio" name="vip" <?php if (isset($vip) && $vip=="Yes") echo "checked";?> value="Yes">
<br><span id="vip" class="error"><?php echo $vipErr;?></span><br>
No <input type="radio" name="vip" <?php if (isset($vip) && $vip=="No") echo "checked";?> value="No">
<br><br><br>
<strong> Reservation Date* : </strong> <br> <input type="text" placeholder="DD/MM/YYYY" name="reservation" value="<?php echo $reservation;?>">
<span class="error"><?php echo $reservationErr;?></span>
<br><br><br>
<strong> Reservation Time* : </strong>
<br>
<select name="time" value="<?php echo $time;?>">
<option value="">Please Select</option>
<option <?php if (isset($time) && $time=="17:00") echo "selected";?> value="17:00">17:00</option>
<option <?php if (isset($time) && $time=="17:30") echo "selected";?> value="17:30">17:30</option>
<option <?php if (isset($time) && $time=="18:00") echo "selected";?> value="18:00">18:00</option>
<option <?php if (isset($time) && $time=="18:30") echo "selected";?> value="18:30">18:30</option>
<option <?php if (isset($time) && $time=="19:00") echo "selected";?> value="19:00">19:00</option>
<option <?php if (isset($time) && $time=="19:30") echo "selected";?> value="19:30">19:30</option>
<option <?php if (isset($time) && $time=="20:00") echo "selected";?> value="20:00">20:00</option>
<option <?php if (isset($time) && $time=="20:30") echo "selected";?> value="20:30">20:30</option>
<option <?php if (isset($time) && $time=="21:00") echo "selected";?> value="21:00">21:00</option>
<option <?php if (isset($time) && $time=="21:30") echo "selected";?> value="21:30">21:30</option>
<option <?php if (isset($time) && $time=="22:00") echo "selected";?> value="22:00">22:00</option>
</select>
<span id="time" class="error"><?php echo $timeErr;?></span>
<br><br><br>
<strong> Any Additional Information: </strong>
<br>
<textarea name="comments" placeholder="Birthdays, Class Parties..." rows="7" cols="40"></textarea>
<br><br>
<div class="totalPrice">
The total reservation price will be calculated automatically once submitted.
<br><br><br>
</div>
<div class="submitEtc">
<input type="submit" id="submit" name="submit" value="Submit">
<input type="reset" value="Reset form">
<br><br><br><br>
....
I have put a lot of effort into my work thus far, so any suggestions are welcomed. Please remember I am new to web languages also. Thank you.
Here is your code
<?php
$nameErr = $teleErr = $emailErr = $partyErr = $vipErr = $reservationErr = $timeErr = "";
$name = $tele = $email = $party = $vip = $reservation = $time = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Please enter a full name";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Invalid name entered";
}
}
if (empty($_POST["tele"])) {
$teleErr = "Please enter a telephone number";
} else {
$tele = test_input($_POST["tele"]);
if (!preg_match("/^[0-9 ]{7,}$/",$tele)) {
$teleErr = "Invalid telephone number entered";
}
}
if (empty($_POST["email"])) {
$emailErr = "Please enter an email address";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email entered";
}
}
if($_POST['party']=="") {
$partyErr = "Please select the party size";
} else {
$party = test_input($_POST["party"]);
}
if (empty($_POST["vip"])) {
$vipErr = "Please make a VIP area selection";
} else {
$vip = test_input($_POST["vip"]);
}
if (empty($_POST["reservation"])) {
$reservationErr = "Please enter the reservation date";
} else {
$reservation = test_input($_POST["reservation"]);
if (!preg_match("/^[0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4}$/",$reservation)) {
$reservationErr = "Invalid reservation date";
}
}
if($_POST['time']=="") {
$timeErr = "Please select the reservation time";
} else {
$time = test_input($_POST["time"]);
}
if($nameErr == "" && $teleErr == "" && $emailErr == "" && $partyErr == "" && $vipErr == "" && $reservationErr == "" && $timeErr == ""){
header('Location: http://yoursite.com/dashboard');
exit();
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
You can redirect your user using the header().
header('Location: http://yoursite.com/dashboard');
exit();
Where are you sending this form data to?. To itself or database. Anyway upon submission, you can echo
any of this javascript function to
redirect the user to a new page after 1 seconds.
echo "<script>
window.setTimeout(function() {
window.location.href = 'redirect.php';
}, 1000);
</script>";
or
echo '<script>
$(document).ready(function() {
window.setInterval(function() {
var timeLeft = $("#timeLeft").html();
if(eval(timeLeft) == 0){
window.location= ("welcome.php");
}else{
$("#timeLeft").html(eval(timeLeft)- eval(1));
}
}, 1000);
});
</script>';
Try this
<?php
$nameErr = $teleErr = $emailErr = $partyErr = $vipErr = $reservationErr = $timeErr = "";
$name = $tele = $email = $party = $vip = $reservation = $time = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$c = 0;
if(empty($_POST["name"])) { {
$nameErr = "Please enter a full name";
$c++;
}
if(!empty($_POST["name"])) {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Invalid name entered";
$c++;
}
}
if (empty($_POST["tele"])) {
$teleErr = "Please enter a telephone number";
$c++;
}
if (!empty($_POST["tele"])) {
$tele = test_input($_POST["tele"]);
if (!preg_match("/^[0-9 ]{7,}$/",$tele)) {
$teleErr = "Invalid telephone number entered";
$c++;
}
}
if (empty($_POST["email"])) {
$emailErr = "Please enter an email address";
$c++;
}
if (!empty($_POST["email"])) {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email entered";
$c++;
}
}
if($_POST['party']=="") {
$partyErr = "Please select the party size";
$c++;
} else {
$party = test_input($_POST["party"]);
}
if (empty($_POST["vip"])) {
$vipErr = "Please make a VIP area selection";
$c++;
} else {
$vip = test_input($_POST["vip"]);
}
if (empty($_POST["reservation"])) {
$reservationErr = "Please enter the reservation date";
$c++;
}
if (!empty($_POST["reservation"])) {
$reservation = test_input($_POST["reservation"]);
if (!preg_match("/^[0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4}$/",$reservation)) {
$reservationErr = "Invalid reservation date";
$c++;
}
}
if($_POST['time']=="") {
$timeErr = "Please select the reservation time";
$c++;
} else {
$time = test_input($_POST["time"]);
}
if($c == 0) {
// redirect here
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Indeed you have done a lot of complication without using Arrays. You may in the case of an error existence set an array named $errors and its key should be the element of the form which is being on check. For example look at the following blue print code:
if (!my_check_email($_POST['email'])){
/* my_check_email() is a custom function the performs email validation. It returns true for valid email and it returns false for invalid email
*/
// Here invalid email
$errors['email'] = true;
}
The repeat similar coding style for other elements of the form you want to validate. At the end you just have to check if the $errors is set or not as follows:
if (isset($errors)){
// do the necessary code for invalid input
}
else{
// Save the data and redirect the user using any mean of redirection.
}
Means of redirection
1- using php header function as other answers stated. However, using header function should be used before any output in your file i.e before any echo or print or even any new line or html tags in your script file.
2- using cient-side javascript like the follwoing:
echo "<script>\n
window.location.href = 'redirect.php';\n
</script>";
3- Using client-side meta tag:
echo '<meta http-equiv="refresh" content="0;URL=http://www.indiana.edu/~account/new-directory" />';
Related
I'm new to php coding and have been told by others that I need to be using parameterized queries/prepared statements for my php scripts and MySQL database. I've looked at other examples of scripting these prepared statements and they usually refer to user login functions. My query is just a web form to capture user inputted data and store in database (SQL insert as opposed to SQL select). I am hoping someone can help me with how to script the php to prevent sql injections. Also hoping someone can let me know whether these prepared statements should also be used in php SQL Select scripts where I am only displaying database records on a form. Thanks in advance!
Here are the two php files I am using, the first is my database connection script:
<?php
DEFINE ('DB_USER', 'fakeuser');
DEFINE ("DB_PSWD", 'fakepassword');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'newspaper');
$dbcon = mysqli_connect(DB_HOST, DB_USER, DB_PSWD, DB_NAME);
?>
Web form PHP script:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
$errors = "false";
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = $subErr = "";
$name = $email = $gender = $comment = $website = $sub = $newrecord = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Name"])) {
$nameErr = "Name is required";
$errors = "true";
} else {
$name = test_input($_POST["Name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
$errors = "true";
}
}
if (empty($_POST["Email"])) {
$emailErr = "Email is required";
$errors = "true";
} else {
$email = test_input($_POST["Email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
$errors = "true";
}
}
if (empty($_POST["Website"])) {
$website = "";
} else {
$website = test_input($_POST["Website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["Comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["Comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
$errors = "true";
} else {
$gender = test_input($_POST["gender"]);
}
if (empty($_POST["Subscription"])) {
$subErr = "Subscription is required";
$errors = "true";
}
else {
$sub = test_input($_POST["Subscription"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Southern Tier Daily News</h2>
<form method="post" action="Newspaper3.php">
<input type="hidden" name="submitted" value="true"/>
<img src="https://bloximages.newyork1.vip.townnews.com/dnews.com/content/tncms/custom/image/5eec4204-483e-11e6-93c8-97ef236dc6c5.jpg?_dc=1468334339" alt="HTML5 Icon" style="width:128px;height:128px;">
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Newspaper Subscription Request</legend>
Name: <input type="text" name="Name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="Website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="Comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Subscription:
<select name="Subscription">
<option value=""></option>
<option value="Daily">Daily</option>
<option value="Evening">Evening</option>
<option value="Weekly">Weekly</option>
<option value="Monthly">Monthly</option>
</select>
<span class="error">* <?php echo $subErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
<br><br>
Visit Admin Page
</fieldset>
</form>
<?php
if (isset($_POST['submitted']) && $errors == "false")
{
include('connect-mysql.php');
$fname = $_POST['Name'];
$femail = $_POST['Email'];
$fcomment = $_POST['Comment'];
$fsubsciption = $_POST['Subscription'];
$sqlinsert = "INSERT INTO subscriptions (Name, Email, Comment, Subscription) VALUES ('$fname',
'$femail', '$fcomment', '$fsubsciption')";
if (!mysqli_query($dbcon, $sqlinsert)) {
die(mysqli_error($dbcon)); //and die('error inserting new record') ;
} // end of nested if statement
// else
$newrecord = "1 record added to the database";
} // end of main if statement
?>
<?php
echo $newrecord
?>
</body>
</html>
UPDATED CODE with Prepared Statement 9/3/17: See bottom of script (Please tell me if you see any issues with this) Also I've commented out the !mysqli_query IF statement below the prepared statement as I thought this was now redundent, but please tell me if it is still required.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
$errors = "false";
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = $subErr = "";
$name = $email = $gender = $comment = $website = $sub = $newrecord = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Name"])) {
$nameErr = "Name is required";
$errors = "true";
} else {
$name = test_input($_POST["Name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
$errors = "true";
}
}
if (empty($_POST["Email"])) {
$emailErr = "Email is required";
$errors = "true";
} else {
$email = test_input($_POST["Email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
$errors = "true";
}
}
if (empty($_POST["Website"])) {
$website = "";
} else {
$website = test_input($_POST["Website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["Comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["Comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
$errors = "true";
} else {
$gender = test_input($_POST["gender"]);
}
if (empty($_POST["Subscription"])) {
$subErr = "Subscription is required";
$errors = "true";
}
else {
$sub = test_input($_POST["Subscription"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Southern Tier Daily News</h2>
<form method="post" action="Newspaper3.php">
<input type="hidden" name="submitted" value="true"/>
<img src="https://bloximages.newyork1.vip.townnews.com/dnews.com/content/tncms/custom/image/5eec4204-483e-11e6-93c8-97ef236dc6c5.jpg?_dc=1468334339" alt="HTML5 Icon" style="width:128px;height:128px;">
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Newspaper Subscription Request</legend>
Name: <input type="text" name="Name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="Website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="Comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Subscription:
<select name="Subscription">
<option value=""></option>
<option value="Daily">Daily</option>
<option value="Evening">Evening</option>
<option value="Weekly">Weekly</option>
<option value="Monthly">Monthly</option>
</select>
<span class="error">* <?php echo $subErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
<br><br>
Visit Admin Page
</fieldset>
</form>
<?php
if (isset($_POST['submitted']) && $errors == "false")
{
include('connect-mysql.php');
$fname = $_POST['Name'];
$femail = $_POST['Email'];
$fcomment = $_POST['Comment'];
$fsubsciption = $_POST['Subscription'];
$sqlinsert = "INSERT INTO subscriptions (Name, Email, Comment, Subscription) VALUES (?,?,?,?)";
$stmt = mysqli_stmt_init($dbcon);
if (!mysqli_stmt_prepare($stmt,$sqlinsert)) {
echo "SQL error"; }
else {
mysqli_stmt_bind_param($stmt,"ssss",$fname, $femail, $fcomment, $fsubsciption);
mysqli_stmt_execute($stmt);
echo '1 record added to the database';
//if (!mysqli_query($dbcon, $sqlinsert)) {
//die(mysqli_error($dbcon));
} // end of nested IF statement
// else
//$newrecord = "1 record added to the database";
} // end of main if statement
?>
<?php
echo $newrecord
?>
</body>
</html>
I'm recieving an issue in the following php code. I am recieiving an unknown variable error in line 146, (echo $newrecord) variable. I'm not sure what is wrong with this variable, I have defined it in the IF statement, and am simply echoing if it is successful. I originally had that segment of code (after ) at the top of the script, but it was causing issues with the mandatory field error messages displaying properly. Any help is appreciated!
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = $subErr = "";
$name = $email = $gender = $comment = $website = $sub = $newrecord = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["Name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["Email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["Email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["Website"])) {
$website = "";
} else {
$website = test_input($_POST["Website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["Comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["Comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
if (empty($_POST["Subscription"])) {
$subErr = "Subscription is required"; }
else {
$sub = test_input($_POST["Subscription"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Southern Tier Daily News</h2>
<form method="post" action="Newspaper3.php">
<input type="hidden" name="submitted" value="true"/>
<img src="https://bloximages.newyork1.vip.townnews.com/dnews.com/content/tncms/custom/image/5eec4204-483e-11e6-93c8-97ef236dc6c5.jpg?_dc=1468334339" alt="HTML5 Icon" style="width:128px;height:128px;">
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Newspaper Subscription Request</legend>
Name: <input type="text" name="Name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="Website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="Comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
Subscription:
<select name="Subscription">
<option value=""></option>
<option value="Daily">Daily</option>
<option value="Evening">Evening</option>
<option value="Weekly">Weekly</option>
<option value="Monthly">Monthly</option>
</select>
<span class="error">* <?php echo $subErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
<br><br>
Visit Admin Page
</fieldset>
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
echo "<br>";
echo $sub;
?>
<?php
if (isset($_POST['submitted'])) {
include('connect-mysql.php');
$fname = $_POST['Name'];
$femail = $_POST['Email'];
$fcomment = $_POST['Comment'];
$fsubsciption = $_POST['Subscription'];
$sqlinsert = "INSERT INTO newspaper (Name, Email, Comment, Subscription) VALUES ('$fname',
'$femail', '$fcomment', '$fsubsciption')";
if (!mysqli_query($dbcon, $sqlinsert)) {
die('error inserting new record');
} // end of nested if statement
$newrecord = "1 record added to the database";
} // end of main if statement
?>
<?php
echo $newrecord
?>
</body>
</html>
newrecord is defined and initialized inside the if statement, therefore if your code opts to the else, it will skip the if and your newrecord variable won't exist.
$newrecord is defined within an if statement, when the if is not executed the variable is not available. You can define it by default adding $newrecord = ''; before you start the if for the submit.
how to pass the collected input to another page after self validate in php
<!DOCTYPE html>
<html lang="en">
<head>
<title>Page Title Goes Here</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="form1.css"/>
</head>
<body>
<?php
//define variable and set to empty value
$forenameErr = $surnameErr = $emailErr = $postalAddressErr = $landLineTelNoErr =$mobileTelNoErr = $sendMethodErr = "";
$forename = $surname = $email = $postalAddress = $landLineTelNo = $mobileTelNo = $sendMethod = "";
if($_SERVER["REQUEST_METHOD"] =="POST"){
$valid = true;
if(empty($_POST["forename"])){
$forenameErr = "Forename is required";
$valid = false; //false
} else {
$forename = test_input($_POST["forename"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$forename)) {
$forenameErr = "Only letters and white space allowed";
}
}
if(empty($_POST["surname"])){
$surnameErr = "Surname is required";
$valid = false; //false
} else {
$surname = test_input($_POST["surname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$surname)) {
$surnameErr = "Only letters and white space allowed";
}
}
if(empty($_POST["postalAddress"])){
$postalAddressErr =" Please enter postal address";
$valid = false; //false
} else {
$postalAddress = test_input($_POST["postalAddress"]);
}
if(empty($_POST["landLineTelNo"])){
$landLineTelNoErr = "Please enter a telephone number";
$valid = false; //false
} else {
$landLineTelNo = test_input($_POST["landLineTelNo"]);
// check if invalid telephone number added
if (!preg_match("/^[0-9 ]{7,}$/",$landLineTelNo)) {
$landLineTelNoErr = "Invalid telephone number entered";
}
}
if(empty($_POST["mobileTelNo"])){
$mobileTelNoErr = "Please enter a telephone number";
$valid = false; //false
} else {
$mobileTelNo = test_input($_POST["mobileTelNo"]);
// check if invalid telephone number added
if (!preg_match("/^[0-9 ]{7,}$/",$mobileTelNo)) {
$mobileTelNoErr = "Invalid telephone number entered";
}
}
if(empty($_POST["email"])){
$emailErr = "Email is required";
$valid = false; //false
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if(empty($_POST["sendMethod"])){
$sendMethodErr = "Contact method is required";
$valid = false; //false
} else {
$sendMethod = test_input($_POST["sendMethod"]);
}
//if valid then redirect
if($valid){
header('Location: userdetail.php');
exit();
}
}
//check
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<div id="wrapper">
<h1>Welcome to Chollerton Tearoom! </h1>
<nav>
<ul>
<li>Home</li>
<li>Find out more</li>
<li>Offer</li>
<li>Credit</li>
<li>Admin</li>
<li>WireFrame</li>
</ul>
</nav>
<form id = "userdetail" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<fieldset id="aboutyou">
<legend id="legendauto">user information</legend>
<p>
<label for="forename">Forename: </label>
<input type="text" name="forename" id="forename" value="<?php echo $forename;?>">
<span class="error">* <?php echo $forenameErr;?></span>
</p>
<p>
<label for="surname">Surname:</label>
<input type="text" name="surname" id="surname" value="<?php echo $surname;?>">
<span class="error">* <?php echo $surnameErr;?></span>
</p>
<p>
<label for="postalAddress">Postal Address:</label>
<input type="text" name="postalAddress" id="postalAddress" value="<?php echo $postalAddress;?>">
<span class="error"> </span>
</p>
<p>
<label for="landLineTelNo">Landline Telephone Number:</label>
<input type="text" name="landLineTelNo" id="landLineTelNo" value="<?php echo $landLineTelNo;?>" >
<span class="error"> * <?php echo $landLineTelNoErr;?></span>
</p>
<p>
<label for="mobileTelNo">Moblie:</label>
<input type="text" name="mobileTelNo" id="mobileTelNo" placeholder="example:012-3456789" value="<?php echo $mobileTelNo;?>" />
<span class="error"><?php echo $mobileTelNoErr;?></span>
</p>
<p>
<label for="email">E-mail:</label>
<input type="text" name="email" id="email" value="<?php echo $email;?>" placeholder="example:123#hotmail.com"/>
<span class="error"> </span>
</p>
<fieldset id="future">
<legend>Lastest news</legend>
<p>
Choose the method you recommanded to recevive the lastest information
</p>
<br>
<input type="radio" name="sendMethod" id="sendMethod" <?php if (isset($sendMethod) && $sendMethod=="email") echo "checked";?> value="email">
Email
<input type="radio" name="sendMethod" id="sendMethod" <?php if (isset($sendMethod) && $sendMethod=="post") echo "checked";?> value="post">
Post
<input type="radio" name="sendMethod" id="sendMethod" <?php if (isset($sendMethod) && $sendMethod=="SMS") echo "checked";?> value="SMS">
SMS
<span class="error">* <?php echo $sendMethodErr;?></span>
</fieldset>
<p><span class="error">* required field.</span></p>
<input type="checkbox" name="checkbox" value="check" id="agree" />
I have read and agree to the Terms and Conditions and Privacy Policy
<p>
<input type="submit" name="submit" value="submit" />
</p>
</form>
</fieldset>
</form>
</div>
</body>
</html>
here is my php form...
it can validate itself in the same page but couldn't pass the data to another php page....
here is my another php code...
<?php
$forenameErr = $surnameErr = $emailErr = $postalAddressErr = $landLineTelNoErr =$mobileTelNoErr = $sendMethodErr = "";
$forename = $surname = $email = $postalAddress = $landLineTelNo = $mobileTelNo = $sendMethod = "";
echo "<h1>Successfull submission :</h1>";
echo "<p>Forename : $forename <p/>";
echo "<p>Surname : $surname <p/>";
echo "<p>Email: $email</p>";
echo "<p>Post Address: $postalAddress</p>";
echo "<p>Landline: $landLineTelNo</p>";
echo "<p>Mobile : $mobileTelNo</p>";
echo "<p>Contact method: $sendMethod";
?>
You can use $_SESSION variables.
PHP $_SESSIONS
PHP Sessions and Cookies
So after the users has been validated set $_SESSION['surname'] = $surname;
Then on the top of each page add session_start(); to the top.
Then Under that add
if (isset($_SESSION['surname'])) {
$surname = $_SESSION['surname'];
} else {
die();
}
View the PHP docs for a more thorough understanding.
You may also want to look into setting up a MYSQL database if you want users to be able to create accounts.
Edit: form page
if($valid){
$_SESSION['surname'] = $surname;
$_SESSION['postalAddress'] = $postalAddress;
header('Location: userdetail.php');
exit();
}
Thank you in advance, I am trying to figure out why my code isn't running the
if($error != true) {
echo "working";} block of code. I wish to replace this with mysql functionality later on but for now i need to know how to get the form submission working when all the fields are valid.
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$error = $fnameErr = $lnameErr = $doberror = $SnameErr = $state_Err = $post_code_num_Err = $sex_Err= $emailErr = $pwd1 = "";
$fname = $lname = $dob = $street_name = $state =$post_code_num = $sex = $email = $pwd1_Err = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fnameErr = "Name is required";
$error = true;
} else {
$fname = test_input($_POST["fname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$error = true;
$fnameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["lname"])) {
$lnameErr = "last name is required";
$error = true;
} else {
$lname = test_input($_POST["lname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lname)) {
$lnameErr = "Only letters and white space allowed";
$error = true;
}
}
if (empty($_POST["dob"])) {
$doberror = "dob name is required";
$error = true;
} else {
$dob = test_input($_POST["dob"]);
// check if name only contains letters and whitespace
if (!preg_match("/^(0?[1-9]|[12]\d|3[01])\/(0?[1-9]|1[012])\/(19|20)\d\d$/",$dob)) {
$doberror = "format must match dd/mm/yyyy";
$error = true;
}
}
if (empty($_POST["street_name"])) {
$SnameErr = "street name is required";
$error = true;
} else {
$street_name = test_input($_POST["street_name"]);
// check if name only contains letters and whitespace
if (!preg_match("/\d{1,3}.?\d{0,3}\s[a-zA-Z]{2,30}\s[a-zA-Z]{2,15}/",$street_name)) {
$SnameErr = "must be in format like 123 fake street or 12/2 fake street";
$error = true;
}
}
if (empty($_POST["state"])) {
$state_Err = "state is required";
$error = true;
} else {
$state = test_input($_POST["state"]);
$error = true;
}
if (empty($_POST["post_code_num"])) {
$post_code_num_Err = "Post code is required";
$error = true;
} else {
$post_code_num = test_input($_POST["post_code_num"]);
// check if name only contains letters and whitespace
if (!preg_match("/^\d{4,4}$/",$post_code_num)) {
$post_code_num_Err = "4 digit postcode only";
$error = true;
}
}
if (empty($_POST["sex"])) {
$sex_Err = "Gender is required";
$error = true;
} else {
$sex = test_input($_POST["sex"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
$error = true;
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
$error = true;
}
}
if (empty($_POST["pwd1"])) {
$pwd1 = "password is required";
$error = true;
} else {
$pwd1 = test_input($_POST["pwd1"]);
// check if name only contains letters and whitespace
if (!preg_match("/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\w{6,}$/",$pwd1)) {
$pwd1_Err = "Must contain at least one number, one lowercase and one uppercase letter. must have a minimum of 6 characters";
$error = true;
}
}
if($error != true) {
echo "working";
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo ($_SERVER["testphp.php"]);?>">
First Name:<br>
<input type="text" name="fname" value="<?php echo $fname;?>">
<span class="error">* <?php echo $fnameErr;?></span>
<br>
Last Name:<br>
<input type="text" name="lname" value="<?php echo $lname;?>">
<span class="error">* <?php echo $lnameErr;?></span>
<br>
Date of Birth:<br>
<input type="text" name="dob" value="<?php echo $dob;?>">
<span class="error">* <?php echo $doberror;?></span>
<br>
<fieldset>
<br>
<legend>Address:</legend>
<br>
Street Name:
<input type="text" name="street_name" value="<?php echo $street_name;?>">
<span class="error">* <?php echo $SnameErr;?></span>
<br>
State:
<select name="state" id="state" placeholder="Select a state"
<option value="">Please Select</option>
<option value="QLD">QLD</option>
<option value="NT">NT</option>
<option value="WA">WA</option>
<option value="SA">SA</option>
<option value="NSW">NSW</option>
<option value="ACT">ACT</option>
<option value="TAS">TAS</option>
<option value="VIC">VIC</option>
</select>
<span class="error">* <?php echo $state_Err;?></span>
<br>
Post Code:
<input type="text" name="post_code_num" value="<?php echo $post_code_num;?>">
<span class="error">* <?php echo $post_code_num_Err;?></span>
</fieldset>
<br>
Sex:
<input type="radio" name="sex" value="male" checked>Male
<input type="radio" name="sex" value="female">Female
<span class="error">* <?php echo $sex_Err;?></span>
<br>
Email:
<input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br>
password:
<input type="password" name="pwd1" value="<?php echo $pwd1;?>">
<span class="error">* <?php echo $pwd1_Err;?></span>
<br>
<input type="submit"></input>
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $fname;
echo "<br>";
echo $lname;
echo "<br>";
echo $house_num;
echo "<br>";
echo $street_name;
echo "<br>";
echo $state;
echo "<br>";
echo $post_code_num;
echo "<br>";
echo $dob;
echo "<br>";
echo $sex;
echo "<br>";
echo $email;
echo "<br>";
echo $pwd1;
echo "<br>";
?>
</body>
if (empty($_POST["state"])) {
$state_Err = "state is required";
$error = true;
} else {
$state = test_input($_POST["state"]);
$error = true;
}
So always $error=true.
I'm using this code from W3 (http://www.w3schools.com/php/php_form_complete.asp) to make server side validation for given example form.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST["website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
?>
</body>
</html>
Although server side validation works fine,I can't put mail() function to work ONLY WHEN both $name (treated as subject) and $comment (treated as message) fields are filled.
I've tried many combinations but email is always submitted even when fields are empty.
So my question is: how to make this validated form send email only when $name and $comment fields are filled and validated?
As you are creating $nameErr when the name is invalid and $comment is an empty string when the comment is valid you can use the following conditional:
if (!$nameErr && $comment) {
}
Empty strings are considered FALSE:
http://php.net/manual/en/language.types.boolean.php
You can always use flags.
<?php
....
// let's say there are some flags for validation
if($flag1 && $flag2 && .. $flagN){
// perform email sending here
}
?>
Or you can use the default error message variables; check if they are empty
<?php
if(!empty($nameErr) && !empty($comment)){
// perform email sending
}
?>
Do the validation after you validated $name and $comment:
if($nameErr == "" && $emailErr == "") { // If they are empty, no errors where found
// Do your email validation here
}