We Keep Coding

PHP form verification doesn't work [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I am trying to make a html form with php verification but trying to submit the form with at least one filled textfield will say that the emails dont match (self made part of the code that should not be displayed.
<?php
error_reporting(0);
if(isset($_POST["submit"])){
//File Verification
if(empty($_POST['username']) && empty($_POST['password1']) && empty($_POST['password2']) && empty($_POST['email1']) && empty($_POST['email2']) && empty($_POST['bday'])){
echo"Kom op, vul alles in";
echo "<meta http-equiv='refresh' content='5;URL=register.php' />";
exit();
}
else{
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['password1'];
$pass2 = $_POST['password2'];
if(email1 == email2){
if(pass1 == pass2){
}
else{
echo "<meta http-equiv='refresh' content='5;URL=register.php' />";
echo"Je wachtwoorden komen niet overeen";
exit();
}
}
else{
echo "<meta http-equiv='refresh' content='5;URL=register.php' />";
echo "Je email gegevens komen niet overeen";
exit();
}
}
}
else{
$form = <<<EOT
<form method="post" action="register.php">
Gebruikersnaam: <input type="text" name="username" placeholder="type hier je gebruikers naam"/><br /><br />
wachtwoord: <input type="password" name="password1" placeholder="type hier je wachtwoord"/><br /><br />
wachtwoord opnieuw: <input type="password" name="password2" placeholder="type je wachtwoord opnieuw in"/><br /><br />
email: <input type="text" name="email1" placeholder="type hier je email"/><br /><br />
email opnieuw: <input type="text" name="email2" placeholder="type hier je email opnieuw"/><br /><br />
Geboorte datum: <input type="date" name="bday"/ placeholder="type je geboorte datum hier"><br /><br />
<input type="submit" name="submit"/>
</form>
EOT;
echo $form;
}
?>
It just shows
else{
echo "<meta http-equiv='refresh' content='5;URL=register.php' />";
echo "Je email gegevens komen niet overeen";

Try changing:
if(email1 == email2){
if(pass1 == pass2){
to:
if($email1 == $email2){
if($pass1 == $pass2){

You've a typo pass1 == pass2.
Also, you may want to change from:
if(empty($_POST['username']) &&...
to
if(empty($_POST['username']) OR...

creating an array from database

I'm using a array to get a range between 1011-2371 but I'didnt need all digits. It's a long list thats why I import the CSV to the database.
I want to create a array from a database table.
But I can't get it.
Here's a rough mockup of the old php:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
<input type="text" placeholder="1234AB" name="postcode" />
<input type="submit" value="verstuur" />
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
$postcode = range(1011,2371);
if(preg_match('/^[1-9][0-9]{3} ?[a-zA-Z]{2}$/', $_POST['postcode'])) {
if(in_array($_POST['postcode'],$postcode)) {
echo 'FreshFoods is beschikbaar bij jou in de buurt.';
} else {
echo 'FreshFoods is nog niet beschikbaar bij u in de buurt.';
}
} else {
echo 'Voer 4 cijfers en 2 letters in als postcode. Voorbeeld 1234AB';
}
}
?>
and this is what I try do get the array from the database:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
<input type="text" placeholder="1234AB" name="postcode" />
<input type="submit" value="verstuur" />
</form>
<?php
require_once 'db_config.php';
if($_SERVER['REQUEST_METHOD'] == "POST") {
$postcode = array();
$result = mysql_query("SELECT postcode FROM postcode_check");
if(preg_match('/^[1-9][0-9]{3} ?[a-zA-Z]{2}$/', $_POST['postcode'])) {
if(in_array($_POST['postcode'],$postcode)) {
echo 'FreshFoods is beschikbaar bij jou in de buurt.';
} else {
echo 'FreshFoods is nog niet beschikbaar bij u in de buurt.';
}
} else {
echo 'Voer 4 cijfers en 2 letters in als postcode. Voorbeeld 1234AB';
}
}
?>
the db_config.php file looks like:
<?php
$db = array (
'host' => 'localhost',
'user' => 'root',
'pass' => 'root',
'dbname' => 'testzip'
);
if(!mysql_connect($db['host'], $db['user'], $db['pass']))
{
trigger_error('Fout bij verbinden: '.mysql_error());
}
elseif(!mysql_select_db($db['dbname']))
{
trigger_error('Fout bij selecteren database: '.mysql_error());
}
else
{
$sql = "SET SESSION sql_mode = 'ANSI,ONLY_FULL_GROUP_BY'";
if(!mysql_query($sql))
{
trigger_error('MySQL in ANSI niet mogelijk');
}
}
?>

you have to use mysql_fetch_array or mysql_fetch_assoc to fetch the result from database.
<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
<input type="text" placeholder="1234AB" name="postcode" />
<input type="submit" value="verstuur" />
</form>
<?php
require_once 'db_config.php';
if($_SERVER['REQUEST_METHOD'] == "POST") {
$postcode = array();
$result = mysql_query("SELECT postcode FROM postcode_check");
while ($row = mysql_fetch_array($result)) {
$postcode[] = $row['postcode'];
}
if(preg_match('/^[1-9][0-9]{3} ?[a-zA-Z]{2}$/', $_POST['postcode'])) {
if(in_array($_POST['postcode'],$postcode)) {
echo 'FreshFoods is beschikbaar bij jou in de buurt.';
} else {
echo 'FreshFoods is nog niet beschikbaar bij u in de buurt.';
}
} else {
echo 'Voer 4 cijfers en 2 letters in als postcode. Voorbeeld 1234AB';
}
}
?>
Try this code.

You need to fetch the result. Your regex will never match your sample data from the db though so you will always get the nog niet message. or voorbeeld. Never 'FreshFoods is beschikbaar bij jou in de buurt'
<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
<input type="text" placeholder="1234AB" name="postcode" />
<input type="submit" value="verstuur" />
</form>
<?php
require_once 'db_config.php';
if($_SERVER['REQUEST_METHOD'] == "POST") {
$postcode = array();
$result = mysql_query("SELECT postcode FROM postcode_check");
while($row = mysql_fetch_assoc($result)){
$postcode[] = $row['postcode'];
}
if(preg_match('/^[1-9][0-9]{3} ?[a-zA-Z]{2}$/', $_POST['postcode'])) {
if(in_array($_POST['postcode'],$postcode)) {
echo 'FreshFoods is beschikbaar bij jou in de buurt.';
} else {
echo 'FreshFoods is nog niet beschikbaar bij u in de buurt.';
}
} else {
echo 'Voer 4 cijfers en 2 letters in als postcode. Voorbeeld 1234AB';
}
}
?>

Fill in form in PHP

So I've had to make a simple phonebook in PHP, but right now it simply echos the text beneath the form, I however, want it to fill it in the form which says: Phonenumber (When you type in the exact name of someone you it echos their phonenumber)
Here's the Form:
<form action="" method="post">
Naam: <br><input type="text" name="name" /><br>
Telefoonnummer: <br><input type="text" name="phonenumber" disabled />
<input type="submit" value="submit" />
</form>
and here's the PHP (I'm Dutch btw so some of the text is in Dutch):
<?php
if(isset($_POST['name'])) {
$formNaam = $_POST['name'];
$naamPersoon = array ("Ilja Clabbers","Piet Paulusma","Gerrit Zalm");
$telefoonNummer = array ("038-4699776","0568-121212","010-2311512");
if(empty($formNaam)) {
echo 'Vul een veld in.';
} else if ($formNaam == $naamPersoon[0]){
echo "Het telefoonnummer van " . $naamPersoon[0] . " is " .$telefoonNummer[0];
} else if ($formNaam == $naamPersoon[1]){
echo "Het telefoonnummer van " . $naamPersoon[1] . " is " .$telefoonNummer[1];
} else if ($formNaam == $naamPersoon[2]){
echo "Het telefoonnummer van " . $naamPersoon[2] . " is " .$telefoonNummer[2];
} else {
echo "Deze naam staat niet in het archief";
}
}
?>
So basically what I'd like to know is; How do you get the phonenumber belonging to a persons name to be shown in the Form where it says 'Telefoonnummer:'?

A neater solution would be to make a single associative array with key => value pairs:
$naamPersoon = array (
"Ilja Clabbers" => "038-4699776",
"Piet Paulusma" => "0568-121212",
"Gerrit Zalm" => "010-2311512",
);
Then your code would be:
$phonenumber = '';
if (array_key_exists($formNaam, $naamPersoon)) {
echo "Het telefoonnummer van " . $formNaam . " is " . $naamPersoon[$formNaam];
$phonenumber = $naamPersoon[$formNaam];
} else {
echo "Deze naam staat niet in het archief";
}
Alternatively you could keep your two arrays as they are and use array_search to find the index of the name in the first array, then use it as the index you check in the second array
$phonenumber = '';
$index = array_search($formNaam, $naamPersoon);
if ($index === false) {
echo "Deze naam staat niet in het archief";
} else {
echo "Het telefoonnummer van " . $formNaam . " is " . $telefoonNummer[$index];
$phonenumber = $telefoonNummer[$index];
}
Either way you can then use the assigned variable $phonenumber to add the number to the form by echoing it out as the input's value. At which point you can take out the echos if you wish.
<form action="" method="post">
Naam: <br><input type="text" name="name" /><br>
Telefoonnummer: <br><input type="text" name="phonenumber" value="<?=htmlspecialchars($phonenumber)?>" disabled />
<input type="submit" value="submit" />
</form>

Mail form through php

I have made this form and I want to ask is this safe enough. I tried many times making a captcha thingie but it won't work for me. I am still a student please don't sent to hard things.
Question 1 : Is mysql_real_escape_string safe enough?
Question 2 : I need a really simple (numeric) captcha, can someone send me an example (or other stack post)
This gona be used on an informatic site just as a mail form. on that site are no databases/logins and that.
<?php
include '../connect.php'; #db connection for mysql_real_escape_string
$errors = array('');
//valideren of er op de submit gedrukt is en of alle benodigde data is ingevuld
if(isset($_POST['submit'])){
if(!empty($_POST['naam']) && !empty($_POST['email']) && !empty($_POST['bericht'])){
$naam = mysql_real_escape_string($_POST['naam']);
$email = mysql_real_escape_string($_POST['email']);
$bericht = mysql_real_escape_string($_POST['bericht']);
$telefoon = mysql_real_escape_string($_POST['telefoon']);
$regex = "/^[A-Za-z .'-]+$/";
if(!preg_match($regex,$naam)) {
array_push($errors , 'De naam is niet geldig');
}
if(strlen($bericht) < 5) {
array_push($errors , 'Het bericht is te kort');
}
$email_regex = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_regex,$email)) {
array_push($errors , 'Uw email is niet geldig.');
}
Here comes mail part.
}else{
array_push($errors , 'Een van de verplichte velden is niet ingevuld. Alle velden met * zijn verplicht.');
}
}
?>
<form method="post">
<p>
<label>naam*</label>
<input type="text" name="naam"/>
</p>
<p>
<label>email*</label>
<input type="text" name="email"/>
</p>
<p>
<label>telefoon</label>
<input type="text" name="telefoon"/>
</p>
<p>
<label>Bericht*</label>
<textarea name="bericht" style="width:459px; height:187px;" ></textarea>
</p>
<p>
<label> </label>
<input type="submit" value="verstuur" name="submit"/>
</p>
</form>
<?php
if (count ($errors > 0)){
foreach($errors as $error){
echo '<p class="error">'.$error.'</p>';
}
}
?>

Is mysql_real_escape_string safe enough?
It is a poor solution for protecting a MySQL database.
It is completely inappropriate for sending email.
Whatever you do to protect bad data from corrupting your email, it should be done just before the data is inserted into that email — not before you run sanity checks over it.

Validate form before submitted (Check all fields are entered)

I'm trying to check that the fields in the form below have been filled before it can be inserted into a database e.g. display a pop up with the fields that have not been filled in. It is just a simple Registration form.
<form name="form1" method="post" action="signup_ac.php">
<strong>Sign up</strong>
Username:<input name="username" type="text" id="username" size="30">
Password:<input name="password" type="password" id="password" size="15">
Name:<input name="name" type="text" id="name" size="30">
<select name="Month">
<option selected>Month</option>
<option value="January">January</option>
<option value="Febuary">Febuary</option
</select>
<select name=Year>
<option selected>Year</option>
<option value="2012">2012</option>
<option value="2011">2011</option>
</select>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</form>
How do I do this using JavaScript or jQuery.

First of all, download the jQuery validate plugin and add it to your page. Then give each input you want to make a required field a class of required. Then in jQuery:
$(function() {
$("form").validate();
});
The validate plugin is very feature rich, so you can have different types of message displayed, different validation checks etc should you require. There's more information on that in the documentation.
Finally, as with all javascript front-end validation, make sure you validate user input on the server side too, just in case a user has javascript turned off in their browser.

A simple solution (using jQuery) would be:
$(document).ready(function () {
$('input').each(function () {
var $this = $(this);
var err = $this.attr('id') + ' is required.';
var errElem = $('<span />').text(err).css({'color': 'red', 'font-weight': 'bold'});
if ($this.val().length === 0) {
$this.parent('td').append(errElem);
}
});
});
Make sure to do server-side validation as well. There are some users who disable JavaScript (and then this wouldn't run).

Below is what I will have a normal html file
<html>
<head>
<script language="javascript">
function validateMe() {
if (firstname is blank) {
alert("Enter first name");
form.first.focus();
return false;
}
if (lastname is blank) {
alert("Enter last name");
form.last.focus();
return false;
}
return true;
}
</script>
<body>
// Form here
<input type="submit" name="submit" value="Submit" onClick="return validateMe()">
</body>
</html>
if first name is blank, form never submit the form...

Another way:
if($_SERVER['REQUEST_METHOD']=='POST'){
require('inc/mysqli_connect.php');
$errors=array();
/*Verifica el nombre*/
if(empty($_POST['first_name'])){
$errors[]='Verifique el campo de Nombre del participante';
}else{
$fina=mysqli_real_escape_string($dbc, trim($_POST['first_name']));
}
/*Verifica el apellido paterno*/
if(empty($_POST['ape_pat'])){
$errors[]='Verifique el campo de Apellido Paterno del participante';
}else{
$appa=mysqli_real_escape_string($dbc, trim($_POST['ape_pat']));
}
/*Verifica el apellido materno*/
if(empty($_POST['ape_mat'])){
$errors[]='Verifique el campo de Apellido Materno del participante';
}else{
$apma=mysqli_real_escape_string($dbc, trim($_POST['ape_mat']));
}
/*Verifica el genero*/
if(empty($_POST['gender'])){
$errors[]='Seleccione el Género del participante';
}else{
$gend=mysqli_real_escape_string($dbc, trim($_POST['gender']));
}
/*Verifica el correo electronico*/
if(empty($_POST['email'])){
$errors[]='Verifique el campo de Correo Electrónico del participante';
}else{
$coel=mysqli_real_escape_string($dbc, trim($_POST['email']));
}
/*and repeat the code above for all the input that you have in your form */
if(empty($errors)){
$q="INSERT INTO participante(nombre, paterno, materno, genero, correo, fechadenac, procedencia, ocupacion, asistencia, fechareg) VALUES ('$fina','$appa','$apma','$gend','$coel','$dabi','$prov','$ocup','$assi',NOW())";
$r=mysqli_query($dbc,$q);
if($r){
echo '
<p>
Nombre: <b>'.$_POST['first_name'].'</b><br />
Apellido Paterno: <b>'.$_POST['ape_pat'].'</b><br />
Apellido Materno: <b>'.$_POST['ape_mat'].'</b><br />
Genero: <b>'.$_POST['gender'].'</b><br />
Correo Electrónico: <b>'.$_POST['email'].'</b><br />
Fecha de nacimiento: <b>'.$_POST['date'].'</b><br />
Procedencia: <b>'.$_POST['provenance'].'</b><br />
Ocupación: <b>'.$_POST['ocuppation'].'</b><br />
¿Asistió? <b>'.$_POST['assistance'].'</b><br />
</p>
';
}else{
echo '
<h2><a>¡Error del Sistema!</a></h2>
<p>
El registro no pudo realizarse debido a un error del sistema. Disculpe los incovenientes.<br />
</p>
<p>
Error: '.mysqli_error($dbc).'<br />
Query: '.$q.'<br />
</p>
';
}
mysqli_close($dbc);
include ('inc/footer.html');
exit();
}else{
echo '
<p>
Revise que todo los campos hayan sido llenados correctamente.<br />
Se encontraron los siguientes errores: <br />
';
foreach ($errors as $msg) {
echo " - $msg<br />\n";
}
echo '
</p>
<p>
Ingrese los datos faltantes e intente de nuevo.
</p>
';
}
mysqli_close($dbc);
}