I'm trying to use php to validate my form. I would like to validate a product_name box for being not empty, a price box for being numeric and having a decimal, and a quantity box for being an integer. Right now I'm getting an error:
Parse error: syntax error, unexpected T_VARIABLE in C:\Program Files\IndigoPerl\apache\htdocs\process_games.php on line 60
I don't think I have how the price is validated correct either, how would I include the decimal point? I'm not sure if the way I have the code that the information will still be added to the DB if the error message for the price & quantity comes up. Maybe I should nest them with the product name?
<?php
echo '<html>
<head><link rel="stylesheet" type="text/css" href="styles.css" />
<title>Uploading image and adding game to database...</title>
</head>
<body>
<h3>Uploading file...</h3>';
if ($_FILES['filename']['error'] > 0)
{
echo 'Problem: ';
switch ($_FILES['filename']['error'])
{
case 1: echo 'File exceeded upload_max_filesize'; break;
case 2: echo 'File exceeded max_file_size'; break;
case 3: echo 'File only partially uploaded'; break;
case 4: echo 'No file uploaded'; break;
}
exit;
}
// put the file where we'd like it
$upfile = './images/'.$_FILES['filename']['name'];
if (is_uploaded_file($_FILES['filename']['tmp_name']))
{
if (!move_uploaded_file($_FILES['filename']['tmp_name'], $upfile))
{
echo 'Problem: Could not move file to destination directory';
exit;
}
}
else
{
echo 'Problem: Possible file upload attack. Filename: ';
echo $_FILES['filename']['name'];
exit;
}
echo '<p>File uploaded successfully<br><br>';
if (isset($_POST['description'])) {
$description = $_POST['description'];
} else {
$description = $_FILES['filename']['name'];
}
// show what was uploaded
echo '<p>Preview of uploaded file:<br><hr>';
echo "<a href='$upfile'>$description</a>";
echo '<br><hr>';
echo '</body></html>';
$imagename = $description;
// Set up the database connection.
require_once ('mysqli_connect.php');
if (! preg_match('/^-?\d+$/'$_POST['price'])) {
print 'Price must be a number.';
}
if (! preg_match('/^-?\d+$/'$_POST['quantity'])) {
print 'Quantity must be an integer.';
}
if (!empty($_POST['product_name'])
{
// add new sandwich
$product_name = $_POST['product_name];
$quantity = $_POST['quantity'];
$price = $_POST['price'];
$systemid = $_POST[systemid];
$genreid = $_POST[genreid];
$conditionid = $_POST[conditionid];
$query = "INSERT INTO products (productName, quanity, price, image_name, systemid, genreid, conditionid)
VALUES ('$product_name', '$quantity', '$price', $imagename, $systemid, $genreid, $conditionid)";
$result = mysqli_query ($dbc, $query);
$productid = mysqli_insert_id($dbc);
}
else
{
echo '<p>Error - All fields are required!</p>';
}
echo 'Productid: ' . $productid . ' ' . ' Game Name: ' . $product_name . ' ' . ' Image Name: ' .
$imagename . ' Quantity: ' . $quantity . ' Price: ' . $price . '<br>';
?>