Member Avatar for inni2626

Hello Everyone,

Am working on a project with includes php and mysql database.Everything works fine but i fail to make the validation work or i guess don't know how.

I got a form and i would like if the user input numeric or less character to submit an error message.
Here is my code:
This is the index.php file

<?php
if (isset($_POST['action'])) {
    $action = $_POST['action'];
} else if (isset($_GET['action'])) {
    $action = $_GET['action'];
} else {
    $action = 'list_products';
}

$action = strtolower($action);
switch ($action) {
    case 'list_products':
        // get categories and products
        @$category_id = $_GET['category_id'];
        if (empty($category_id)) {
            $category_id = 1;
        }
        $current_category = get_category($category_id);
        $categories = get_categories();
        $products = get_products_by_category($category_id);

        // display product list
        include('product_list.php');
        break;
    case 'view_product':
        $categories = get_categories();
        $product_id = $_GET['product_id'];
        $product = get_product($product_id);
        include('product_view.php');
        break;
    case 'delete_product':
        $category_id = $_POST['category_id'];
        $product_id = $_POST['product_id'];
        delete_product($product_id);

        // Display the Product List page for the current category
        header("Location: .?category_id=$category_id");
        break;
    case 'show_add_edit_form':
        if (isset($_GET['product_id'])) {
            $product_id = $_GET['product_id'];
        } else {
            $product_id = $_POST['product_id'];
        }
        $product = get_product($product_id);
        $categories = get_categories();
        include('product_add_edit.php');
        break;
    case 'add_product':
        $category_id = $_POST['category_id'];
        $code = $_POST['code'];
        $name = $_POST['name'];
        $description = $_POST['description'];
        $price = $_POST['price'];
        $discount_percent = $_POST['discount_percent'];


        // Validate inputs
        if (empty($code) || empty($name) || empty($description) ||
            empty($price) ) {
            $error = 'Invalid product data.
                      Check all fields and try again.';
            include('../../errors/error.php');
        } else {
            $categories = get_categories();
            $product_id = add_product($category_id, $code, $name,
                    $description, $price, $discount_percent);
            $product = get_product($product_id);
            include('product_view.php');
        }
        break;
    case 'update_product':
        $product_id = $_POST['product_id'];
        $code = $_POST['code'];
        $name = $_POST['name'];
        $description = $_POST['description'];
        $price = $_POST['price'];
        $discount_percent = $_POST['discount_percent'];
        $category_id = $_POST['category_id'];

        // Validate inputs
        if (empty($code) || empty($name) || empty($description) ||
            empty($price) ) {
            $error = 'Invalid product data.
                      Check all fields and try again.';
            include('../../errors/error.php');

        }else{
            $categories = get_categories();
            update_product($product_id, $code, $name, $description,
                           $price, $discount_percent, $category_id);
            $product = get_product($product_id);
            include('product_view.php');
        }
        break;
}
?>

This is the add and edit application form for the user update products.

 <?php
    if (isset($product_id)) {//checks if the product id has been set 
        $heading_text = 'Edit Product';
    } else {//product id not set then add new product
        $heading_text = 'Add Product';
    }
    ?>
    <h1>Product Manager - <?php echo $heading_text; ?></h1>
    <form action="index.php" method="post" id="add_edit_product_form">
        <?php if (isset($product_id)) : ?>
            <input type="hidden" name="action" value="update_product" />
            <input type="hidden" name="product_id"
                   value="<?php echo $product_id; ?>" />
        <?php else: ?>
            <input type="hidden" name="action" value="add_product" />
        <?php endif; ?>
            <input type="hidden" name="category_id"
                   value="<?php echo $product['categoryID']; ?>" />

         <!-- Display product categoies drop down list-->   
        <label>Category:</label>
        <select name="category_id">
        <?php foreach ($categories as $category) : 
            if ($category['categoryID'] == $product['categoryID']) {
                $selected = 'selected';
            } else {
                $selected = '';
            }
        ?>
            <option value="<?php echo $category['categoryID']; ?>"<?php
                      echo $selected ?>>
                <?php echo $category['categoryName']; ?>
            </option>
        <?php endforeach; ?>
        </select>
        <br />

        <label>Code:</label>
        <input type="input" name="code"
              value="<?php echo $product['productCode']; ?>"/>

        <br />

        <label>Name:</label>
        <input type="input" name="name" 
               value="<?php echo $product['productName']; ?>" />
        <br />

        <label>List Price:</label>
        <input type="input" name="price" 
               value="<?php echo $product['listPrice']; ?>" />
        <br />

        <label>Discount Percent:</label>
        <input type="input" name="discount_percent" 
               value="<?php echo $product['discountPercent']; ?>" />
        <br />

        <label>Description:</label>
        <textarea name="description" rows="10">
            <?php echo $product['description']; ?></textarea>
        <br />

        <label>&nbsp;</label>
        <input type="submit" value="Submit" />

    </form>

This is the code for the product view

 <div id="content">
    <h1> View Product</h1>

    <!-- display product -->
    <?php include '../../view/product.php'; ?>

    <!-- display buttons -->
    <div>
        <form action="" method="post" id="edit_button_form">
            <input type="hidden" name="action" value="show_add_edit_form"/>
            <input type="hidden" name="product_id"
                   value="<?php echo $product['productID']; ?>" />
            <input type="hidden" name="category_id"
                   value="<?php echo $product['categoryID']; ?>" />
            <input type="submit" value="Edit Product" />
        </form>
        <form action="" method="post" >
            <input type="hidden" name="action" value="delete_product"/>
            <input type="hidden" name="product_id"
                   value="<?php echo $product['productID']; ?>" />
            <input type="hidden" name="category_id" 
                   value="<?php echo $product['categoryID']; ?>" />
            <input type="submit" value="Delete Product"/>
        </form>
    </div>
</div>

This is the product list file

<div id="content">
    <h1>Product Manager - List Products</h1>
    <p>To view, edit, or delete a product, select the product.</p>
    <p>To add a product, select the "Add Product" link.</p>
    <?php if (count($products) == 0) : ?>
        <p>There are no products for this category.</p>
    <?php else : ?>
        <h2><?php echo $current_category['categoryName']; ?></h2>
            <?php foreach ($products as $product) : ?>
            <p>
                <a href="?action=view_product&amp;product_id=<?php
                          echo $product['productID']; ?>">
                    <?php echo $product['productName']; ?>
                </a>
            </p>
            <?php endforeach; ?>
    <?php endif; ?>

    <h2>Links</h2>
    <p><a href="index.php?action=show_add_edit_form">Add Product</a></p>
</div>

Please feel free to drop a line that you might think will help.

thanks

Edited by diafol because: tidy code tags
  • 4 Contributors
  • 3 Replies
  • 297 Views
  • 1 Month Discussion Span
  • Latest Post Latest Post by sftranna
Member Avatar for NinjaMediaD

I am not sure what the community feels about this, but usually when there is something that needs to be validated before submitting to the form processorI find that using javascript reg exp code to work the best. Because this validates the form fields before it is even sent to the php form processor, then you do not need to muck up your php with a lot of validation code. look at REG EXP (I find using it with the onblur() event is a good time to call the regexp function that you are checking the field on.)

Edited by NinjaMediaD because: some grammar
Member Avatar for diafol

Because this validates the form fields before it is even sent to the php form processor, then you do not need to muck up your php with a lot of validation code.

I disagree. You must have server-side validation as client-side validation is no protection at all. Forms can be spoofed, http headers can be spoofed - you cannot trust any data that arrives at your server, therefore your server-side code MUST have robust validation code.

The js validation is there for the convenience of the user more than anything (IMO) - it flags up errors before the form is submitted to avoid the irritation of waiting a couple of seconds before being told that data was missing or invalid. Of course, it may also help with less needless call to the server, resulting in less server load.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.