how i do server side validation

Question

12 Years Ago

i try my best but fail,,,

department.php

<?php
 session_start();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Untitled Page</title>
</head>
<body><pre>
                                                                <?php echo $_SESSION['userid'] ?> has Logged In  <a href="logout.php"><input type="button" name="Logout" value="Logout" style="width: 62px"/></a>
                    </pre>
  <h2 align="center">Student Clearance Information</h2>

 <form action="students_clearance.php" method="post">
  <table align="center">

   <tr>
    <td> Department Name:</td>
    <td> <?php
$con=mysql_connect("localhost:3307","root","kust");
if(!$con)
{
   die("Some problems occured during making connection with mysql".mysql_error());
}
?>
<?php
$bd_con= mysql_select_db("kustkht",$con);
if(!$bd_con)
{
   die("Some problems occured during selecting DataBase from MySQL".mysql_error());
}?>
<?php $userid= $_SESSION['userid'] ?>

<?php $qry1 = mysql_query("select departmentName from department where userid='$userid' "); while ($row = mysql_fetch_array($qry1)) { ?>
<input type="text" name="depart" style="width:224px" readonly="readonly" value='<?php echo $row['departmentName'];?>'>
<?php } 
?>
<?php
    mysql_close($con)
?>


    <!--select name="depart" style="width:228px">
    <option>Select Department</option>
    <!--?php
$con=mysql_connect("localhost:3307","root","kust");
if(!$con)
{
   die("Some problems occured during making connection with mysql".mysql_error());
}
?>
<!--?php
$bd_con= mysql_select_db("kustkht",$con);
if(!$bd_con)
{
   die("Some problems occured during selecting DataBase from MySQL".mysql_error());
}
?>
<!--?php $qry1 = mysql_query("select departmentid,departmentName from department order by departmentName ASC "); while ($row = mysql_fetch_array($qry1)) { ?>
<!?php echo ("<option value = '" . $row['departmentid'] . "'>" . $row['departmentName'] . "</option>");?>
<!?php } 
?>
<!?php
    mysql_close($con)
?-->
</select>


    </td>
   </tr>
   <tr>
    <td> Registration No:</td>
    <td> <input type="text" name="regno" value="" style="width:224px" /> 
    </td>
   </tr>
   <tr>
    <td> Date:</td>
    <td> <input type="text" name=" Date" value="" style="width:224px"/></td>
   </tr>
   <tr>
    <td> Clearance</td>
    <td> Yes <input type="radio" name="clearance" value="Yes"/> No <input type="radio" name="clearance" value="No"/></td>
    <td> &nbsp;</td>
   </tr>
   <tr>
    <td> Remarks About Clearance: </td>
    <td> <textarea name="RemarksClearance" rows="10" cols="50" style="width:224px"></textarea>  </td>
   </tr>
   <tr>
    <td>&nbsp &nbsp </td>
    <td><input type="submit" value="Submit"/> </td>
   </tr>


  </table>
 </form>  
</body>
</html>

StudentClearance.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>Departments</title>
</head>
<body>
<?php
  $con=mysql_connect("localhost:3307","root","kust");
  if(!$con)
  {
   die("Some problems occured during making connection with mysql".mysql_error());
  }

  $bd_con= mysql_select_db("kustkht",$con);
  if(!$bd_con)
  {
   die("Some problems occured during selecting DataBase from MySQL".mysql_error());
  }


$department=$_POST['Departments'];
$userid=$_POST['UserId'];
$password=$_POST['Password'];
$password2=$_POST['RetypePass'];


if(isset($_POST['submit'])){

$status = "OK";
$msg="";

// department
if ($department==0)
{
    $msg=$msg."Select one field.<BR>";
    $status= "NOTOK";}


// Email 
if (!(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $userid)))
{ 
    $msg=$msg."Enter valid Email.<BR>";  
    $status= "NOTOK";
}


if(mysql_num_rows(mysql_query("SELECT userid FROM department WHERE userid = '$userid'"))){
$msg=$msg."Userid already exists. Please try another one<BR>";
$status= "NOTOK";}                  

// Password min 6 char max 20 char

if (!(eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$password)))
{  
    $msg=$msg."Enter valid Password min 6 Chars.<BR>";  
$status= "NOTOK";}

// Retype pass              

if ( $password <> $password2 ){
$msg=$msg."Both passwords are not matching<BR>";
$status= "NOTOK";}                  
    $qry="INSERT INTO department(departmentName,userid,password) VALUES (' $department','$userid','$password')";

 if (!mysql_query($qry,$con)){ 
 ?>
<font face='Verdana' size='2' color=red> <?php echo .$msg. ?></font><br><input type='button' value='Retry' onClick='history.go(-1)'>
}
<?php
else{
?>
<font face='Verdana' size='2' color=green><?php echo "Dear Member Of" ." ". $department .","." " . "your form has been submitted !!!";?></font>
<?php}
}
?>
<?php
  mysql_close($con)
 ?>
 </body>
</html>

please help me its urgent,,, attachment also there,,, thanks in advance,

php

3 Contributors
11 Replies
229 Views
1 Month Discussion Span
Latest Post 12 Years Ago Latest Post by muhammad.waleed.9699

Squidge 101 Newbie Poster

12 Years Ago

i try my best but fail,,,

What is the issue? Are you getting an error?

Squidge 101 Newbie Poster

12 Years Ago

ok, the error screen shot has all the information you need.

The form data that is being submitted has no relation to your $_POST variables.

$department=$_POST['Departments'];
$userid=$_POST['UserId'];
$password=$_POST['Password'];
$password2=$_POST['RetypePass'];

These do not exist in your POST

leviathan185 14 Junior Poster

12 Years Ago

Squidge is correct, you do not set these values in your form. You need to go back to your form and set them

<input type="text" name="Departments" />
<input type="text" name="UserId" />
<input type="password" name="Password" />
<input type="password" name="RetypePass" />

This is not found anywhere in the code you have provided

Edited 12 Years Ago by leviathan185

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

muhammad.waleed.9699 0 Newbie Poster · Answer 1 · 2012-09-23T16:33:42+00:00

muhammad.waleed.9699 0 Newbie Poster

12 Years Ago

yes,, and the error is :

muhammad.waleed.9699 0 Newbie Poster · Answer 2 · 2012-09-23T21:09:09+00:00

@Squidge : as mention above in departments.php, see the code once again, :)

Squidge 101 Newbie Poster · Answer 3 · 2012-09-24T16:24:49+00:00

@Squidge : as mention above in departments.php, see the code once again, :)

The fields you refer to in your POST data are not that of your form fields

Your form fields:

<input type="text" name="regno" value="" style="width:224px" />
<input type="text" name=" Date" value="" style="width:224px"/></td>
<input type="radio" name="clearance" value="Yes"/>
<input type="radio" name="clearance" value="No"/></td>
<textarea name="RemarksClearance" rows="10" cols="50" style="width:224px"></textarea>

muhammad.waleed.9699 0 Newbie Poster · Answer 4 · 2012-09-24T19:15:42+00:00

ohhh sorry i post wrong php file.... the correct php file is:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>Departments</title>
</head>
<body>

 <form action="submitted_departments.php" method="post">
  <table align="center">
   <tr colspan="2" align="center"><th > <h2>Departments Information</h2></th></tr>
   <tr>
    <td> Department Name:</td>
    <td><select name="Departments" style="width:228px">
          <option selected="selected">&nbsp; &nbsp; &nbsp;-- Select Department -- </option>
          <option value="Institute Of Information & Technology">Institute Of Information & Technology </option>
          <option value="Department Of Mathematics">         Department Of Mathematics</option>        
          <option value="Department Of Chemistry">          Department Of Chemistry</option>
          <option value="Department Of Physics">            Department Of Physics</option>
          <option value="Department Of English">            Department Of English</option>
          <option value="Department Of Economics">          Department Of Economics</option>
          <option value="Department Of JMC">                Department Of JMC</option>
          <option value="Department Of Sociology">          Department Of Sociology</option>
          <option value="Institute Of Education & Research">Institute Of Education & Research</option>
          <option value="Institute Of Management Sciences"> Institute Of Management Sciences</option>
          <option value="Department Of Bio Tech">           Department Of Bio Tech</option>
          <option value="Department Of Microbiology">       Department Of Microbiology</option>
          <option value="Department Of Plant Sciences">     Department Of Plant Sciences</option>
          <option value="Pharmaceutical Sciences">          Pharmaceutical Sciences</option>
          <option value="Department Of Zoology">            Department Of Zoology</option>
          <option value="Department Of Pharmacy">           Department Of Pharmacy</option>
           <option value="Cafeteria">           Cafeteria</option>
            <option value="library">           library</option>
         </select> </td>
   </tr>
   <tr>
    <td> UserId:</td>
    <td> <input type="text" name="UserId" value="" style="width:224px"/> </td>
   </tr>
   <tr>
    <td> Password:</td>
    <td> <input type="password" name="Password" value="" style="width:224px"/> </td>
   </tr>
   <!--tr>
    <td> Retype Password:</td>
    <td> <input type="password" name="RetypePass" value="" style="width:224px"/> </td>
   </tr-->
   <tr>
   <td>&nbsp; </td>
    <td><br/> <input type="submit" value="Submit_Dep"/> </td>
   </tr>
  </table>
 </form>

</body>
</html>

Squidge 101 Newbie Poster · Answer 5 · 2012-09-24T19:36:12+00:00

The new form code uses submitted_departments.php please provide this code

muhammad.waleed.9699 0 Newbie Poster · Answer 6 · 2012-09-26T13:12:56+00:00

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head>
    <title>Departments</title>
    </head>
    <body>
    <?php
    $con=mysql_connect("localhost:3307","root","kust");
    if(!$con)
    {
    die("Some problems occured during making connection with mysql".mysql_error());
    }
    $bd_con= mysql_select_db("kustkht",$con);
    if(!$bd_con)
    {
    die("Some problems occured during selecting DataBase from MySQL".mysql_error());
    }
    $department=$_POST['Departments'];
    $userid=$_POST['UserId'];
    $password=$_POST['Password'];
    $password2=$_POST['RetypePass'];
    if(isset($_POST['submit'])){
    $status = "OK";
    $msg="";
    // department
    if ($department==0)
    {
    $msg=$msg."Select one field.<BR>";
    $status= "NOTOK";}
    // Email
    if (!(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $userid)))
    {
    $msg=$msg."Enter valid Email.<BR>";
    $status= "NOTOK";
    }
    if(mysql_num_rows(mysql_query("SELECT userid FROM department WHERE userid = '$userid'"))){
    $msg=$msg."Userid already exists. Please try another one<BR>";
    $status= "NOTOK";}
    // Password min 6 char max 20 char
    if (!(eregi('^[A-Za-z0-9!@#$%^&*()_]{6,20}$',$password)))
    {
    $msg=$msg."Enter valid Password min 6 Chars.<BR>";
    $status= "NOTOK";}
    // Retype pass
    if ( $password <> $password2 ){
    $msg=$msg."Both passwords are not matching<BR>";
    $status= "NOTOK";}
    $qry="INSERT INTO department(departmentName,userid,password) VALUES (' $department','$userid','$password')";
    if (!mysql_query($qry,$con)){
    ?>
    <font face='Verdana' size='2' color=red> <?php echo .$msg. ?></font><br><input type='button' value='Retry' onClick='history.go(-1)'>
    }
    <?php
    else{
    ?>
    <font face='Verdana' size='2' color=green><?php echo "Dear Member Of" ." ". $department .","." " . "your form has been submitted !!!";?></font>
    <?php}
    }
    ?>
    <?php
    mysql_close($con)
    ?>
    </body>
    </html>

this the code which i mention above with wrong php file name,, :-P due to tention

Squidge 101 Newbie Poster · Answer 7 · 2012-09-26T19:50:55+00:00

Line 48 looks to have an extra space, not sure if this would cause problems

$qry="INSERT INTO department(departmentName,userid,password) VALUES ('$department','$userid','$password')";

Also check your $_POST data to ensure it is populated:

var_dump($_POST);

As an added side note the ereg function is deprecated

http://php.net/manual/en/function.eregi.php

muhammad.waleed.9699 0 Newbie Poster · Answer 8 · 2012-11-10T13:52:34+00:00

i solve this by doing client side validation with jquery,,, thanks