'Form Validation and Submission to database
I am working on a project that has a FORM which should VALIDATE itself and then submit the data to the MySQL Database. But I am facing an error.
This is the form
`
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<table style="line-height: 50px;">
<tr>
<th>Name </th>
<td><input type="text" name="name" placeholder="Your Name" style="height:30px; border:1px; width:300px; border-radius:5px; text-indent:15px"><span class="error">* <?php echo $nameErr;?></span></td>
</tr>
<br>
<tr>
<th>Phone </th>
<td><input type="text" name="contact" placeholder="Your Contact Number" style="height:30px; border:1px; width:300px; border-radius:5px; text-indent:15px"><span class="error">* <?php echo $contactErr;?></span></td>
</tr>
<tr>
<th>City </th>
<td><input type="text" name="city" placeholder="Your City Name" style="height:30px; border:1px; width:300px; border-radius:5px; text-indent:15px"><span class="error">* <?php echo $cityErr;?></span></td>
</tr>
<tr>
<th>Service </th>
<td><select name="service" autocomplete="off" style="height:30px; border:1px; width:300px; border-radius:5px; text-indent:15px">
<option value="">Select your service</option>
<option value=service1>Service 1</option>
<option value=service2>Service 2</option>
<option value=service3>Service 3</option>
<option value=service4>Service 4</option>
</select><span class="error">* <?php echo $serviceErr;?></span></td>
</tr>
</table>
<input type="submit" name="submit" value="Submit" style="height: 40px; width: 140px; border-radius: 5px; margin-left: 140px;margin-top: 20px;">
</form>
`
And this is the VALIDATION SCRIPT
`
<?php
// define variables and set to empty values
$nameErr = $contactErr = $cityErr = $serviceErr = "";
$name = $contact = $city = $service = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["contact"])) {
$contactErr = "Contact is required";
} else {
$contact = test_input($_POST["contact"]);
// check if contact number is well-formed
if (!preg_match("/^[0-9+]*$/",$contact)) {
$contactErr = "Phone number should contain only numbers";
}
}
if (empty($_POST["city"])) {
$cityErr = "City is required";
} else {
$city = test_input($_POST["city"]);
// check if city is valid
if (!preg_match("/^[a-zA-Z ]*$/",$city)) {
$cityErr = "Only letters and white space allowed";
}
}
if (empty($_POST["service"])) {
$serviceErr = "Service is required";
} else {
$service = test_input($_POST["service"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
`
This validates the form well but the PROBLEM that I am facing is to submit the form to the database after validation.
This is my upload_file.php code.
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="morningstar"; // Mysql password
$db_name="infoline"; // Database name
$tbl_name="user_profile"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Get values from form
$name=$_POST['name'];
$city=$_POST['city'];
$contact=$_POST['contact'];
$service=$_POST['service'];
// Insert data into mysql
$sql="INSERT INTO user_profile(name, city, contact, service)VALUES('$name', '$city', '$contact', '$service')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='index.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
?>
<?php
// close connection
mysql_close();
?>
Can anyone help me solve the problem? I want to submit the form to the database after proper validation. Please help me out.
Solution 1:[1]
IF I'm understanding this correctly, you just don't know how to call another file. I would suggest turning it into a function, including, and then calling it. Something like this:
include 'upload_file.php'
if($nameErr == $contactErr == $cityErr == $serviceErr == ""){
upload_file($_POST['name'], $_POST['city'], $_POST['contact'], $_POST['service'])
}
Firstly note that I apologize for any syntax errors. That's freehand.
Second, there are a few things I would suggest for your code:
Don't use the
mysql_*functions, as they are depreciated. I like PDO, so that's what I'm going to suggest to look into. (Just Google it, plenty is out there) This will also allow you to use prepared statements, which is one of the biggest things themysql_*functions are missing.Since you're using your POST data multiple times, place them into local variables to start. It will make your code short, cleaner, easier to read, and if you ever change the name of a field, must easier to update in the future.
Place all errors into a single string. That way if it's successful, you only have to check one thing, and if it fails, you only have to send one thing back to the user.
Hope that's what you needed.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |