Menu
Hi folks,
I am creating a site in FrontPage, and want to use PHP to validate a form I have created, however I would like the return of the users input (which the user reviews to check for errors), to be in the same design or style which the rest of my site has been created in. I have found a script wich does the basics of what I want, but it needs a lot of modifying, and I have a few questions. Here is the script:
[CODE]<?php
/* Program name: checkRegInfo.php
* Description: Program checks all the form fields for
* blank fields and incorrect format.
*/
?>
<html>
<head><title>Registration Validation</title></head>
<body>
<?php
/* set up array of field labels */
$label_array = array ( “first_name” => “First Name”,
“middle_name” => “Middle Name”,
“last_name” => “Last Name”,
“phone” => “Phone”);
foreach ($_POST as $field => $value)
{
/* check each field except middle name for blank fields */
if ( $value == “” )
{
if ($field != “middle_name”)
{
$blank_array[$field] = “blank”;
}
}
elseif ($field == “first_name” or $field == “middle_name”
or $field == “last_name” )
{
if (!ereg(“^[A-Za-z’ -]{1,50}$”,$_POST[$field]) )
{
$bad_format[$field] = “bad”;
}
}
elseif ($field == “phone”)
{
if(!ereg(“^[0-9)( -]{7,20}(([xX]|(ext)|(ex))?[ -]?[0-9]{1,7})?$”,$value))
{
$bad_format[$field] = “bad”;
}
}
}
/* if any fields were not okay, display error message and form */
if (@sizeof($blank_array) > 0 or @sizeof($bad_format) > 0)
{
if (@sizeof($blank_array) > 0)
{
/* display message for missing information */
echo “<b>You didn’t fill in one or more required fields. You must enter:</b><br>”;
/* display list of missing information */
foreach($blank_array as $field => $value)
{
echo “ {$label_array[$field]}<br>”;
}
}
if (@sizeof($bad_format) > 0)
{
/* display message for bad information */
echo “<b>One or more fields have information that appears to be
incorrect. Correct the format for:</b><br>”;
/* display list of bad information */
foreach($bad_format as $field => $value)
{
echo “ {$label_array[$field]}<br>”;
}
}
/* redisplay form */
$first_name = $_POST[‘first_name’];
$middle_name = $_POST[‘middle_name’];
$last_name = $_POST[‘last_name’];
$phone = $_POST[‘phone’];
echo “<p><hr>
<form action=’checkRegInfo.php’ method=’POST’>
<center>
<table width=’95%’ border=’0′ cellspacing=’0′ cellpadding=’2′>
<tr><td align=’right’><B>{$label_array[‘first_name’]}:</br></td>
<td><input type=’text’ name=’first_name’ size=’65’ maxlength=’65’
value=’$first_name’ > </td>
</tr>
<tr><td align=’right’><B>{$label_array[‘middle_name’]}:</br></td>
<td><input type=’text’ name=’middle_name’ size=’65’ maxlength=’65’
value=’$middle_name’ > </td>
</tr>
<tr><td align=’right’><B>{$label_array[‘last_name’]}:</B></td>
<td> <input type=’text’ name=’last_name’ size=’65’ maxlength=’65’
value=’$last_name’> </td>
</tr>
<tr><td align=’right’><B>{$label_array[‘phone’]}:</B></td>
<td> <input type=’text’ name=’phone’ size=’65’ maxlength=’65’
value=’$phone’> </td>
</tr>
</table>
<p><input type=’submit’ value=’Submit name and phone number’>
</form>
</center>”;
exit();
}
echo “Welcome”;
?>
</body></html>
(With modifications, From PHP & MySQL For Dummies – By Janet Valade)
Can someone let me know if I am on the right track with these assumptions or answer any questions?
1) I am assuming that because of the HTML tags, that this page is designed to return on a plain HTML page (without any site design features). Can I split up the code, and push it into the relevant areas so that the page returns within my design template?
2) The initial array right after the <?php statement, this seems to be crafted by the author of the code, am I right to assume that I would have to change this label array to represent the fields I have used on my form?
3) Is this the type of form, where if a user input an error (characters not allowed by the ereg statement), will the program star “*” fields that are incorrectly filled or leave the user guessing?
3a) How can the program be modified to star or otherwise idicate fields that need to be changed?
4) Can anyone see any security issues in this form at present?
5) I actually have one field “Username” where I will need to query my database, to ensure that the Username a user enters is not the same as one already in the database. I have read a little on MySQL injection, am I right in thinking that it is only where a form has to query a database, that a MySQL Injection attack can occur, or can they also occur when data is written to a database? Check out this article from [URL=http://www.php.net/manual/en/function.mysql-real-escape-string.php]PHP.NET
OK that’s all I can think to ask for now, so if anyone can help a struggling newbie, blessings on you…
Regards,
C.B.