Folks,
Do you mind checking my code and giving me a list of bad coding I made, apart from the following invalid coding I made:
**filter_var(“$business_name”, FILTER_VALIDATE_STRING)
filter_var($business_zip, FILTER_SANITIZE_ZIP);
filter_var(“$business_phone”, FILTER_VALIDATE_ZIP)
filter_var($business_phone, FILTER_SANITIZE_PHONE)
filter_var(“$business_phone”, FILTER_VALIDATE_PHONE)
filter_var($business_mobile, FILTER_SANITIZE_MOBILE)
filter_var(“$business_mobile”, FILTER_VALIDATE_MOBILE)
filter_var($business_fax, FILTER_SANITIZE_FAX)
filter_var(“$business_fax”, FILTER_VALIDATE_FAX)
filter_var($business_domain, FILTER_SANITIZE_DOMAIN)
filter_var(“$business_domain”, FILTER_VALIDATE_DOMAIN)
filter_var(“$business_description”, FILTER_VALIDATE_STRING)**
Above functions invalid, I think. Not exist. Can you tell me of any substitutes ? I cant find none, myself.
Here is my code.
[code]
<html>
<head>
<title>
Searchengine Result Page
</title>
</head>
<body>
<form method = ‘POST’ action = “$_SERVER[‘PHP_SELF’]”>
<label for=’find’>Find</label>
<input type=’text’ name=’find’ id=’find’>
<br>
Table:
<input type=’radio’ name=’table’ id=’sale’><label for=’table’>Businesses On Sale</label>
<input type=’radio’ name=’table’ id=’sold’><label for=’table’>Businesses Sold</label>
<br>
<label for=’business_name’>Business Name</label>
<input type=’text’ name=’business_name’ id=’business_name’>
<label for=’business_zip’>Business Zip</label>
<input type=’text’ name=’business_zip’ id=’business_zip’>
<label for=’business_phone’>Business Phone</label>
<input type=’text’ name=’business_phone’ id=’business_phone’>
<label for=’business_mobile’>Business Mobile</label>
<input type=’text’ name=’business_mobile’ id=’business_mobile’>
<label for=’business_fax’>Business Fax</label>
<input type=’text’ name=’business_fax’ id=’business_fax’>
<label for=’business_email’>Business Email</label>
<input type=’text’ name=’business_email’ id=’business_email’>
<label for=’business_description’>Business Description</label>
<input type=’text’ name=’business_description’ id=’business_description’>
<button type=’submit’>Submit!</button>
</form>
</body>
</html>
<?php
//ERROR REPORTING FOR DEVMODE ONLY.
ini_set(‘display_errors’,’1′);
ini_set(‘display_startup_errors’,’1′);
error_reporting(E_ALL);
//MYSQLI CONNECTION.
mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
$server = ‘localhost’;
$user = ‘root’;
$password = ”;
$database = ‘brute’;
if(!$conn = mysqli_connect(“$server”,”$user”,”$password”,”$database”))
{
echo ‘Mysqli Connection Error’ .mysqli_connect_error($conn);
echo ‘Mysqli Connection Error Number’ .mysqli_connect_errno($conn);
}
if(!mysqli_character_set_name($conn) == ‘utf8mb4’)
{
echo ‘Initial Character Set: ‘ .mysqli_character_set_name($conn);
mysqli_set_charset(“$conn”,’utf8mb4’);
echo ‘Current Character Set: ‘ .mysqli_character_set_name($conn);
}
//SANITIZE/VALIDATE USER INPUT
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
//$data = htmlspecialchars($data);
$data = strip_tags($data);
return $data;
}
if(!empty(trim($_POST[‘business_name’])))
{
$business_name = trim($_POST[‘business_name’]);
if(!is_string($business_name))
{
die(‘Enter Your Busieness Name! Can only contain Alpha-numerical Characters!’);
}
$business_name = filter_var($business_name, FILTER_SANITIZE_STRING);
if(!filter_var(“$business_name”, FILTER_VALIDATE_STRING))
{
die(“Enter your valid Business Name!”);
}
}
elseif(!empty(trim($_POST[‘business_zip’])))
{
$business_zip = trim($_POST[‘business_zip’]);
if(!is_string($business_zip)||!is_int($business_zip))
{
die(‘Enter your Business Zip! Can only contain Alpha-numerical Characters!’);
}
$business_zip = filter_var($business_zip, FILTER_SANITIZE_ZIP);
if(!filter_var(“$business_phone”, FILTER_VALIDATE_ZIP))
{
die(“Enter your valid Business Zip!”);
}
}
elseif(!empty(trim($_POST[‘business_phone’])))
{
$business_phone = trim($_POST[‘business_phone’]);
if(!is_string($business_phone)||!is_int($business_phone))
{
die(‘Enter your Business Phone! Can only contain Alpha-numerical Characters!’);
}
$business_phone = filter_var($business_phone, FILTER_SANITIZE_PHONE);
if(!filter_var(“$business_phone”, FILTER_VALIDATE_PHONE))
{
die(“Enter your valid Business Land-line Phone Number!”);
}
}
elseif(!empty(trim($_POST[‘business_mobile’])))
{
$business_mobile = trim($_POST[‘business_mobile’]);
if(!is_string($business_mobile)||!is_int($business_mobile))
{
die(‘Enter your Business Zip! Can only contain Alpha-numerical Characters!’);
}
$business_mobile = filter_var($business_mobile, FILTER_SANITIZE_MOBILE);
if(!filter_var(“$business_mobile”, FILTER_VALIDATE_MOBILE))
{
die(“Enter your valid Business Mobile Phone Number!”);
}
}
elseif(!empty(trim($_POST[‘business_fax’])))
{
$business_fax = trim($_POST[‘business_fax’]);
if(!is_string($business_fax)||!is_int($business_fax))
{
die(‘Enter your Business Fax! Can only contain Alpha-numerical Characters!’);
}
$business_fax = filter_var($business_fax, FILTER_SANITIZE_FAX);
if(!filter_var(“$business_fax”, FILTER_VALIDATE_FAX))
{
die(“Enter your valid Business Land-line Fax!”);
}
}
elseif(!empty(trim($_POST[‘business_email’])))
{
$business_email = trim($_POST[‘business_email’]);
if(!is_string($business_email))
{
die(‘Enter your Business Email! Can only contain Alpha-numerical Characters!’);
}
$business_email = filter_var($business_email, FILTER_SANITIZE_EMAIL);
if(!filter_var(“$business_email”, FILTER_VALIDATE_EMAIL))
{
die(‘Enter your valid Business Email!’);
}
}
elseif(!empty(trim($_POST[‘business_domain’])))
{
$business_domain = trim($_POST[‘business_domain’]);
if(!is_string($business_domain))
{
die(‘Enter your Business Domain! Can only contain Alpha-numerical Characters!’);
}
$business_domain = filter_var($business_domain, FILTER_SANITIZE_DOMAIN);
if(!filter_var(“$business_domain”, FILTER_VALIDATE_DOMAIN))
{
die(“Enter your valid business website’s Domain!”);
}
}
elseif(!empty(trim($_POST[‘business_url’])))
{
$business_url = trim($_POST[‘business_url’]);
if(!is_string($business_url))
{
die(‘Enter your Business Url! Can only contain Alpha-numerical Characters!’);
}
$business_url = filter_var($business_url, FILTER_SANITIZE_URL);
if(!filter_var(“$business_url”, FILTER_VALIDATE_URL,FILTER_FLAG_SCHEME_REQUIRED))
{
die(“Enter your valid Business website’s full Url!”);
}
elseif(!filter_var(“$business_url”, FILTER_VALIDATE_URL,FILTER_FLAG_HOST_REQUIRED))
{
die(“Enter your valid Business website’s full Url!”);
}
if(!filter_var(“$business_url”, FILTER_VALIDATE_URL,FILTER_FLAG_PATH_REQUIRED))
{
die(“Enter your valid Business website’s full Absolute Url!”);
}
}
elseif(!empty(trim($_POST[‘business_description’])))
{
$business_zip = trim($_POST[‘business_description’]);
if(!is_string($business_description))
{
die(‘Enter your Business Zip! Can only contain Alpha-numerical Characters!’);
}
$business_description = filter_var($business_description, FILTER_SANITIZE_STRING);
if(!filter_var(“$business_description”, FILTER_VALIDATE_STRING))
{
die(“Enter your Business Description!”);
}
}
else
{
//SUBMIT USER INPUT TO DB
$sql = “INSERT into business_links (business_name,business_zip,business_phone,business_mobile,business_fax,business_email,business_domain,business_url,business_description) VALUES (?,?,?,?,?,?,?,?,?)”;
$stmt = mysqli_stmt_init($conn);
if(mysqli_stmt_prepare($stmt,$sql))
{
mysqli_stmt_bind_param($stmt,’sssssssss’,$business_name,$business_zip,$business_phone,$business_mobile,$business_fax,$business_email,$business_domain,$business_url,$business_description);
if($result = mysqli_stmt_execute($stmt))
{
echo ‘Submission Success!’;
echo mysqli_stmt_affected_rows($stmt);
}
else
{
//Error Messages for Production Mode only.
echo ‘Submission Execution Failed!’;
echo ‘Error: ‘ .mysqli_stmt_error($stmt);
echo ‘Error: ‘ .mysqli_stmt_errno($stmt);
echo ‘Entry Count: ‘ .mysqli_stmt_affected_rows($stmt);
}
mysqli_stmt_close($stmt);
}
else
{
//Error Messages for Production Mode only.
echo ‘Submission Preparation Failed!’;
}
mysqli_close($conn);
}