Validation and Insert problem
Hi,
This is my very first time posting here so I hope Iâm following all the rules. If not, go easy as Iâm also new to PHP but learning fast.
I wonder if anybody can see why the two codes will not work together.
For example at the moment if I enter details into the Form the info is
passed to the database without the validation kicking in. If I test each
separately i.e. validation without the 'insert record' code and the 'insert
recode' without the validation code, both work perfectly but just placing them
together causes the validation to be ignored.
I know that I need to make sure the insert code is only called when everything else is fine but Iâm at this two days now and just canât seem to see where Iâm going in order to correct this.
Any help is much appreciated.
Thanks
Brian
<?php require_once('Connections/b.php'); ?>
<?php
if ($_POST && array_key_exists('sendCom',$_POST)) {
$nomessage='';
$GuestName='';
// Check each field and build errors array if problems found
if (isset($_POST['GuestDetails']) && !empty($_POST['GuestDetails'])) {
$message=strip_tags($_POST['GuestDetails']);
}
else {
$nomessage = 'Message';
}
if (isset($_POST['GuestName']) && !empty($_POST['GuestName'])) {
$GuestName=trim($_POST['GuestName']);
}
else {
$error['GuestName'] = 'You must give your name';
}
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO tblguestbook (GuestName, GuestLocation,
GuestDetails, GuestWebsite, GuestEmail, GuestDate) VALUES (%s,%s, %s, %s,
%s, CURDATE())",
GetSQLValueString($_POST['GuestName'], "text"),
GetSQLValueString($_POST['GuestLocation'], "text"),
GetSQLValueString($_POST['GuestDetails'], "text"),
GetSQLValueString($_POST['GuestWebsite'], "text"),
GetSQLValueString($_POST['GuestEmail'], "text"));
mysql_select_db($database_brian, $brian);
$Result1 = mysql_query($insertSQL, $brian) or die(mysql_error());
$insertGoTo = "guestbook.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<?php
// Display error message if errors have been found in submission
if (isset($nomessage) || isset($error)) {
?>
Error.
<?php
}
?>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
GuestName:
<?PHP
if(isset($error)) {//Display error essage.Otherwise skip row.
foreach ($error as $key=> $value){ //Loop through error message,
and display
echo $value;
}
}
?>
<input type="text" name="GuestName" value="" size="32">
GuestLocation:
<input type="text" name="GuestLocation" value="" size="32">
GuestDetails:
<?php if (isset($nomessage) && !empty($nomessage)) {
echo $nomessage; } else {
} ?>
<textarea name="GuestDetails" cols="55" rows="10" id="GuestDetails"
><?php if (isset($_POST['comments'])) echo $_POST['comments']; ?></textarea>
GuestWebsite:
<input type="text" name="GuestWebsite" value="" size="32">
GuestEmail:
<input type="text" name="GuestEmail" value="" size="32">
<input name="sendCom" type="submit" id="sendCom" value="Post Message"
/>
<input name="Reset" type="reset" value="Reset">
<input type="hidden" name="MM_insert" value="form1">
</form>
|
