Advise for sending data into db with form

Beginners - Learning PHP
#1

Hi Everybody,

i am a php/mysql newbie and i am trying to create form to send data into db. here are the condition i want to meet:
1-data should go to db only when all fiels are filled
2- prevent script from running when conditions are met

here is my code:
[php]

">

Firstname :
<input type=“text” name=“fname” id=“fname” placeholder=“enter your firstname” value="<?php if (isset($_POST[“fname”]))
{echo $_POST[“fname”];}?>" />
* <?php echo $fnameError;?>


Surname :
<input type=“text” name=“surname” id=“surname” placeholder=“Enter your surname” value="<?php if (isset($_POST[“surname”]))
{echo $_POST[“surname”];}?>" />
* <?php echo $surnameError;?>



[/php]

PHP PART
[php]<?php
$first_name = $sur_name = “”;
$fnameError = $surnameError ="";

if ($_SERVER[“REQUEST_METHOD”]== “POST”) {

function clean_input_provide ($value){
$value = trim($value);
$value = htmlspecialchars($value);
$value = stripslashes($value);
return ($value);
}
if (empty($_POST[“fname”])) {

$fnameError = “Please enter your first name”;

}
else
{

$first_name = clean_input_provide($_POST[“fname”]);

if (!preg_match("/^[a-zA-Z ]*$/", $first_name)) {

$fnameError = “Only letters and white space allowed”;

}
}

if (empty($_POST[“surname”])) {

$surnameError = “Please enter your surname”;
}

else
{

$sur_name = clean_input_provide($_POST[“surname”]);

if (!preg_match("/^[a-zA-Z ]*$/", $sur_name)) {

$surnameError = “Only letters and white space allowed”;

}
}

if (!empty($first_name&&$sur_name&&$password&&$address)) {

$sql = "INSERT INTO tbl_address_book (First_Name, Surname, Address, Password) VALUES (’$first_name’,

‘$sur_name’, ‘$address’, ‘$password’)";

if (mysqli_query($db_connection, $sql)) {

echo “Recorded added”;
}

else
{
echo “No records”;
}

}

}
?>[/php]

My problem is, i want to prevent the script from running when the preg_match condition is met

Thanks

#2
My problem is, i want to prevent the script from running when the preg_match condition is met

So, you want to stop the script when preg_match is true?

#3

Well yes sir, The script should not run if the preg_match detect a wrong character.

Tips and advises will really help. Thanks

#4

The logic is a bit off. You don’t want to stop the script, you just don’t want anything inserted into the database.

I would advise adding an $errors variable to count how many errors get found. For each error found, you add 1 to the $errors variable. Then,

[php]
if ( $errors > 0 )
{
// insert into the database
} else {
// show the form and display the errors found
}[/php]

Also, you should be using prepared statements. Placing variables into the query string, regardless of addslashes or whatever is not the safe way to handle it.

#5

Thanks Sir the help i understood the $errors first part.

if ( $errors > 0 )
{
// insert into the database
} else {

 // show the form and display the errors found -  [i][b] how i should do this part? Any tips?[/b][/i]

}

#6

What tips do you need? I put a comment for what should be there, what is hard to understand?

#7

You could create errors array, like:

[php]$errors[‘fname’] = “Name cannot be empty”;[/php]

And then in your HTML display errors in normal fashion:
[php]if ( isset($errors[‘fname’]) ) {
echo “<p class=“error”>{$errors[‘fname’]}

”;
}[/php]
Sponsor our Newsletter | Privacy Policy | Terms of Service