Form validation in a template page with ID

Beginners - Learning PHP
#1

Hi

I’m trying to validate and submit a form in a page which content is generated by passing ID through URL.
I want the form to be visible only if the user is logged in but the whole thing doesn’t work. If you could explain what I’m doing wrong that would be great. ^^

the code for the template page:
[php]<?php
// define variables and initialize with empty values
$rateErr = $comErr = “”;
$rating = $comment = “”;

if ($_SERVER["REQUEST_METHOD"] == "POST") {
	if ($_POST["rating"] == "") {
		$rateErr = "Rate the app";
	}
	else {
		$rating= $_POST["rating"];
	}
 
	if (empty($_POST["comment"])) {
		$comErr = "Missing";
	}
	else {
		$comment = $_POST["comment"];
	}
 if ($rateErr && $comErr == "") {
		try {
			$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
			$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
			$sql = "INSERT INTO reviews (rating, content, appID, user) VALUES(:rating, :comment, :appID, :username)";
			
			$stmt = $con->prepare( $sql );
			$stmt->bindValue( ":rating", $rating);
			$stmt->bindValue( ":comment", $comment);
			$stmt->bindValue( ":appID", $_GET['id']);
			$stmt->bindValue( ":username", $_SESSION['username']);
			$stmt->execute();
			return "Submitted successfully";
		}catch( PDOException $e ) {
			return $e->getMessage();
		}
		}
}

?>

"> <?php if ($_SESSION["loggedIn"]) { include("form.php"); } else { echo "You need to login to review this app"; } ?> [/php]

and the form.php
[php]

1 2 3 4 5 <?php echo $rateErr;?>

Enter text here…
<?php echo $comErr;?>
[/php]

#2

Well, you are using SESSION variables to validate if someone is logged it. But, you are NOT using SESSIONS.

The very first line inside any page that is using SESSIONs needs to be the session start command.

session_start();

It needs to be the first command and there can be only one! (Yes, a Highlander quote!)

So, in your code, the first line is about your $rateErr=… Not starting the session.
All pages that use session variables have to have the session started before ANY code is sent to the browser. So, in the second list, you start off with a “select” then later use PHP. You need to add the session starting first.

<?PHP session_start(); ?>

or whatever…

Also, there is a test for the session login, but, I do not see where you set it up. You create an entry inside the database with the comments, username, etc, but, I do not see where you set the session login anywhere. It would look something like:
$_SESSION[‘loggedIn’]=“yes”;
and if the login failed:
$_SESSION[‘loggedIn’]=“no”;
So, where do you reset and set the “loggedIn” session values?

Now, without seeing all of your code, I will assume this is the issue. If you are starting the session and just not showing us the code, then you have to explain further. Hope that helps.

Sponsor our Newsletter | Privacy Policy | Terms of Service