how to stop data submission on validation fail without using javascript

General PHP Help
#1

Hi,

I am new in php.I do not want to use client side validation.When I click on submit button my data is keep submitting to database even after validation fail…Please help me…
I just want to use server side validation to stop data submission on invalid input

My codes:

[php]<?php

$name=$email=$telephone=$detail="";
$nameerr=$emailerr=$teleerr="";


if($_SERVER["REQUEST_METHOD"]=="POST"){
     $con=mysqli_connect('localhost','root','ricky','phpexample');
if(mysqli_connect_errno()){
    echo "Unable to connect:".mysqli_connect_error();
}   
      $name=mysqli_real_escape_string($con,test_input($_POST["name"]));
 if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
   $nameerr = "Only letters and white space allowed"; 
 }
 $email=mysqli_real_escape_string($con,test_input($_POST["email"]));
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
   $emailerr = "Invalid email format"; 
 }
 $telephone=mysqli_real_escape_string($con,test_input($_POST["telephone"]));
if(!ereg("^[0-9]{3}-[0-9]{3}-[0-9]{4}$", $telephone)){
     $teleerr="Invalid phone umber";
 }
$detail=mysqli_real_escape_string($con,test_input($_POST["detail"]));
$sql="insert into contactus2(name,email,telephone,detail) values ('$name','$email','$telephone','$detail')";
if(!mysqli_query($con,$sql)){
    die ('error:'.mysqli_error($con));
}
    mysqli_close($con); 
}
  function test_input($data){
    $data=trim($data);
    $data=stripslashes($data);
    $data=htmlspecialchars($data);
    return $data;
}

?>
[/php]

[code]

.error{color: #f00;} 
    </header>
    </div>
     <div id="div">
    <nav id="nav1">
        <?php
            include "menu.php";
        ?>
    </nav>
       <div id="div1">
           <table id="table1">
               
            <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?> ">
      <tr><td></td> <td>Name:</td><td><input type="text" required name="name" placeholder="Name" value="<?php echo $name?>">
         <span class="error"><?php echo $nameerr?></span></td><td></td></tr>
        <tr><td></td><td>Email:</td><td><input type="email" required name="email" placeholder="Email address" value="<?php echo $email?>">
         <span class="error"><?php echo $emailerr?></span></td><td></td></tr>
      <tr><td></td><td> Phome Number:</td><td><input type="tel" required name="telephone" placeholder="Telephone Number" value="<?php echo $telephone?>">
         <span class="error"><?php echo $teleerr?></span></td></tr>
       <tr><td></td><td>Details:</td><td><textarea cols="10" rows="5" name="detail" <?php echo $detail?>></textarea><br></td><td></td></tr>
       <tr><td></td> <td></td><td><input type="submit" value="Submit" ">

</div>
</body>
[/code]
#2

Is there anyone who can help me?

#3

Wastage of time by submitting my question here

#4

Members here volunteer. So, we don’t necessarily respond on your timeline, your original post was submitted less than 2 hours ago.

There are a few ways to deal with it. The simplest, is just exit(). But, I would advise you return your error messages to the user so they know what they did wrong.

#5

I do say you have some interesting programming techniques. ;D

[php] $name=$email=$telephone=$detail="";
$nameerr=$emailerr=$teleerr="";[/php]

Anyways, I would do all the validating of the variables [size=14pt]before[/size] any sanitizing (and if you use prepared statements you don’t have to worry too much about doing that in my opinion). Though that is how I do it, but a lot a people do it at the same time. I prefer to do it separate for it makes it clearer for me.

Here’s a little example of what I’m talking about:
[php]$name = “Strider#####”;
//$name = “Strider”;
$errorMsg = NULL;

// Using Regex to check username:
if (preg_match("/^[0-9a-zA-Z_]{5,}$/", $name) === 0) {
$errorMsg = ‘Username must be bigger than 5 chars and contain only digits, letters and underscore’;
}

if (!$errorMsg) {

/* This is were you would continue onto inserting data into the database table */
echo "Continue on to insert data into DB Table";

} else {
echo $errorMsg . “
\n”;
}

?>
<!doctype html>

Error Status

<?php echo ($errorMsg) ? $errorMsg : "Error Status: OK"; ?>

[/php]

BTW, I don’t check usernames that way anymore, it’s just some old code that I dug up. :wink:

Here’s a good example on how to both at the same time and it comes directly from the source:
http://php.net/manual/en/filter.examples.sanitization.php

http://php.net/manual/en/filter.examples.validation.php

Sponsor our Newsletter | Privacy Policy | Terms of Service