validating data from forms

06/07/2007, 09h01

I have a set of function that work beautifully the first time that the form
is processed, but the second time that I hit the submit button if any field
contains data the form by passes all of my carefully planned validation and
dumps the data into the DB.

Have to tell you this is very disconcerting. I Have Been working with this
for a couple of days now. And...

Can you take a look at my logic and tell me if I over looked anything
obvious?
I should clue you in to what I am attempting to do.

Nothing complicated, I just make several function calls and if their is
output from the calls then I have an error somewhere.

It should call my JS window.location function to redirect to the same page
so that they can make corrections.

However, for some reason the validation functions do exactly what they are
supposed to do the first time around, but like I said above, the second time
if any fields are loaded with data it completely by passes my validation
proceedures. :-(

code:
--------------------------------------
// looking at some function calls here, nothing special...

if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
$_SESSION['SES_userNameErr'] = $userNameErr;
}

if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
trimWhiteSpace($_POST['pass2']))){
$_SESSION['SES_userPassErr'] = $userPassErr;
}

if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
trimWhiteSpace($_POST['lName']))){
$_SESSION['SES_nameErr'] = $nameErr;
}

if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
$_SESSION['SES_passHintErr'] = $passHintErr;
}

if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
$_SESSION['SES_emailErr'] = $emailErr;
}

// my err check statement that only works on the first pass

if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
?>
<script language="javascript">
window.location = "register.php";
</script>
<?php
}else{
//
************************************************** **************************
**************
//
// here we encrypt the password and add slashes if needed
//
//
************************************************** **************************
**************

$_POST['pass'] = md5($_POST['pass']);

if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
$_POST['fName'] = addslashes($_POST['fName']);
$_POST['lName'] = addslashes($_POST['lName']);
$_POST['passHint'] = addslashes($_POST['passHint']);
$_POST['email'] = addslashes($_POST['email']);
}
//
************************************************** **************************
**************
//
//if there are no errors in data validation load the data into the database
// now we insert it into the database
//
//
************************************************** **************************
**************
$insert = "INSERT INTO user (username, password, fName, lName, passHint,
email, bMonth)
VALUES ('".$_POST['username']."',
'".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST['
passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
$add_member = mysql_query($insert);

?>

<p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
print "$fName $lName" ?> you have registered - you may now <a
href="login.php">login</a>.</p>
<?php
}// end if error

insight would be greatly appreciated
thank you
Kevin

06/07/2007, 09h39

"Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message
news:__GdnXgHRsh2aBDbnZ2dnUVZ_v23nZ2d@giganews.com ...
>I have a set of function that work beautifully the first time that the form
> is processed, but the second time that I hit the submit button if any
> field
> contains data the form by passes all of my carefully planned validation
> and
> dumps the data into the DB.

<SNIP>

> if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
> ?>
> <script language="javascript">
> window.location = "register.php";
> </script>
> <?php
> }else{

The first thing I can ask is why do you have *any* JavaScript in this code?
If it's just for redirection, then use header('Location: xxx'). If you have
JavaScript, then nasty people can easily automate adding data by simply
switching off the JavaScript.

Next, it loks like you are using two scripts - one with the form
(register.php), which POSTs to the validation script, which then redirects
back to the to the form on errors. Howabout doing it all in one script?

if form submitted then process form
{
if form data OK add data to database, display thank you and link to
login
}
else
{
(re)display form, populating form fields with $_POSTed variables, and
display any hints
}

07/07/2007, 08h18

Kevin Raleigh wrote:
> Actually that is what I am doing. I just left out the top of the script
> containing all of my validation functions.
>
> If I use header('location: XXX'); I get a very nasty error that I haven't
> been able to resolve.
>
> Warning: Cannot modify header information - headers already sent by (output
> started at G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p:8) in
> G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p on line 107
>
> I was working with some other people and they suggested the JS to get by
> this error.
> Can you advise on how I can work with the header error?
> I guess I should work with it first then move on to the validation
>
> Kevin
>
>
> If your interested in the code I have here it is without the validation
> functions. I extracted them and put them into an include file so that I
> could clean up the code a bit.
>
> <?php
> // database connection, session_start(), and validation functions are
> included
>
> // has form been submitted
> if (isset($_POST['submit'])) {
>
> // lets check the output of each function call for data and load it into a
> session variable if it
> if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
> $_SESSION['SES_userNameErr'] = $userNameErr;
> }else{
> unset($_SESSION['SES_userNameErr']);
> }
> if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
> trimWhiteSpace($_POST['pass2']))){
> $_SESSION['SES_userPassErr'] = $userPassErr;
> }else{
> unset($_SESSION['SES_userPassErr']);
> }
>
>
> if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
> trimWhiteSpace($_POST['lName']))){
> $_SESSION['SES_nameErr'] = $nameErr;
> }else{
> unset($_SESSION['SES_nameErr']);
> }
>
>
> if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
> $_SESSION['SES_passHintErr'] = $passHintErr;
> }else{
> unset($_SESSION['SES_passHintErr']);
> }
>
>
> if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
> $_SESSION['SES_emailErr'] = $emailErr;
> }else{
> unset($_SESSION['SES_emailErr']);
> }
>
> if($emailErr || $passHintErr || $nameErr || $userPassErr || $userNameErr){
> //header('Location: register.php');
> ?>
> <script language="javascript">
> window.location = "register.php";
> </script>
> <?php
> }else{
>
> // here we encrypt the password and add slashes if needed
> $_POST['pass'] = md5($_POST['pass']);
>
> if (!get_magic_quotes_gpc()) {
> $_POST['pass'] = addslashes($_POST['pass']);
> $_POST['username'] = addslashes($_POST['username']);
> $_POST['fName'] = addslashes($_POST['fName']);
> $_POST['lName'] = addslashes($_POST['lName']);
> $_POST['passHint'] = addslashes($_POST['passHint']);
> $_POST['email'] = addslashes($_POST['email']);
> }
>
> //if there are no errors in data validation load the data into the database
> // now we insert it into the database
> $insert = "INSERT INTO user (username, password, fName, lName, passHint,
> email, bMonth)
> VALUES ('".$_POST['username']."',
> '".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST['
> passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
> $add_member = mysql_query($insert);
> ?>
>
> <p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
> print "$fName $lName" ?> you have registered - you may now <a
> href="login.php">login</a>.</p>
> <?php
> }// end if error
> }// end if (isset($_POST['submit']))
> else
> { // if not posted display form
>
> ?>
>
> 
>
> <p class="textpadded"><br/><br/><br/>
> Please enter your information in the form below. This information can
> only be accessed by Pastor Art and the Administrator for this website. When
> Pastor Art contacts us he would like to address us by name. It would also be
> nice if we could remember when a person is having a birthday. No years if
> you please ;-) </p>
>
> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
> <table width="448" border="0" cellpadding="5" align="center">
> <tr>
> <td width="101" align="left">First Name </td>
> <td width="156" align="left">
> <input name="fName" type="text" id="fName" maxlength="25" value="<?php
> $fName = $_POST['fName']; print $fName ?>"/>
> </td>
> <td width="153" rowspan="2" align="left">
> <?php if(isset($_SESSION['SES_nameErr'])) { $name =
> $_SESSION['SES_nameErr']; echo $name;} ?>
> </td>
> </tr>
> <tr>
> <td align="left">Last Name </td>
> <td align="left"><input name="lName" type="text" id="lName"
> maxlength="25" value="<?php echo $_POST['lName']; ?>"/></td>
> </tr>
> <tr>
> <td align="left">Birth Month </td>
> <td align="left"><label>
> <select name="bMonth" id="bMonth">
> <option value="0">Enter birthmonth</option>
> <option value="1">January</option>
> <option value="2">February</option>
> <option value="3">March</option>
> <option value="4">April</option>
> <option value="5">May</option>
> <option value="6">June</option>
> <option value="7">July</option>
> <option value="8">August</option>
> <option value="9">September</option>
> <option value="10">October</option>
> <option value="11">November</option>
> <option value="12">December</option>
> </select>
> </label></td>
> <td align="left"> </td>
> </tr>
> <tr>
> <td align="left">Email:</td>
> <td align="left"><input type="text" name="email" maxlength="60"
> value="<?php echo $_POST['email']; ?>"/></td>
> <td align="left">
>  
> <?php if($myEmail = $_SESSION['SES_emailErr']){ echo $myEmail;} ?>
> </td>
> </tr>
> <tr>
> <td align="left">Username:</td>
> <td align="left"><input type="text" name="username" maxlength="15"
> value="<?php echo $_POST['username']; ?>"/></td>
> <td align="left">
>  
> <?php if($myUserName = $_SESSION['SES_userNameErr']){ echo $myUserName;}
> ?>
> </td>
> </tr>
> <tr>
> <td align="left">Password:</td>
> <td align="left"><input type="password" name="pass" maxlength="10"
> /></td>
> <td rowspan="2" align="left">
>  
> <?php if($myPass = $_SESSION['SES_userPassErr']){ echo $myPass;} ?>
>
> </td>
> </tr>
> <tr>
> <td align="left">Confirm Password:</td>
> <td align="left"><input type="password" name="pass2" maxlength="10"
> /></td>
> </tr>
> <tr>
> <td align="left">Password Hint:</td>
> <td align="left"><input type="text" name="passHint" maxlength="25"
> value="<?php echo $_POST['passHint'] ?>"/></td>
> <td align="left">
>  
>
> <?php if($passHint = $_SESSION['SES_passHintErr']){ echo $passHint;} ?>
> </td>
> </tr>
> <tr>
> <th colspan="4"><input type="submit" name="submit" value="Register"
> /></th>
> </tr>
> </table>
> </form>
>
> <?php
> }
> ?>
>
> insight would be greatly appreciated
> thank you
> kevin
> "Virginner" <the.bin@LOSEITvirgin.net> wrote in message
> news:f6kv3m$2hu$1@aioe.org...
>> "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message
>> news:__GdnXgHRsh2aBDbnZ2dnUVZ_v23nZ2d@giganews.com ...
>>> I have a set of function that work beautifully the first time that the
> form
>>> is processed, but the second time that I hit the submit button if any
>>> field
>>> contains data the form by passes all of my carefully planned validation
>>> and
>>> dumps the data into the DB.
>> <SNIP>
>>
>>> if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
>>> ?>
>>> <script language="javascript">
>>> window.location = "register.php";
>>> </script>
>>> <?php
>>> }else{
>> The first thing I can ask is why do you have *any* JavaScript in this
> code?
>> If it's just for redirection, then use header('Location: xxx'). If you
> have
>> JavaScript, then nasty people can easily automate adding data by simply
>> switching off the JavaScript.
>>
>> Next, it loks like you are using two scripts - one with the form
>> (register.php), which POSTs to the validation script, which then redirects
>> back to the to the form on errors. Howabout doing it all in one script?
>>
>> if form submitted then process form
>> {
>> if form data OK add data to database, display thank you and link to
>> login
>> }
>> else
>> {
>> (re)display form, populating form fields with $_POSTed variables, and
>> display any hints
>> }
>>
>>
>
>
If you send anything before the header, even a single space, it will
result in an error. The header have already been sent so sending them
again results in an error. This can be done quite easily if you have
blank line or a space or any other text before your script starts.

07/07/2007, 18h43

I was able to resolve my problems on both fronts.
I was using a tutorial script that I found on the net that had the
header(location: xx) in the body of the document sandwiched between blocks
of HTML. This I finally figured out was what was causing my problem. I took
your advice and I completely rewrote the page and removed all of the php
from the body. I placed it the top of the document, used an if else to
decide when to display what, and it solved my header() error problems as
well as my validation problems. Previously I could validate on the first
pass, but on the second submit the validation failed. I don't know why, but
what is important is that it works beautifully now.

I thank you for your time and effort
Kevin Raleigh

"Gleep" <Gleep@Gleep.com> wrote in message
news:3kts835k43hn1lqc5646k9ejgiukbcemln@4ax.com...
> On Fri, 6 Jul 2007 01:01:33 -0700, "Kevin Raleigh"
<kraleigh@sbcglobal.net> wrote:
>
> >I have a set of function that work beautifully the first time that the
form
> >is processed, but the second time that I hit the submit button if any
field
> >contains data the form by passes all of my carefully planned validation
and
> >dumps the data into the DB.
> >
> >Have to tell you this is very disconcerting. I Have Been working with
this
> >for a couple of days now. And...
> >
> >Can you take a look at my logic and tell me if I over looked anything
> >obvious?
> >I should clue you in to what I am attempting to do.
> >
> >Nothing complicated, I just make several function calls and if their is
> >output from the calls then I have an error somewhere.
> >
> >It should call my JS window.location function to redirect to the same
page
> >so that they can make corrections.
> >
> >However, for some reason the validation functions do exactly what they
are
> >supposed to do the first time around, but like I said above, the second
time
> >if any fields are loaded with data it completely by passes my validation
> >proceedures. :-(
> >
> >code:
> >--------------------------------------
> > // looking at some function calls here, nothing special...
> >
> > if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
> > $_SESSION['SES_userNameErr'] = $userNameErr;
> > }
> >
> > if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
> >trimWhiteSpace($_POST['pass2']))){
> > $_SESSION['SES_userPassErr'] = $userPassErr;
> > }
> >
> > if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
> >trimWhiteSpace($_POST['lName']))){
> > $_SESSION['SES_nameErr'] = $nameErr;
> > }
> >
> > if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
> > $_SESSION['SES_passHintErr'] = $passHintErr;
> > }
> >
> > if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
> > $_SESSION['SES_emailErr'] = $emailErr;
> > }
> >
> >// my err check statement that only works on the first pass
> >
> > if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
> > ?>
> > <script language="javascript">
> > window.location = "register.php";
> > </script>
> > <?php
> > }else{
> >//
>
>************************************************* **************************
*
> >**************
> >//
> >// here we encrypt the password and add slashes if needed
> >//
> >//
>
>************************************************* **************************
*
> >**************
> >
> >
> >$_POST['pass'] = md5($_POST['pass']);
> >
> > if (!get_magic_quotes_gpc()) {
> > $_POST['pass'] = addslashes($_POST['pass']);
> > $_POST['username'] = addslashes($_POST['username']);
> > $_POST['fName'] = addslashes($_POST['fName']);
> > $_POST['lName'] = addslashes($_POST['lName']);
> > $_POST['passHint'] = addslashes($_POST['passHint']);
> > $_POST['email'] = addslashes($_POST['email']);
> > }
> > //
>
>************************************************* **************************
*
> >**************
> > //
> > //if there are no errors in data validation load the data into the
database
> > // now we insert it into the database
> > //
> > //
>
>************************************************* **************************
*
> >**************
> > $insert = "INSERT INTO user (username, password, fName, lName, passHint,
> >email, bMonth)
> > VALUES ('".$_POST['username']."',
>
>'".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST[
'
> >passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
> > $add_member = mysql_query($insert);
> >
> >
> >
> >?>
> >
> ><p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
> >print "$fName $lName" ?> you have registered - you may now <a
> >href="login.php">login</a>.</p>
> ><?php
> > }// end if error
> >
> >insight would be greatly appreciated
> >thank you
> >Kevin
> >
>
>
>
>
> Well first off , in my opnion the validation logic seems a little
convoluted, but the thing i
> noticed first is if($emailErr | $passHintErr | $nameErr | $userPassErr
| $userNameErr) {...
> the ors should be || or OR not |
>
> your saving session data if there is an error, why there is no need to
save that data.
> here is the logic pattern I'd use
>
> the user fills out the form and submits..
> (there might be errors i'm just gonna whip it out)....
>
>
> if(isset($_POST['Submit'] AND $_POST['Submit']=='Submit' ) {
>
> // collect form vars
> if (!get_magic_quotes_gpc()) {
> $pass = addslashes($_POST['pass']);
> $username = addslashes($_POST['username']);
> $fName = addslashes($_POST['fName']);
> $lName = addslashes($_POST['lName']);
> $passHint = addslashes($_POST['passHint']);
> $email = addslashes($_POST['email']);
> $bMonth = addslashes($_POST['bMonth']);
> } else {
> $pass = $_POST['pass'];
> $username = $_POST['username'];
> $fName = $_POST['fName'];
> $lName = $_POST['lName'];
> $passHint = $_POST['passHint'];
> $email = $_POST['email'];
> $bMonth = $_POST['bMonth'];
> }
>
> // validate vars
> $error = false;
> if(!$pass) $error .= "password is required<br />";
> if(!$username) $error .= "username is required<br />";
> if(!$fName) $error .= "first name is required<br />";
> if(!$lName) $error .= "last name is required<br />";
> if(!$passHint) $error .= "password hint is required<br />";
> if(!$enail) $error .= "email hint is required<br />";
> if(userNameCheck(trimWhiteSpace($username))) $error .= "username failed<br
/>";
> if(userPassCheck(trimWhiteSpace($pass))) $error .= "password failed<br
/>";
> if(nameCheck(trimWhiteSpace($fName))) $error .= "first name failed<br />";
> if(passHintCheck(trimWhiteSpace($passHint))) $error .= "pass hint
failed<br />";
> if(emailCheck(trimWhiteSpace($email))) $error .= "email failed<br />";
>
> if(!$error) {
> mysql_query("INSERT INTO user (username, password, fName, lName,
passHint, email, bMonth) VALUES
> ('$username','$pass', '$fName', '$lName', '$passHint', '$email',
'$bMonth')") or die(mysql_error());
> // if everything is cool go to thank you page else return to same page
> header("location: thank_you.php");
> exit;
> }
>
> }
>
>
> <form name="form1" method="post" action="<?=$_SERVER['PHP_SELF']?>" >
> <lable>Username</lable> <input type="text" name="username"
value="<?=$username?>"><br />
> //repeat for all fields
> <input type="submit" name="Submit" value="Submit">
> <? if($error) echo "<p>$error</p>";?>
> </form>
>
>
>
> i think the logic here is easier to follow and tweakable if needed
>

09/07/2007, 12h57

"Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message
news:96udnd_dxZHwRxPbnZ2dnUVZ_qmpnZ2d@giganews.com ...
> Actually that is what I am doing. I just left out the top of the script
> containing all of my validation functions.
>
> If I use header('location: XXX'); I get a very nasty error that I haven't
> been able to resolve.
>
> Warning: Cannot modify header information - headers already sent by
> (output
> started at G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p:8) in
> G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p on line 107
>

you have started outputting stuff, then tryed to add a header, so it's
complaining

12/07/2007, 23h37

I understand the problem now so I redesigned the page so that all the php is
at the top when the header(location) call is made.

thank you
Keivn

"Geoff" <fooooooool@hotmail.com> wrote in message
news:469222ca$0$27850$db0fefd9@news.zen.co.uk...
>
> "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message
> news:96udnd_dxZHwRxPbnZ2dnUVZ_qmpnZ2d@giganews.com ...
> > Actually that is what I am doing. I just left out the top of the script
> > containing all of my validation functions.
> >
> > If I use header('location: XXX'); I get a very nasty error that I
haven't
> > been able to resolve.
> >
> > Warning: Cannot modify header information - headers already sent by
> > (output
> > started at G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p:8) in
> > G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p on line 107
> >
>
> you have started outputting stuff, then tryed to add a header, so it's
> complaining
>
>

06/07/2007, 09h01	#1
Kevin Raleigh Messages: n/a Hébergeur:	validating data from forms I have a set of function that work beautifully the first time that the form is processed, but the second time that I hit the submit button if any field contains data the form by passes all of my carefully planned validation and dumps the data into the DB. Have to tell you this is very disconcerting. I Have Been working with this for a couple of days now. And... Can you take a look at my logic and tell me if I over looked anything obvious? I should clue you in to what I am attempting to do. Nothing complicated, I just make several function calls and if their is output from the calls then I have an error somewhere. It should call my JS window.location function to redirect to the same page so that they can make corrections. However, for some reason the validation functions do exactly what they are supposed to do the first time around, but like I said above, the second time if any fields are loaded with data it completely by passes my validation proceedures. :-( code: -------------------------------------- // looking at some function calls here, nothing special... if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){ $_SESSION['SES_userNameErr'] = $userNameErr; } if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']), trimWhiteSpace($_POST['pass2']))){ $_SESSION['SES_userPassErr'] = $userPassErr; } if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']), trimWhiteSpace($_POST['lName']))){ $_SESSION['SES_nameErr'] = $nameErr; } if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){ $_SESSION['SES_passHintErr'] = $passHintErr; } if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){ $_SESSION['SES_emailErr'] = $emailErr; } // my err check statement that only works on the first pass if($emailErr \| $passHintErr \| $nameErr \| $userPassErr \| $userNameErr){ ?> <script language="javascript"> window.location = "register.php"; </script> <?php }else{ // ************************************************ ********************** ********** // // here we encrypt the password and add slashes if needed // // ********************************************** ********************** ********** $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); $_POST['fName'] = addslashes($_POST['fName']); $_POST['lName'] = addslashes($_POST['lName']); $_POST['passHint'] = addslashes($_POST['passHint']); $_POST['email'] = addslashes($_POST['email']); } // ********************************************** ********************** ********** // //if there are no errors in data validation load the data into the database // now we insert it into the database // // ********************************************** ********************** ************ $insert = "INSERT INTO user (username, password, fName, lName, passHint, email, bMonth) VALUES ('".$_POST['username']."', '".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST[' passHint']."','".$_POST['email']."','".$_POST['bMonth']."')"; $add_member = mysql_query($insert); ?> <p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName']; print "$fName $lName" ?> you have registered - you may now <a href="login.php">login</a>.</p> <?php }// end if error insight would be greatly appreciated thank you Kevin

06/07/2007, 09h39	#2
Virginner Messages: n/a Hébergeur:	Re: validating data from forms "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message news:__GdnXgHRsh2aBDbnZ2dnUVZ_v23nZ2d@giganews.com ... >I have a set of function that work beautifully the first time that the form > is processed, but the second time that I hit the submit button if any > field > contains data the form by passes all of my carefully planned validation > and > dumps the data into the DB. <SNIP> > if($emailErr \| $passHintErr \| $nameErr \| $userPassErr \| $userNameErr){ > ?> > <script language="javascript"> > window.location = "register.php"; > </script> > <?php > }else{ The first thing I can ask is why do you have any JavaScript in this code? If it's just for redirection, then use header('Location: xxx'). If you have JavaScript, then nasty people can easily automate adding data by simply switching off the JavaScript. Next, it loks like you are using two scripts - one with the form (register.php), which POSTs to the validation script, which then redirects back to the to the form on errors. Howabout doing it all in one script? if form submitted then process form { if form data OK add data to database, display thank you and link to login } else { (re)display form, populating form fields with $_POSTed variables, and display any hints }

07/07/2007, 08h18	#3
Amorz Messages: n/a Hébergeur:	Re: validating data from forms Kevin Raleigh wrote: > Actually that is what I am doing. I just left out the top of the script > containing all of my validation functions. > > If I use header('location: XXX'); I get a very nasty error that I haven't > been able to resolve. > > Warning: Cannot modify header information - headers already sent by (output > started at G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p:8) in > G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p on line 107 > > I was working with some other people and they suggested the JS to get by > this error. > Can you advise on how I can work with the header error? > I guess I should work with it first then move on to the validation > > Kevin > > > If your interested in the code I have here it is without the validation > functions. I extracted them and put them into an include file so that I > could clean up the code a bit. > > <?php > // database connection, session_start(), and validation functions are > included > > // has form been submitted > if (isset($_POST['submit'])) { > > // lets check the output of each function call for data and load it into a > session variable if it > if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){ > $_SESSION['SES_userNameErr'] = $userNameErr; > }else{ > unset($_SESSION['SES_userNameErr']); > } > if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']), > trimWhiteSpace($_POST['pass2']))){ > $_SESSION['SES_userPassErr'] = $userPassErr; > }else{ > unset($_SESSION['SES_userPassErr']); > } > > > if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']), > trimWhiteSpace($_POST['lName']))){ > $_SESSION['SES_nameErr'] = $nameErr; > }else{ > unset($_SESSION['SES_nameErr']); > } > > > if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){ > $_SESSION['SES_passHintErr'] = $passHintErr; > }else{ > unset($_SESSION['SES_passHintErr']); > } > > > if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){ > $_SESSION['SES_emailErr'] = $emailErr; > }else{ > unset($_SESSION['SES_emailErr']); > } > > if($emailErr \|\| $passHintErr \|\| $nameErr \|\| $userPassErr \|\| $userNameErr){ > //header('Location: register.php'); > ?> > <script language="javascript"> > window.location = "register.php"; > </script> > <?php > }else{ > > // here we encrypt the password and add slashes if needed > $_POST['pass'] = md5($_POST['pass']); > > if (!get_magic_quotes_gpc()) { > $_POST['pass'] = addslashes($_POST['pass']); > $_POST['username'] = addslashes($_POST['username']); > $_POST['fName'] = addslashes($_POST['fName']); > $_POST['lName'] = addslashes($_POST['lName']); > $_POST['passHint'] = addslashes($_POST['passHint']); > $_POST['email'] = addslashes($_POST['email']); > } > > //if there are no errors in data validation load the data into the database > // now we insert it into the database > $insert = "INSERT INTO user (username, password, fName, lName, passHint, > email, bMonth) > VALUES ('".$_POST['username']."', > '".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST[' > passHint']."','".$_POST['email']."','".$_POST['bMonth']."')"; > $add_member = mysql_query($insert); > ?> > > <p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName']; > print "$fName $lName" ?> you have registered - you may now <a > href="login.php">login</a>.</p> > <?php > }// end if error > }// end if (isset($_POST['submit'])) > else > { // if not posted display form > > ?> > > <!-- This is what they see before they have registered --> > > <p class="textpadded"><br/><br/><br/> > Please enter your information in the form below. This information can > only be accessed by Pastor Art and the Administrator for this website. When > Pastor Art contacts us he would like to address us by name. It would also be > nice if we could remember when a person is having a birthday. No years if > you please ;-) </p> > > <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> > <table width="448" border="0" cellpadding="5" align="center"> > <tr> > <td width="101" align="left">First Name </td> > <td width="156" align="left"> > <input name="fName" type="text" id="fName" maxlength="25" value="<?php > $fName = $_POST['fName']; print $fName ?>"/> > </td> > <td width="153" rowspan="2" align="left"> > <?php if(isset($_SESSION['SES_nameErr'])) { $name = > $_SESSION['SES_nameErr']; echo $name;} ?> > </td> > </tr> > <tr> > <td align="left">Last Name </td> > <td align="left"><input name="lName" type="text" id="lName" > maxlength="25" value="<?php echo $_POST['lName']; ?>"/></td> > </tr> > <tr> > <td align="left">Birth Month </td> > <td align="left"><label> > <select name="bMonth" id="bMonth"> > <option value="0">Enter birthmonth</option> > <option value="1">January</option> > <option value="2">February</option> > <option value="3">March</option> > <option value="4">April</option> > <option value="5">May</option> > <option value="6">June</option> > <option value="7">July</option> > <option value="8">August</option> > <option value="9">September</option> > <option value="10">October</option> > <option value="11">November</option> > <option value="12">December</option> > </select> > </label></td> > <td align="left"> </td> > </tr> > <tr> > <td align="left">Email:</td> > <td align="left"><input type="text" name="email" maxlength="60" > value="<?php echo $_POST['email']; ?>"/></td> > <td align="left"> >   > <?php if($myEmail = $_SESSION['SES_emailErr']){ echo $myEmail;} ?> > </td> > </tr> > <tr> > <td align="left">Username:</td> > <td align="left"><input type="text" name="username" maxlength="15" > value="<?php echo $_POST['username']; ?>"/></td> > <td align="left"> >   > <?php if($myUserName = $_SESSION['SES_userNameErr']){ echo $myUserName;} > ?> > </td> > </tr> > <tr> > <td align="left">Password:</td> > <td align="left"><input type="password" name="pass" maxlength="10" > /></td> > <td rowspan="2" align="left"> >   > <?php if($myPass = $_SESSION['SES_userPassErr']){ echo $myPass;} ?> > > </td> > </tr> > <tr> > <td align="left">Confirm Password:</td> > <td align="left"><input type="password" name="pass2" maxlength="10" > /></td> > </tr> > <tr> > <td align="left">Password Hint:</td> > <td align="left"><input type="text" name="passHint" maxlength="25" > value="<?php echo $_POST['passHint'] ?>"/></td> > <td align="left"> >   > > <?php if($passHint = $_SESSION['SES_passHintErr']){ echo $passHint;} ?> > </td> > </tr> > <tr> > <th colspan="4"><input type="submit" name="submit" value="Register" > /></th> > </tr> > </table> > </form> > > <?php > } > ?> > > insight would be greatly appreciated > thank you > kevin > "Virginner" <the.bin@LOSEITvirgin.net> wrote in message > news:f6kv3m$2hu$1@aioe.org... >> "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message >> news:__GdnXgHRsh2aBDbnZ2dnUVZ_v23nZ2d@giganews.com ... >>> I have a set of function that work beautifully the first time that the > form >>> is processed, but the second time that I hit the submit button if any >>> field >>> contains data the form by passes all of my carefully planned validation >>> and >>> dumps the data into the DB. >> <SNIP> >> >>> if($emailErr \| $passHintErr \| $nameErr \| $userPassErr \| $userNameErr){ >>> ?> >>> <script language="javascript"> >>> window.location = "register.php"; >>> </script> >>> <?php >>> }else{ >> The first thing I can ask is why do you have any JavaScript in this > code? >> If it's just for redirection, then use header('Location: xxx'). If you > have >> JavaScript, then nasty people can easily automate adding data by simply >> switching off the JavaScript. >> >> Next, it loks like you are using two scripts - one with the form >> (register.php), which POSTs to the validation script, which then redirects >> back to the to the form on errors. Howabout doing it all in one script? >> >> if form submitted then process form >> { >> if form data OK add data to database, display thank you and link to >> login >> } >> else >> { >> (re)display form, populating form fields with $_POSTed variables, and >> display any hints >> } >> >> > > If you send anything before the header, even a single space, it will result in an error. The header have already been sent so sending them again results in an error. This can be done quite easily if you have blank line or a space or any other text before your script starts.

07/07/2007, 18h43	#4
Kevin Raleigh Messages: n/a Hébergeur:	Re: validating data from forms I was able to resolve my problems on both fronts. I was using a tutorial script that I found on the net that had the header(location: xx) in the body of the document sandwiched between blocks of HTML. This I finally figured out was what was causing my problem. I took your advice and I completely rewrote the page and removed all of the php from the body. I placed it the top of the document, used an if else to decide when to display what, and it solved my header() error problems as well as my validation problems. Previously I could validate on the first pass, but on the second submit the validation failed. I don't know why, but what is important is that it works beautifully now. I thank you for your time and effort Kevin Raleigh "Gleep" <Gleep@Gleep.com> wrote in message news:3kts835k43hn1lqc5646k9ejgiukbcemln@4ax.com... > On Fri, 6 Jul 2007 01:01:33 -0700, "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote: > > >I have a set of function that work beautifully the first time that the form > >is processed, but the second time that I hit the submit button if any field > >contains data the form by passes all of my carefully planned validation and > >dumps the data into the DB. > > > >Have to tell you this is very disconcerting. I Have Been working with this > >for a couple of days now. And... > > > >Can you take a look at my logic and tell me if I over looked anything > >obvious? > >I should clue you in to what I am attempting to do. > > > >Nothing complicated, I just make several function calls and if their is > >output from the calls then I have an error somewhere. > > > >It should call my JS window.location function to redirect to the same page > >so that they can make corrections. > > > >However, for some reason the validation functions do exactly what they are > >supposed to do the first time around, but like I said above, the second time > >if any fields are loaded with data it completely by passes my validation > >proceedures. :-( > > > >code: > >-------------------------------------- > > // looking at some function calls here, nothing special... > > > > if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){ > > $_SESSION['SES_userNameErr'] = $userNameErr; > > } > > > > if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']), > >trimWhiteSpace($_POST['pass2']))){ > > $_SESSION['SES_userPassErr'] = $userPassErr; > > } > > > > if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']), > >trimWhiteSpace($_POST['lName']))){ > > $_SESSION['SES_nameErr'] = $nameErr; > > } > > > > if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){ > > $_SESSION['SES_passHintErr'] = $passHintErr; > > } > > > > if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){ > > $_SESSION['SES_emailErr'] = $emailErr; > > } > > > >// my err check statement that only works on the first pass > > > > if($emailErr \| $passHintErr \| $nameErr \| $userPassErr \| $userNameErr){ > > ?> > > <script language="javascript"> > > window.location = "register.php"; > > </script> > > <?php > > }else{ > >// > >*********************************************** ************************ * > >************ > >// > >// here we encrypt the password and add slashes if needed > >// > >// > >********************************************* ************************ * > >************ > > > > > >$_POST['pass'] = md5($_POST['pass']); > > > > if (!get_magic_quotes_gpc()) { > > $_POST['pass'] = addslashes($_POST['pass']); > > $_POST['username'] = addslashes($_POST['username']); > > $_POST['fName'] = addslashes($_POST['fName']); > > $_POST['lName'] = addslashes($_POST['lName']); > > $_POST['passHint'] = addslashes($_POST['passHint']); > > $_POST['email'] = addslashes($_POST['email']); > > } > > // > >********************************************* ************************ * > >************ > > // > > //if there are no errors in data validation load the data into the database > > // now we insert it into the database > > // > > // > >********************************************* ************************ * > >************** > > $insert = "INSERT INTO user (username, password, fName, lName, passHint, > >email, bMonth) > > VALUES ('".$_POST['username']."', > >'".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST[ ' > >passHint']."','".$_POST['email']."','".$_POST['bMonth']."')"; > > $add_member = mysql_query($insert); > > > > > > > >?> > > > ><p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName']; > >print "$fName $lName" ?> you have registered - you may now <a > >href="login.php">login</a>.</p> > ><?php > > }// end if error > > > >insight would be greatly appreciated > >thank you > >Kevin > > > > > > > Well first off , in my opnion the validation logic seems a little convoluted, but the thing i > noticed first is if($emailErr \| $passHintErr \| $nameErr \| $userPassErr \| $userNameErr) {... > the ors should be \|\| or OR not \| > > your saving session data if there is an error, why there is no need to save that data. > here is the logic pattern I'd use > > the user fills out the form and submits.. > (there might be errors i'm just gonna whip it out).... > > > if(isset($_POST['Submit'] AND $_POST['Submit']=='Submit' ) { > > // collect form vars > if (!get_magic_quotes_gpc()) { > $pass = addslashes($_POST['pass']); > $username = addslashes($_POST['username']); > $fName = addslashes($_POST['fName']); > $lName = addslashes($_POST['lName']); > $passHint = addslashes($_POST['passHint']); > $email = addslashes($_POST['email']); > $bMonth = addslashes($_POST['bMonth']); > } else { > $pass = $_POST['pass']; > $username = $_POST['username']; > $fName = $_POST['fName']; > $lName = $_POST['lName']; > $passHint = $_POST['passHint']; > $email = $_POST['email']; > $bMonth = $_POST['bMonth']; > } > > // validate vars > $error = false; > if(!$pass) $error .= "password is required<br />"; > if(!$username) $error .= "username is required<br />"; > if(!$fName) $error .= "first name is required<br />"; > if(!$lName) $error .= "last name is required<br />"; > if(!$passHint) $error .= "password hint is required<br />"; > if(!$enail) $error .= "email hint is required<br />"; > if(userNameCheck(trimWhiteSpace($username))) $error .= "username failed<br />"; > if(userPassCheck(trimWhiteSpace($pass))) $error .= "password failed<br />"; > if(nameCheck(trimWhiteSpace($fName))) $error .= "first name failed<br />"; > if(passHintCheck(trimWhiteSpace($passHint))) $error .= "pass hint failed<br />"; > if(emailCheck(trimWhiteSpace($email))) $error .= "email failed<br />"; > > if(!$error) { > mysql_query("INSERT INTO user (username, password, fName, lName, passHint, email, bMonth) VALUES > ('$username','$pass', '$fName', '$lName', '$passHint', '$email', '$bMonth')") or die(mysql_error()); > // if everything is cool go to thank you page else return to same page > header("location: thank_you.php"); > exit; > } > > } > > > <form name="form1" method="post" action="<?=$_SERVER['PHP_SELF']?>" > > <lable>Username</lable> <input type="text" name="username" value="<?=$username?>"><br /> > //repeat for all fields > <input type="submit" name="Submit" value="Submit"> > <? if($error) echo "<p>$error</p>";?> > </form> > > > > i think the logic here is easier to follow and tweakable if needed >

09/07/2007, 12h57	#5
Geoff Messages: n/a Hébergeur:	Re: validating data from forms "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message news:96udnd_dxZHwRxPbnZ2dnUVZ_qmpnZ2d@giganews.com ... > Actually that is what I am doing. I just left out the top of the script > containing all of my validation functions. > > If I use header('location: XXX'); I get a very nasty error that I haven't > been able to resolve. > > Warning: Cannot modify header information - headers already sent by > (output > started at G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p:8) in > G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p on line 107 > you have started outputting stuff, then tryed to add a header, so it's complaining

12/07/2007, 23h37	#6
Kevin Raleigh Messages: n/a Hébergeur:	Re: validating data from forms I understand the problem now so I redesigned the page so that all the php is at the top when the header(location) call is made. thank you Keivn "Geoff" <fooooooool@hotmail.com> wrote in message news:469222ca$0$27850$db0fefd9@news.zen.co.uk... > > "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message > news:96udnd_dxZHwRxPbnZ2dnUVZ_qmpnZ2d@giganews.com ... > > Actually that is what I am doing. I just left out the top of the script > > containing all of my validation functions. > > > > If I use header('location: XXX'); I get a very nasty error that I haven't > > been able to resolve. > > > > Warning: Cannot modify header information - headers already sent by > > (output > > started at G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p:8) in > > G:\xampp\htdocs\bethel\1purpose_bethel\register.ph p on line 107 > > > > you have started outputting stuff, then tryed to add a header, so it's > complaining > >

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email