Home/ Questions/Q 554363
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T11:42:06+00:00

I am wondering if anyone out there can help with my form Validation Please?

  • 0

I am wondering if anyone out there can help with my form Validation Please?

I am having a few problems trying to synchronized out how certain bits of the actual structure of the script works together.

<?php
$flag="OK";   // This is the flag and we set it to OK
$msg="";        // Initializing the message to hold the error messages
   if(isset($_POST['Send'])){
      $key=substr($_SESSION['key'],0,4);
      $num_key = $_POST['num_key'];
      if($key!=num_key){
      $msg=$msg."Your Key not valid! Please try again!<BR>";
      $flag="NOTOK";
           }
      else{
    $msg=$msg."Your Key is valid!<BR>";
    $flag="OK";
        } 
         }
$email=$_POST['email'];
echo "Your Email: ".$email." is";
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$msg=$msg."Invalid email<BR>";
$flag="NOTOK"; 
}else{
$msg=$msg."Valid Email<BR>";
$flag="OK";
}
$password=$_POST['password'];
if(strlen($password) < 5 ){ 
$msg=$msg."( Please enter password of more than 5 character length  )<BR>";
$flag="NOTOK"; 
}
if($flag <>"OK"){
echo "$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // all entries are correct and let us proceed with the database checking etc …
} 
function spamcheck($field)
  {
  $field=filter_var($field, FILTER_SANITIZE_EMAIL);
  if(filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }
if (isset($_POST['email']))
  {//if "email" is filled out, proceed
  $mailcheck = spamcheck($_POST['email']); 
  if ($mailcheck==FALSE)
    {
    echo "Invalid input";
    }
      }
?>

the problem, when email valid, password valid, though key is invalid the warning of key disappear, it mean passed too… and also the spamcheck doesn’t look work..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You don’t have to set the flag to ‘OK’ or a previous error get masked, as you already noted.
    If all the check are ok, the flag remains in valid state and you can pass on, otherwise, if one of the check fails the flag reports the incorrect state.

      $flag="OK";   // This is the flag and we set it to OK
  $msg="";        // Initializing the message to hold the error messages
  if(isset($_POST['Send'])) {
    $key=substr($_SESSION['key'],0,4);
    $num_key = $_POST['num_key'];
    if($key!=$num_key){
    $msg=$msg."Your Key not valid! Please try again!<BR>";
    $flag="NOTOK";
  } else {
    $msg=$msg."Your Key is valid!<BR>";
  } 
}

$email=$_POST['email'];
echo "Your Email: ".$email." is";
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$msg=$msg."Invalid email<BR>";
$flag="NOTOK"; 
}else{
  $msg=$msg."Valid Email<BR>";
}

$password=$_POST['password'];
if(strlen($password) < 5 ){ 
  $msg=$msg."( Please enter password of more than 5 character length  )<BR>";
  $flag="NOTOK"; 
}

if($flag <>"OK"){
  echo "$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'>";
} else { 
  // all entries are correct and let us proceed with the database checking etc …
}

    Said that I would use a different approach, for example using boolean values other than a string named flag. You can obtain a more fluent code calling it something like $inputIsvalid.

    Other nags: Sometimes you add the messages to a $msg variable, other you issue an echo, maybe it is an oversight.

    There is a lot of room for improvements, as every other code, I will address just some of the easy issues, for examples I will not check if the variables are set or not.

      $inputIsValid=true;   // This is the flag and we set it to OK
  $messages = array();        // Initializing the message to hold the error messages

  if(isset($_POST['Send'])) {
    $key=substr($_SESSION['key'],0,4);
    $num_key = $_POST['num_key'];
    if($key!=$num_key){
      $messages[]= 'Your Key not valid! Please try again!';
      $inputIsValid=false;
    } else {
      $messages[]'Your Key is valid!';
    } 
  }

  $email=$_POST['email'];
  $emailRegex='^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$';
  $emailIsValid = eregi($emailRegEx, $email);
  $messages[]= 'Your Email: '.$email.' is ' .($emailIsValid? 'Valid':'Invalid');
  $inputIsValid = $inputIsValid && emailIsValid;

  $password=$_POST['password'];
  if(strlen($password) < 5 ){ 
    $messages[]='( Please enter password of more than 5 character length  )';
    $inputIsValid=false; 
}

if(!inputIsValid){
  $messages[]='<input type='button' value='Retry' onClick='history.go(-1)'>';
  echo join('<br/>', $messages); 
} else { 
  // all entries are correct and let us proceed with the database checking etc …
}

    Another approach should be (the functions are quite simple, but you can modify the validation policy of the different components without affecting the main code):

      function validateKey() {
    if(!isset($_POST['Send'])) {
      return true;
    }

    $key=substr($_SESSION['key'],0,4);
    $num_key = $_POST['num_key'];
    return $key==$num_key;
  }

  function validateEmail($email) {
    $emailRegex='^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$';
    return eregi($emailRegEx, $email);
  }

  function validatePassword($password) {
    return strlen($password) < 5;
  }

  $inputIsValid=true;   // This is the flag and we set it to OK
  $messages = array();        // Initializing the message to hold the error messages

  if(validateKey()) {
    $messages[]'Your Key is valid!';
  } else {
    $messages[]= 'Your Key not valid! Please try again!';
    $inputIsValid=false;
  }

  $emailIsValid = validateEmail($_POST['email']);
  $messages[]= 'Your Email: '.$email.' is ' .($emailIsValid? 'Valid':'Invalid');
  $inputIsValid = $inputIsValid && emailIsValid;

  $password=;
  if(!validatePassword($_POST['password']){ 
    $messages[]='( Please enter password of more than 5 character length  )';
    $inputIsValid=false; 
  }

if(!inputIsValid){
  $messages[]='<input type='button' value='Retry' onClick='history.go(-1)'>';
  echo join('<br/>', $messages); 
} else { 
  // all entries are correct and let us proceed with the database checking etc …
}

    Spam function:

    why are you using Constant different than the boolena values?
    (TRUE is different from true and FALSE is different from false)
    You can rewrite the function like this in order to obtain the desired behaviour.

    function spamcheck($field)
{
  $field=filter_var($field, FILTER_SANITIZE_EMAIL);
  return filter_var($field, FILTER_VALIDATE_EMAIL);
}

if (isset($_POST['email'])) {//if "email" is filled out, proceed
  $mailcheck = spamcheck($_POST['email']); 
  if (!$mailcheck) {
    echo "Invalid input";
  }
}
    • 0