I didn’t notice it until I finished the validation but I realized that even when my errors appear on top of my form box I then go to phpmyadmin and I look at the data, and even if I purposely added errors the form will be submitted.
Then my second problem including the one stated above, no matter what I do the student Id or “anum” is not posting. it continues to give me a “0” value in the students table in my database.
This is the entire code:
<?php
//Starting session
session_start();
// Validation starts here
if (empty($_POST) === false) {
$errors = array();
$anum = $_POST['anum'];
$first = $_POST['first'];
$last = $_POST['last'];
$why = $_POST['why'];
$comments = $_POST['comments'];
if (empty($anum) === true || empty($first) === true || empty($last) === true) {
$errors[] = 'Form is incomplete please revise it!';
} else {
if (ctype_alnum($anum) === false) {
$errors[] = 'A number can only consist of alphanumeric characters!';
}
if ((strlen($anum) < 9) && (strlen($anum)) > 9) {
$errors[] = 'A number is incorrect!';
}
if (ctype_alpha($first) === false) {
$errors[] = 'First mame must only contain alphabetical characters!';
}
if (ctype_alpha($last) === false) {
$errors[] = 'Last name must only contain alphabetical characters!';
}
if (empty($why))
$errors[] = 'Please make sure to select the proper reasoning for your vistit today!';
elseif ($why === 'Other') {
if (empty($comments))
$errors[] = 'Please explain the nature of your visit in the comments box!';
else {
if (strlen($comments) < 15)
$errors[] = 'Your explaination is short, please revise!';
if (strlen($comments) > 45)
$errors[] = 'Your explaintion is to long, please revise!';
}
}
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
// Validations ends here
$host = "localhost"; // Host name
$username = "root"; // Mysql username
$password = "testdbpass"; // Mysql password
$db_name = "test"; // Database name
// Connect to server via PHP Data Object
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$query = $dbh->prepare("INSERT INTO `students` (anum, FIRST, LAST, why, comments)
VALUES (:anum, :FIRST, :LAST, :why, :comments)");
$query->execute(
array(
'anum' => $_POST['anum'],
'first' => $_POST['first'],
'last' => $_POST['last'],
'why' => $_POST['why'],
'comments' => $_POST['comments']
));
} catch (PDOException $e) {
error_log($e->getMessage());
die($e->getMessage());
}
$dbh = null;
}
}
?>
<html>
<body>
<title>Student Signin Form</title>
<table width="300" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<?php
if (empty($errors) === false) {
echo '<h3>';
foreach ($errors as $error) {
echo '<center><li>', $error, '</li></center>';
}
echo '<h3>';
}
?>
<form action="" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<tr colspan="3">
<center></center>
<strong>Student Signin Form</strong></tr>
<p>Student ID Number: <input type="text" name="anum" <?php if (isset($_POST['anum']) === true) {
echo 'value="', $_POST['anum'], '"';
} ?> />
<p>First Name: <input type="text" name="first" <?php if (isset($_POST['first']) === true) {
echo 'value="', $_POST['first'], '"';
} ?> />
<p>Last Name: <input type="text" name="last" <?php if (isset($_POST['last']) === true) {
echo 'value="', $_POST['last'], '"';
} ?> />
<p>How may we help you? <select name="why"/>
<option value=""></option>
<option value="Appeal">Appeal</option>
<option value="Other">Other: Please specify the nature of your visit bellow</option>
</select>
</tr>
<br>
<P>If other please describe the issue you are having.</P>
<textarea rows="10" cols="50" name="comments" <?php if (isset($_POST['comments']) === true) {
echo 'value="', $_POST['comments'], '"';
} ?>></textarea>
<input type="submit" name="submit" value="Send"/>
</form>
</table>
</body>
</html>
After more digging up and more understanding of what I was actually doing (the wrong way) I came up with my solution. Pretty much I had to make it so that the Mysql insert statements were a part of the error validation not stand-a-lone. If you look at my prior code the PDO statements had no real place in the code, it was just there. The cause of this was
What this was doing was even if there were errors I had to still redirect to the “signedin.php” that is not the desired affect. What had to be done was first change it from false to true.
Then after doing so you must then input your PDO statements in between the {}.
So then what this means is that if the script has picked up errors it will NOT run the PDO insert.
However if it is TRUE that there are no errors it will run the insert script with a error check for that script, then if it inserts correctly it will then redirect the user to the next page.
Example :
Hopefully some one will find this of any use.