I have created a small registration sticky form. Everything is working fine, but if I input any wrong value,like numbers in name, letters in age or even wrong email format, then still the data is saved in the database, I cannot figure out the validation problem.
And another 1 is search option. Whenever I input any FirstName or lastname in the search box, it should display the name that is in the database or it will show an error message.
Any 1 can suggest me what should I do.. Please see my coding below.
sticky_form codes…
<html>
<head>
<?php
global $fname,$lname,$gender,$age,$course,$email;
if(isset($_POST['register']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$gender=$_POST['gender'];
$age=$_POST['age'];
$course=$_POST['course'];
$email=$_POST['email'];
if (preg_match("/[a-zA-Z ]+$/", $_POST['fname'])) {
$fname = trim($_POST['fname']);
}
else
{
echo '<p>The First name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
//$error = true;
}
if (preg_match("/[a-zA-Z ]+$/", $_POST['lname'])) {
$lname = trim($_POST['lname']);
}
else
{
echo '<p>The last name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
$error = true;
}
if(isset($_POST['gender']))
{
$gender = $_POST['gender'];
}
else
{
echo "<p>No gender found!</p>";
}
if (preg_match("/[a-zA-Z ]+$/", $_POST['age'])) {
$age = trim($_POST['age']);
}
else
{
echo '<p>Please enter age. Or your age contains illegal characters</p>';
//$error = true;
}
if(isset($_POST['course']))
{
$course = $_POST['course'];
}
else
{
echo "<p>Please Select Course!</p>";
}
// Validate the email:
if (preg_match("/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/", $_POST['email'] )){
$email = trim($_POST['email']);
}
else
{
echo '<p>The email is empty or has illegal characters! To edit please go the link Display Data Information</p>';
//$error = false;
}
echo "<br/>";
echo "<br/>";
echo "<br/>";
}
if($fname&&$lname&&$gender&&$age&&$email&&$course)
{
require_once('connection.php');
$query = mysql_query("INSERT INTO members SET FirstName='$fname', LastName='$lname', Gender='$gender', Age='$age', Email='$email', Course='$course'") or die(mysql_error());
if($query){
echo"Your Data Successfully Saved";
}
else
{
echo "Please recheck your Data!";
}
}
?>
</head>
<body id="body">
<h2><strong>Register Student Account</strong></h2>
<form action="student_form.php" method="post" >
<table border="1" id="container">
<tr>
<td>First Name</td>
<td>:</td>
<td><input type="text" name="fname" size="30" maxlength="50"/></td>
</tr>
<tr>
<td>Last Name</td>
<td>:</td>
<td><input type="text" name="lname" size="30" maxlength="50"/></td>
</tr>
<tr>
<td>Age</td>
<td>:</td>
<td><input type="text" name="age" size="3" /></td>
</tr>
<tr>
<td >Gender </td>
<td> : </td>
<td> Male
<input type="radio" name="gender" value="Male"/>
Female
<input type="radio" name="gender" value="Female"/></td>
</tr>
<tr>
<td valign="top">Course</td>
<td valign="top"> : </td>
<td> <input type="radio" name="course" value="Bachelor Of Computing"/>Bachelor Of Computing<br/>
<input type="radio" name="course" value="Bachelor Of Science"/>Bachelor Of Science<br/>
<input type="radio" name="course" value="Bachelor Of Software Engineering"/>Bachelor Of Software Engineering<br/>
<input type="radio" name="course" value="Bachelor Of Networking"/>Bachelor Of Networking<br/>
<input type="radio" name="course" value="Bacelor Of IT"/>Bacelor Of IT <br/>
<input type="radio" name="course" value="Bachelor Of Computer Science"/>Bachelor Of Computer Science<br/></td>
</tr>
<tr>
<td>Email Address</td>
<td>:</td>
<td><input type="text" name="email" size="30" maxlength="50"/></td>
</tr>
</table>
<input type="submit" name="register" value="REGISTER"/>
</form><br>
<p><a href="student_form.php" >Home</a></p>
<p><a href="display_data.php">Display Data Information</a>
<p><a href="search.php">To search for Members</a>
</body>
</html>
and this is the search_form codes……
<html>
<head>
<?php
//require_once('student_form.php');
if(isset($_POST['s1'])){
$id=$_REQUEST['id'];
$fname=$_POST['fname'];
//connect to the database
include('connection.php');
//-query the database table
$sql=mysql_query("SELECT * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
//-run the query against the mysql query function
$result=mysql_query($sql);
if($row=mysql_fetch_array($result)){
$fname=$row['FirstName'];
$lname=$row['LastName'];
/*$email=$row['Email'];
$age =$row['Age'];
$gender=$row['Gender'];
$course = $row['Course'];*/
}
//-display the result of the array
else
{
<?php echo $rows['FirstName']; ?>
<?php echo $rows['LastName']; ?>
}
}
?>
</head>
<body>
<form action="search.php" method="post">
<table>
<tr>
<td><strong>search box</strong></td>
<td><strong>:</strong></td>
<td><input type="text" name="search" value=""size="30"/><input type="submit" name="s1" value="Search"/></td>
</table>
</form>
</body>
</html>
your variables like
$fname $lname $gender $age $email $courseare put in if condition after if condition forisset($_POST['register']). Now even if your validation will work, data will still be entered in database. because you have put conditionif($fname&&$lname&&$gender&&$age&&$email&&$course)Now control will enter that block when you have even a single value in all of those variable. What must be happening is, that you put wrong values, those are getting validated, message will be shown, but when first if block finishes, as $_POST variables still have SOME value, regardless of them being invalid, second if block will be entered and query will be fired.
What you can do is, where ever you are echoing error message, blank out that respective variable. something like this: