SQL Syntax issue

**acarder488** · 01-21-2013 08:50 AM

any suggestioins on validating phone numbers?

I keep having issues my error message showing up on my page before it is submitted.

PHP Code:


<?php

include_once('init.php');







if (mysqli_connect_errno()) {

    printf("Connect failed: %s\n", mysqli_connect_error());

    exit();

};

if(isset($_POST['submit'])) {

    

if (!$_POST['fname'] ) {

echo nl2br ("Please enter your First Name");}





if (!$_POST['lname'] ) {

echo nl2br ("Please enter your Last Name");}





if (!$_POST['address'] ) {

echo nl2br ("Please enter a Home Address");}



if (!$_POST['phone'] ) {

echo nl2br ("Please enter a Phone Number");}



if (!$_POST['department'] ) {

echo nl2br ("Please enter a Department");}



if (!$_POST['email'] ) {

echo nl2br ("Please enter an email address");}



if (!$_POST['level']) {

echo nl2br ("Please select a Level of Training");}}





if(isset($_POST['submit'])) {

 // validate a phone number

if(!preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $phone));

  // $phone is valid

  echo"invalid phone number";

  

if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {

  // The email address is not valid

echo "invalid email entered";}}















    

if (isset($_POST['fname'], $_POST['lname'], $_POST['phone'], $_POST['address'], $_POST['department'], $_POST['email'], $_POST['level'])) {

    $fname = mysqli_real_escape_string ($conn, trim($_POST['fname']));

    $lname = mysqli_real_escape_string ($conn, trim($_POST['lname']));

    $phone = mysqli_real_escape_string ($conn, trim($_POST['phone']));

    $address = mysqli_real_escape_string ($conn, trim($_POST['address']));

    $department = mysqli_real_escape_string ($conn, trim($_POST['department']));

    $email = mysqli_real_escape_string ($conn, trim($_POST['email']));

    $level = mysqli_real_escape_string ($conn, trim($_POST['level']));

    

    

    

    

    $query ="INSERT INTO Oktoberfest2013 SET

                        First_Name='{$fname}',

                        Last_Name='{$lname}',

                        Phone='{$phone}',

                        Address='{$address}',

                        Department='{$department}',

                        Email_Address='{$email}',

                        Level_of_Training='{$level}'";

                        

            mysqli_query($conn, $query);



            //if (!mysqli_query($conn, "SET a=1")) {

                //printf("Errormessage: %s\n", mysqli_error($conn));

            //};    

            

            

}









?>







<html>

    <head>



        <title>Registration form for Octoberfest With O-G EMS 2013</title>

    </head>

    <body bgcolor="#084B8A">    <center><br><div align="center"><img id="Oktoberfest Logo" src="/pics/oktoberfest.jpg" border="5" height="200" width="250"><table style="background-color: beige; border: 1px dashed #999"><tr><td>

        <form action="" method="post">

        <center><p>Registration Form <p/></center> 

        <p>First Name:<input type="text" name="fname" width="300px" > </p>

        <p>Last Name:<input type="text" name="lname" > </p>

        <p>Phone Number:<input type="text" name="phone" >(Please enter in xxx-xxx-xxxx format)</p>

        <p>Address:<input type="text" name="address" >(Please enter include city,state and zip code)</p>

        <p>Department:<input type="text" name="department" ></p>

        <p>Email Address:<input type="text" name="email" ></p>

        <p>Level of Training:</br>

        <input type="radio" name="level" value="EMR">EMR</br>

        <input type="radio" name="level" value="EMT-B">EMT-B</br>

        <input type="radio" name="level" value="EMT-I">EMT-I</br>

        <input type="radio" name="level" value="EMT-P">EMT-P</br>

        <input type="radio" name="level" value="Firefighter">Firefighter</br></p>

        

        

        

        <input type="submit" name="submit" value="Register">

        </form></td></tr></table></center>

    </body>

</html>

Thanks!

***bradgrafelman*** · 01-21-2013 09:56 AM

Few issues with this:

PHP Code:


if(!preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $phone)); 

  // $phone is valid 

  echo"invalid phone number";

$phone is undefined.
The content of the if() block will always be executed because the semicolon after the if() clause terminates the conditional block. In other words, that echo statement isn't actually inside that if() block - it's outside of it.
Your regexp would block phone numbers like "+44 20 7352 4441" despite that being a perfectly valid phone number.

**acarder488** · 01-25-2013 05:35 AM

Ok I have searched my code and I am not sure why my data will not populate in my database. Can anyone see why it would not populate?

Thank you!

PHP Code:


<?php

include_once('init.php');







if (mysqli_connect_errno()) { 

    printf("Connect failed: %s\n", mysqli_connect_error()); 

    exit(); 

}; 



if(isset($_POST['submit'])) {

    

if (!$_POST['fname'] ) {

echo nl2br ("Please enter your First Name");}





if (!$_POST['lname'] ) {

echo nl2br ("Please enter your Last Name");}





if (!$_POST['address'] ) {

echo nl2br ("Please enter your Street Address");}



if (!$_POST['city'] ) {

echo nl2br ("Please enter your City");}



if (!$_POST['state'] ) {

echo nl2br ("Please enter your State");}



if (!$_POST['zipcode'] ) {

echo nl2br ("Please enter your Zip Code");}



if (!$_POST['phone'] ) {

echo nl2br ("Please enter a Phone Number");}



if (!$_POST['department'] ) {

echo nl2br ("Please enter a Department");}



if (!$_POST['email'] ) {

echo nl2br ("Please enter an email address");}



if (!$_POST['level']) {

echo nl2br ("Please select a Level of Training");}}





if(isset($_POST['submit'])) {

 // validate a phone number

if(preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $_POST['phone']));

  // $phone is valid

   else echo"invalid phone number";

  

if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {

  // The email address is not valid

echo "invalid email entered";}}















    

if (isset($_POST['fname'], $_POST['lname'], $_POST['phone'], $_POST['address'], $_POST['city'], $_POST['state'], $_POST['zipcode'], $_POST['department'], $_POST['email'], $_POST['level'])) {

    $fname = mysqli_real_escape_string ($conn, trim($_POST['fname']));

    $lname = mysqli_real_escape_string ($conn, trim($_POST['lname']));

    $phone = mysqli_real_escape_string ($conn, trim($_POST['phone']));

    $address = mysqli_real_escape_string ($conn, trim($_POST['address']));

    $city = mysqli_real_escape_string ($conn, trim($_POST['city']));

    $state = mysqli_real_escape_string ($conn, trim($_POST['state']));

    $zipcode = mysqli_real_escape_string ($conn, trim($_POST['zipcode']));

    $department = mysqli_real_escape_string ($conn, trim($_POST['department']));

    $email = mysqli_real_escape_string ($conn, trim($_POST['email']));

    $level = mysqli_real_escape_string ($conn, trim($_POST['level']));

    

    

    

    

    $query = "INSERT INTO Oktoberfest102013 SET

                        First_Name='{$fname}',

                        Last_Name='{$lname}',

                        Phone='{$phone}',

                        Address='{$address}',

                        City='{$city}',

                        State='{$state}',

                        Zip_Code='{$zipcode}',

                        Department='{$department}',

                        Email_Address='{$email}',

                        Level_of_Training='{$level}'";

                        

            mysqli_query($conn, $query);



            //if (!mysqli_query($conn, "SET a=1")) {

                //printf("Errormessage: %s\n", mysqli_error($conn));

            //};    

            

            

}









?>







<html>

    <head>



        <title>Registration form for Octoberfest With O-G EMS 2013</title>

    </head>

    <body bgcolor="#084B8A">    <center><br><div align="center"><img id="Oktoberfest Logo" src="/pics/oktoberfest.jpg" border="5" height="200" width="250"><table style="background-color: beige; border: 1px dashed #999"><tr><td>

        <form action="" method="post">

        <center><p>Registration Form <p/></center> 

        <p>First Name:<input type="text" name="fname" size="25" > </p>

        <p>Last Name:<input type="text" name="lname" size="25" > </p>

        <p>Phone Number:<input type="text" name="phone" >(Please enter in xxx-xxx-xxxx format)</p>

        <p>Address:<input type="text" name="street address" size="20" ><input type="text" name="city" size="10"><input type="text" name="state" size="5"><input type"text" name="zipcode" size="10">(Please enter include Street Address(P.O.BOX)/City/State/Zip Code)</p>

        <p>Department:<input type="text" name="department"size="25" ></p>

        <p>Email Address:<input type="text" name="email" size="40"</p>

        <p>Level of Training:</br>

        <input type="radio" name="level" value="EMR">EMR</br>

        <input type="radio" name="level" value="EMT-B">EMT-B</br>

        <input type="radio" name="level" value="EMT-I">EMT-I</br>

        <input type="radio" name="level" value="EMT-P">EMT-P</br>

        <input type="radio" name="level" value="Firefighter">Firefighter</br></p>

        

        

        

        <input type="submit" name="submit" value="Register">

    </body>

</html>

***bradgrafelman*** · 01-25-2013 11:22 AM

Your if() statement surrounding the MySQL query is requiring $_POST['address'] to exist, however you have no entity with that name in the HTML form.

**acarder488** · 01-25-2013 05:05 PM

Thank you very much!

Thread: SQL Syntax issue

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions