data validation

wannasub

Hi I was wondering how I can get users data posted through my form not to enter into my database but wait till I validate it before it is aloud into my database.

Does anyone have a pre written script I could use for this?

Thanks

Aaron

eoghain

No pre-written script, but the easiest way to do this would be to have validated flag in your table, and only show the validated records. Then just build a page to show you all of the un-validated records and give you the ability to set the validated flag.

wannasub

What do you mean by a validated flag? What would an example of this be?

crislewis

No data posted through a form to a php page will go into a db unless you code it so. Therefore you can answer your own question simply by writing your validation and db update code in the right order.

A simple example would be as follows:

I am assuming:

mysql as the db
the form has one field which must be numeric and is mandatory
the field name on the form is called 'number'
the value needs to go into a table called 'Guess'
table 'Guess' has two fields id (integer autoincrement) and guess (varchar)

// the value of field number is available in var $number
// so validate it - it must be numberic

  if (empty($number)) {

      // number field has no value

      echo "error - number required";

 } else {

     // number field has a value now check it is valid
     // it must be numeric (0-9)

      $check = ereg("[^ 0-9]+", $number, $trash);

      if ($check) {

// character other than 0-9 found

           $echo "Error - must be a number			
      } else {

// only 0-9 found so save data to db

            $sql_query = "INSERT INTO guess (id,guess) VALUES (NULL,$number);
            $result = mysql_query($sql_query);


      }

This is pretty simple code and will need tighening up in line with your own integrety and error strategies.

RedDragon

imagine the mysql table users containing 3 fields called
name, password, validated

file: register.php
//pass name and password thru a form

if($submit == 'Register') {
mysql_query("INSERT INTO users VALUES ('$name', '$password', '')
}

//login:

if(validated==1) {
include('./login.php');
}

so only users which are validated can log-in

wannasub

Thanks to you both I will get back if I have any problems

cgraz

If you just want to make sure all the fields are filled out, you could use javascript

<html>

<head>

<script language="JavaScript" type="text/javascript">
<!--
function checkform ( form )
{
  if (form.name.value == "") {
    alert( "Please enter your Name." );
    form.name.focus();
    return false ;
  }
  if (form.email.value == "") {
    alert( "Please enter your email address." );
    form.email.focus();
    return false ;
  }
  return true ;
}
//-->
</script>

</head>

<body>

<form action="process.php" method="post" onsubmit="return checkform(this);"> 

Name: <input type="text" name="name"><br>
Email: <input type="text" name="email"><br><br>

<input type="submit" value="Submit">

</form>

</body>

</html>

. If you want to validate more fields, add to that function up top.

If you want to make sure that the email is valid or that they used numbers rather than letters, or have a certain length, you could also use javascript (not sure how) but i'm sure a quick search on google would get you there.

Cgraz

wannasub

ok ive tried writing my own script now ive got most to work but im just getting one of those god awfull 'Supplied argument is not a valid MySQL result resource' errors

the code is below the error is the last line but maybe its me i just cant see why.

include "common.php";
include "header.php";
$link = mysql_connect("$server", "$username", "$password") 
or die("Could not connect"); 
mysql_select_db("$db") or die("Could not select database"); 

$query = "select * from escorts2 where status='N'" or die (mysql_error());

if (mysql_num_rows($query) > 0) {

diego25

$query is a string, not a MySQL resource. You need to call mysql_query() and pass it the SQL string stored in $query. Then you pass the return value of mysql_query() to mysql_num_rows.

Diego

crislewis

try:

include "common.php";
include "header.php";
$link = mysql_connect("$server", "$username", "$password") 
or die("Could not connect"); 
mysql_select_db("$db") or die("Could not select database"); 

$query = "select * from escorts2 where status='N'";

$result = mysql_query($query) or die (mysql_error());

if (mysql_num_rows($result ) > 0) {

You need to run the query before testing for the number of rows against the resultid