[RESOLVED] trouble validating my forms

designxperts

I'm building a site that has a lot of adding, editing, and deleting of data in a mysql database . So what i did is that i put each form in a file and i made one php file for all the transactions... i use switch to differ between the transactions... my problem is finding a way to validate the data the user inputs in the form by writing an error message and showing the place of the error .

I think i understood how to validate the data if the form and the code are all in one file but it gets confusing with all that code in one file... i want to know what the best way is?.... here is an example of what i have :

This is one of my forms:

<?php
require_once('header.php');
require('config.php');

?>

<form action="transactions.php" method="post" name="addfileform">
<table border="0" cellpadding="5" align="center">
	<tr>
		<td align="center" colspan="2">
			<h1>Add Files</h1>
        </td>
	</tr>
	<tr>
		<td>Name:</td>
		<td>
			<input type="text" name="file_name" value="" size="20">
		</td>
	</tr>
	<tr>
		<td>Author:</td>
		<td>
			<input type="text" name="file_author" value="" size="20">
		</td>
	</tr>
	<tr>
		<td>Translator:</td>
		<td>
			<input type="text" name="file_translator" value="" size="20">
		</td>
	</tr>
	<tr>
		<td>Description:</td>
		<td>
			<input type="text" name="file_description" value="" size="40">
		</td>
	</tr>
	<tr>
		<td>File Edition:</td>
		<td>
			<input type="text" name="file_edition" value="" size="20">
		</td>
	</tr>
		<tr>
		<td>File type:</td>
		<td>
		<?php
			$sql = "SELECT id, file_type FROM file_types ORDER BY file_type";
			$result = mysql_query($sql)
				or die(mysql_error());
			if (mysql_num_rows($result) > 0) {
				while ($row = mysql_fetch_array($result)){
					$typelist[$row['id']] = $row['file_type'];
				}//end while
			}//end if
		?>
			<select name="file_type" >
				<option value="" selected>Choose a type...</option>
		<?php
		foreach ( $typelist as $key => $value ) {
			echo "	<option value=\"$key\" ";
			echo ">$value</option>\n";
		}//end foreach
		?>			
			</select>
		</td>
	</tr>
	<tr>
		<td>File Category:</td>
		<td>
		<?php
			$sql = "SELECT id, category_name FROM category_table ORDER BY category_name";
			$result = mysql_query($sql)
				or die(mysql_error());
			if (mysql_num_rows($result) > 0) {
				while ($row = mysql_fetch_array($result)){
					$catlist[$row['id']] = $row['category_name'];
				}//end while
			}//end if
		?>
			<select name="category_id">
				<option value="0" selected>None</option>
		<?php
		foreach ( $catlist as $key => $value ) {
			echo "	<option value=\"$key\" ";
			echo ">$value</option>\n";
		}//end foreach
		?>	
		</td>
	</tr>
	<tr>
		<td>File Path:</td>
		<td>
			<input type="text" name="file_path" value="" size="40">
		</td>
	</tr>

<tr>
	<td>Keywords:</td>
	<td>
		<textarea rows="5" cols="20" name="file_keywords"></textarea>
	</td>
</tr>
<tr>
	<td colspan="2" align="center">
		<input type="submit" name="action" value="Add File">
	</td>
</tr>

</table>
</form>
<?php require_once('footer.php');?>

and this is my transaction file:

<?php

require('config.php');

foreach ($_POST as $key => $value) {
	$$key = $value;
}


switch ($action) {
	case "Add Category":
		if ($categoryname != ''){
			$categoryname[0] = strtoupper( $categoryname[0] );

		$sql = "INSERT IGNORE INTO category_table (id, parent_id, category_name) " .
			   "VALUES (NULL, $parentid, '$categoryname')";
		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if

	$redirect = 'add_categories.php';
break;

case "Edit Category":
	if($categoryname != '')
	{
		$categoryname[0] = strtoupper( $categoryname[0] );

		$sql = "UPDATE category_table SET category_name = '$categoryname'," .
			   "parent_id = '$parent_id'" .
			   "WHERE id = $id";
		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if

	$redirect = 'choose_categories.php';
break;

case "Delete Category":
	if($id != "") {

		$x[] = $id;
		$goon = 1;
		$i = 0;
		while( $goon != 0 ) 
		{
			$sql = "SELECT id FROM category_table WHERE parent_id = $id";			
			$result = mysql_query($sql)
				or die(mysql_error());

			if(mysql_num_rows($result) > 0){

				while($row = mysql_fetch_array($result)) {
					$x[] = $row['id'];
				}//end while
			$i++;	
			$id = $x[$i];
			}//end if

			elseif($i < count($x)-1) {
				$i++;	
				$id = $x[$i];
			}//end else if

			else
				$goon = 0;

		}//end while

		//print_r($x);

		for( $j = 0; $j < count($x); $j++ )
		{
			$id = $x[$j];
			$sql = "DELETE FROM category_table WHERE id = $id";
			$result = mysql_query($sql)
				or die(mysql_error());

			$sql = "DELETE FROM file_table WHERE category_id = $id";
			$result = mysql_query($sql)
				or die(mysql_error());
		}//end for
	}//end if

		$redirect = 'index.php';
	break;

case "Add File":
	if($file_name != '')
	{	
		//$file_name[0] = strtoupper( $file_name[0] );

		$sql = "INSERT IGNORE INTO file_table( id, file_name, file_author, file_translator, file_description, " .
			   "file_edition, file_type, category_id, file_path, file_keywords) " .
			   "VALUES (NULL, '$file_name', '$file_author', '$file_translator', '$file_description', '$file_edition', " .
			   "$file_type, $category_id, '$file_path', '$file_keywords')";

		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if

	$redirect = 'add_files.php';
break;

case "Edit File":
	if($file_name != '')
	{	
		$sql = "UPDATE file_table SET file_name = '$file_name', file_author = '$file_author', " .
			   "file_translator = '$file_translator', file_description = '$file_description', " .
			   "file_edition = '$file_edition', file_type = $file_type, category_id = $category_id, " .
			   "file_path = '$file_path', file_keywords = '$file_keywords' WHERE id = $id"; 
		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if
	$redirect = 'choose_files.php';
break;

case "Delete Files":
	if($id != '')
	{
		$filelist = implode(',',$id);

		$sql = "DELETE FROM file_table WHERE id IN ($filelist)";
		$result = mysql_query($sql)
			or die(mysql_error());


		$sql = "DELETE FROM file_relation_table WHERE id_1 IN ($filelist) OR id_2 IN ($filelist)";
		$result = mysql_query($sql)
			or die(mysql_error());


	}//end if
	$redirect = 'index.php';
break; 

case "Add File Type":
	if( $file_type != '' )
	{
		$file_type[0] = strtoupper( $file_type[0] );
		$sql = "INSERT IGNORE INTO file_types (id, file_type) VALUES(NULL, '$file_type')";

		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if
	$redirect = 'index.php';
break;

case "Edit File Type":
	if( $file_type != '' )
	{
		$sql = "UPDATE file_types SET file_type = '$file_type' WHERE id = $id";
		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if

	$redirect = 'index.php';
break;

case "Delete File Type":
	if($id != '')
	{
		$filetypelist = implode(',',$id);

		$sql = "DELETE FROM file_types WHERE id IN ($filetypelist)";
		$result = mysql_query($sql)
			or die(mysql_error());	

	}//end if
	$redirect = 'index.php';
break;

case "Add File Relation":
	if ( $file1 != $file2 && $file1 != '' && $file2 != '' )
	{
		$sql = "INSERT IGNORE INTO file_relation_table( id_1, id_2 ) VALUES( $file1, $file2 )";
		$result = mysql_query($sql)
			or die(mysql_error());
	}//end if

	$redirect = 'index.php';
break;

case "Delete File Relation":
	if($id != '')
	{
		$fileRelList = implode(',',$id);

		$sql = "DELETE FROM file_relation_table WHERE id IN ($fileRelList)";
		$result = mysql_query($sql)
			or die(mysql_error());	
	}//end if

	$redirect = 'index.php';
break;


default:
	$redirect = 'index.php';
}//end switch

header("Location: $redirect");
?>

designxperts

any help?

ednark

Split up error finding, and error display into two sections.

How about having an errors array.. as you find an error you write that error to the error array labeled as the form element. If you don't set a specific error, it will be blank.

$errors['file_author'] = '<span>too many chars</span><br />';

Now in your display template do this for each element. it should display blank for any elements you did not set an error for.

        <td>Author:</td>
        <td>
            <?php echo $errors['file-author']; ?>
            <input type="text" name="file_author" value="" size="20">
        </td>

is something like that what you are looking for?

designxperts

my problem is after i submit the form and go to the transaction.php page and say i find the errors how do i get back to the form and show the data and the errors....???

But the more important question is : is putting the form and it's code in a single file better than what i've done?

ednark

two things come to mind.

1) Sessions. Form.php can write any info into the superglobal $SESSION that is available to all page requests. Form.php can write to $SESSION['form_x']['errors'] and index.php can read from that array.

2) do not use header('location') instead use include(). The php in the included file (index.php) will then have access to any local variables, like $errors, $sql, $redirect, or $_POST.

also it is security risk to loop through $POST and write each var as a local variable. You could accidentally overwrite something important. Better to specify by name which ones to write to local, or better yet just get then directly from $POST['xxx'] when you need to use them.

designxperts

Thanks a lot ednark that was very helpful.