[RESOLVED] Validate form

cretam

Hi,
I have read a few threads on validation but I still don't understand it. I can't use Javascript for validation because some of the form data is coming from the db.
Can someone have a look at my form and help me with the validation - mandatory fields are pubname, pubdesc, authorid, formatid, orgid, catid.
My sectors (catid) are in one big long list and I want to put them into 3 columns. Anyone know how to do this?
Here's my form

<?php

include("../Connections/conn.php");

if (isset($_POST['pubname'])): 
  // A new publication has been entered
  // using the form.

  $aid = $_POST['aid'];
  $fid = $_POST['fid'];
  $pubname = $_POST['pubname'];
  $cats = $_POST['cats'];
  $oid = $_POST['oid'];
  $pubno = $_POST['pubno'];
  $pages = $_POST['pages'];
  $cost = $_POST['cost'];
  $pubdate = $_POST['pubdate'];

  if ($pubname == '') {
    exit('<p>You must type in a name for this publication. Click "Back" and try again.</p>');
  }

   if ($fid == '') {
    exit('<p>You must choose a format for this publication. Click "Back" and try again.</p>');
  }

   if ($cats == '') {
    exit('<p>You must choose an sector for this publication. Click "Back" and try again.</p>');
  }

  $sql = "INSERT INTO pub SET
      pubname='$pubname',
	  pubdesc='$pubdesc',
      authorid='$aid',
	  formatid='$fid',
	  orgid='$oid',
	  pubdate='$pubdate',
	  pages='$pages',
	  pubno='$pubno',
	  cost='$cost'";

  if (@mysql_query($sql)) {
    echo '<h4>New publication added</h4>';
  } else {
    exit('<p>Error adding new publication: ' . mysql_error() . '</p>');
  }

  $jid = mysql_insert_id();

  if (isset($_POST['cats'])) {
    $cats = $_POST['cats'];
  } else {
    $cats = array();
  }

  $numCats = 0;
  foreach ($cats as $catID) {
    $sql = "INSERT IGNORE INTO pubcategory
            SET pubid=$jid, categoryid=$catID";
    $ok = @mysql_query($sql);
    if ($ok) {
      $numCats = $numCats + 1;
    } else {
      echo "<p>Error inserting publication into category $catID: " .
          mysql_error() . '</p>';
    }
  }
?>

<p>Publication was added to <?php echo $numCats; ?> categories.</p>

<p><a href="<?php echo $_SERVER['PHP_SELF']; ?>">Add another publication</a></p>
<p><a href="pub.php">Return to Manage Publications</a></p>

<?php
else: // Allow the user to enter a new publication

  $authors = @mysql_query('SELECT id, name FROM author ORDER BY name ASC');
  if (!$authors) {
    exit('<p>Unable to obtain author list from the database.</p>');
  }
  $formats = @mysql_query('SELECT id, name FROM format ORDER BY name ASC');
  if (!$formats) {
    exit('<p>Unable to obtain format list from the database.</p>');
  }
 $orgs = @mysql_query('SELECT id, name FROM org ORDER BY name ASC');
  if (!$orgs) {
    exit('<p>Unable to obtain organisation list from the database.</p>');
  }
  $cats = @mysql_query('SELECT id, name FROM category ORDER BY name ASC');
  if (!$cats) {
    exit('<p>Unable to obtain category list from the database.</p>');
  }
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Enter the new publication:<br />
  <input name="pubname" type="text" value="
" size="100" />
</p>
<p>Enter the description:<br />
  <textarea name="pubdesc" cols="50"></textarea>
</p>
<p>Author:
<select name="aid" size="1">
  <option selected value="">Select One</option>
  <option value="">---------</option>
<?php
  while ($author = mysql_fetch_array($authors)) {
    $aid = $author['id'];
    $aname = htmlspecialchars($author['name']);
    echo "<option value='$aid'>".substr($aname, 0, 50)."</option>\n";
  }
?>
</select></p>
<p>Format:
<select name="fid" size="1">
  <option selected value="">Select One</option>
  <option value="">---------</option>
<?php
  while ($format = mysql_fetch_array($formats)) {
    $fid = $format['id'];
    $fname = htmlspecialchars($format['name']);
    echo "<option value='$fid'>$fname</option>\n";
  }
?>
</select></p>
<p>Place in sectors:<br />
<?php
  while ($cat = mysql_fetch_array($cats)) {
    $cid = $cat['id'];
    $cname = htmlspecialchars($cat['name']);
    echo "<label><input type='checkbox' name='cats[]' value='$cid' />$cname</label><br />\n";
  }
?>
</p><p>Availabe from:
  <select name="oid" size="1">
    <option selected value="">Select One</option>
    <option value="">---------</option>
    <?php
  while ($org = mysql_fetch_array($orgs)) {
    $oid = $org['id'];
    $oname = htmlspecialchars($org['name']);
    echo "<option value='$oid'>".substr($oname, 0, 50)."</option>\n";
  }
?>
  </select>
</p>
<p>Date: 
  <input name="pubdate" type="text" id="pubdate" /> 
  ie (Jun 03)
</p>
<p>Pages:
  <input name="pages" type="text" id="pages" />
</p>
<p>Publication No: 
  <input name="pubno" type="text" id="pubno" />
</p>
<p>Cost: 
  <input name="cost" type="text" id="cost" />
</p>
</p>
<input type="submit" value="SUBMIT" />
</form>
<?php endif; ?>

coldfused

first of all with the change:
<input type="submit" value="SUBMIT" /> and create a name tag so by that I mean edit it to: <input type="submit" name="Submit" value="SUBMIT" />
and with

if (isset($_POST['pubname'])){

change it to:

if (isset($_POST['Submit'])){

so this means that when you push the submit button, the php recognise you submitted the button for the whole form rather than one form field.

And for form field validation, i've always used
if(!(strlen($pubname) > 0))
{
die("<p>You must type in a name for this publication. Click \"Back\" and try again.</p>");
rather than:

if ($pubname == '') {
    exit('<p>You must type in a name for this publication. Click "Back" and try again.</p>');
  } 
[code=php]

pixeljugler

How about if you where validating an email field what would you use there?

cretam

Thanks so much Coldfused. Your instructions are nice and clear and I understand it now. I suppose I should do the same for the Edit page too.

I found plenty of code on validating emails but the one I like best is:

<?
	exit;
	}
	// validate customer fields from the form
	if(!eregi("^[a-z0-9_]+@[a-z0-9\-]+\.[a-z0-9\-\.]+$",$email)){
	?>
	Please enter a valid email address.<br />

Thanks again.

cretam

I know I marked this thread resolved, but I have another question, can we use validation to check if there already is a publication with the same name in the database? I don't want us to add things twice.

twilliamsen

you bet you can validate the server data. I forget the sql for it, but I know you can because I have done it in the past, a while ago, like 5 yrs ago.