Form: Data collection & validation then to mySQL database

qme1ster

Hi there,

I desperately need some help with a form which is to collect data and pass it to the database.

Through many forum and tutorial searches I have several pieces of the puzzle but am having a little trouble putting it all together to achieve the desired result.

What I would like to achieve:

1 The form data is validated where necessary (5 of the 6 fields)
2. An error message appears on the same page as the form if there are validation errors
2.If all info is validated, the info is passed to the database and the user redirected to another page where they can then download their reward.

Currently I have the following, which is passing the information to the database :-

relevant snippet from form.html

<div id="formwrap">
<p>To claim your discount voucher, please enter your details below:</p>
<form  name="userinfo" action="add_data.php" method="post">

<fieldset>

<div id="line1">
<div id="onelft">First Name:</div>
<div id="field1"><input type="text" name="fname" size="20" maxlength="40"></div>
</div>

<div id="line2">
<div id="twolft">Surname:</div>
<div id="field2"><input type="text"  name="sname" size="20" maxlength="40"></div>
</div>

<div id="line3">
<div id="threelft">Email Address:</div>
<div id="field3"><input type="text"  name="email" size="30" maxlength="60"></div>
</div>


<div id="line4">
<div id="fourlft">Address:</div>
<div id="field4"><input type="text" name="address1" size="30" maxlength="60"></div>
</div>

<div id="line5">
<div id="fivelft">&nbsp;</div><div id="field5"><input type="text" name="address2" size="30" maxlength="60"></div>
</div>

<div id="line6">
<div id="sixlft">&nbsp;</div>
<div id="field6"><input type="text"  name="address3" size="30" maxlength="60"></div>
</div>

</fieldset>

<div  id="line7"><input type="submit" name="submit" value="Submit"/> </div>

</form>
</div>

add_data.php

<?php
$con = mysql_connect("localhost","mydatabase","mypassword"); 
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("mydatabase", $con); 
$fname=mysql_real_escape_string($_POST['fname']); 
$sname=mysql_real_escape_string($_POST['sname']);
$email=mysql_real_escape_string($_POST['email']); 
$address1=mysql_real_escape_string($_POST['address1']); 
$address2=mysql_real_escape_string($_POST['address2']); 
$address3=mysql_real_escape_string($_POST['address3']); 

$sql="INSERT INTO voucher_signup (fname,sname,email,address1,address2,address3) VALUES ('$fname','$sname','$email','$address1','$address2','$address3')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
 die('Error: ' . mysql_error());
}
echo "The form data was successfully added to your database.";
mysql_close($con);
?>

This is adding the info to the database without validation.

So to validate, I pieced together the following, but I think I may have some syntax errors. Also I´m not sure where is best to slot this in?

//Validate the first name and combat magic quotes, if necessary
if(!empty($_REQUEST['fname'])) {
	$fname = stripslashes($_REQUEST['fname']);
	} else {
	$fname = NULL;
	echo '<p><b>Please enter first name</b></p>';
	}

//Validate the surname and combat magic quotes, if necessary
if(!empty($_REQUEST['sname'])) {
	$sname = stripslashes($_REQUEST['sname']);
	} else {
	$sname = NULL;
	echo '<p><b>Please enter surname</b></p>';
	}

//Validate the email address
if (empty($_POST['email']))
{
echo '<p><b>Please enter a valid email address</b></p>';
}
else if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $_POST['email']))
{
echo '<p><font color="blue">Please enter a valid email address</font></p>';

} 

//Validate the address line 1 and combat magic quotes, if necessary
if(!empty($_REQUEST['address1'])) {
	$address1 = stripslashes($_REQUEST['address1']);
	} else {
	$address1 = NULL;
	echo '<p><b>Please enter address line 1</b></p>';
	}

//Validate the address line 2 and combat magic quotes, if necessary
if(!empty($_REQUEST['address2'])) {
	$address2 = stripslashes($_REQUEST['address2']);
	} else {
	$address2 = NULL;
	echo '<p><b>Please enter address line 2<b></p>';
	}

Finally, if everything is ok.......


if($fname && $sname && $email && $address1 && $address2) {

$con = mysql_connect("localhost","mydatabasename","mypassword"); 
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("mydatabasename", $con); $fname=mysql_real_escape_string($_POST['fname']); 
$sname=mysql_real_escape_string($_POST['sname']); 
$email=mysql_real_escape_string($_POST['email']); 
$address1=mysql_real_escape_string($_POST['address1']); 
$address2=mysql_real_escape_string($_POST['address2']); 
$address3=mysql_real_escape_string($_POST['address3']); 

$sql="INSERT INTO voucher_signup (fname,sname,email,address1,address2,address3) VALUES ('$fname','$sname','$email','$address1','$address2','$address3')"; /*form_data is the name of the MySQL table where the form data will be saved.

fname,sname,email,address1,address2,address3 are the respective table fields*/

if (!mysql_query($sql,$con)) {
 die('Error: ' . mysql_error());
}

mysql_close($con);

Would this work?

Also, how do I redirect to another page if all is successful ? And what syntax would I use for sending any error messages to a particular DIV with the form.html page ?

I realise I am asking a lot of questions. I've tried and tried. I feel like I'm almost there but need some help to get me across the line.

Thanks so much for your time.

Cheers

qme1ster

Hi guys,

Can anyone lend a hand please ? Deadline looming, and panic also.

Thanks

NogDog

One approach would be to handle the error-reporting by using [man]sessions[/man] and storing error messages in the $SESSION array. Then if validation fails, redirect to the form page via [man]header/man. In the form page, at locations where you would want to output any errors, check for an applicable $SESSION element, and if it exists, output the error message and then [man]unset[/man] that $_SESSION element.

qme1ster

Hey Nogdog

Thanks for the reply and advice - I'm fairly new to PHP though so the functions you mention are not familiar to me - can you recommend any tutorials which would more or less match what I'm trying to do ? I haven´t been able to locate any myself.

Thanks again.

NogDog

Off the top of my head, no.

I normally use the "same page" technique where the form and the form handler both are run from the same main script. That way if there is an error in the form processing, then you can just use if/else type logic to display the form again with any error message, and the $POST/$GET data is still there so that it can be used to pre-fill the fields. In a very simple example:

<?php
$errors = array();
if(isset($_POST['test']))
{
   $_POST['test'] = trim($_POST['test']);
   if($_POST['test'] === '')
   {
      $errors[] = "'Test' is a required field.";
   }
   else
   {
      // do whatever processing needs to be done.
      // if any errors, save them to $errors array
      if(empty($errors)) // everything is OK, so redirect to success page:
      {
         header('Location: http://www.phpbuilder.com/');
         exit;
      }
   }
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<title>Example</title>
</head>
<body>
<form action="" method="post">
<fieldset>
<legend>Example</legend><?php
if(!empty($errors))
{
   foreach($errors as $err)
   {
      echo "<p class='error'>$err</p>\n";
   }
}
?><input type="text" name="test" size="20" value="<?php
if(!empty($_POST['test']))  // prefill value if post data exists
{
   echo $_POST['test'];
}
?>">
<input type="submit" value="Submit">
</fieldset>
</form>
</body>
</html>