Hello.

I think I have completed the validation of my code and was wondering if anyone can kindly give my any criticism as to anything I have missed or anything I can do better, which I'm sure both will generate some posts.

Here is my contact.template.htm:

 
<form method="post" action="index.php?page=contact">
     <fieldset>
         <legend>Gardenable Contact Form</legend>

	     <p class="form_heading">Your Details</p>
		 <p class="form_instructions">Please leave us your details so we can contact you back!</p>
		 <hr class="form_hr" />
         <p><label for="name">Name:</label><input type="text" name="name" id="name" size="36" maxlength="36" /><span class="red">*</span></p> 
         <p><label for="email">Email:</label><input type="text" name="email" id="email" size="36" maxlength="70" /></p> 
         <p><label for="phone">Phone:</label><input type="text" name="phone" id="phone" size="36" maxlength="16" /><span class="red">*</span></p>
		 <p><label for="user_comments">Additional Comments:</label><textarea name="user_comments" id="user_comments" rows="5" cols="34" maxlength="400"></textarea></p>

		 <hr />

	     <p class="form_heading">Product Details</p>
		 <p class="form_instructions">If you wish to <span class="italic">order</span> or <span class="italic">query</span> a product, please specify below.</p>
		 <hr class="form_hr" />

	     <p><label for="product">Product:</label>
		     <select name="product_options">
			 <option value="default">Choose a product...</option>
		         <option value="benches">Benches</option>
		         <option value="bin_stores">Bin Stores</option>
		         <option value="bird_housing">Bird Housing</option>
		         <option value="gates">Gates</option>
		         <option value="pet_housing">Pet Housing</option>
		         <option value="planters">Planters</option>
		         <option value="sheds">Sheds</option>
		         <option value="tables">Tables</option>
			 </select>
		 </p>
		 <p><label for="product_ref">Product ID:</label><input type="text" name="product_ref" id="product_ref" size="20" maxlength="7" />
		 <p><label for="product_comments">Product Comments:</label><textarea name="product_comments" id="product_comments" rows="5" cols="34" maxlength="400"></textarea></p>

		 <p><input type="submit" name="submit" value="Submit" />
		    <input type="reset" name="reset" value="Reset" />
	     </p>
		 <span id="form_required">Fields marked with a red asterix (<span class="red">*</span>) are required.</span>
 </fieldset>
</form>

<div id="error_div">
     <?php if(isset($output)){ print_r($output);} ?>
</div>

Here is validation relating to it:

<?php 
include("core/init.inc.php");
$get_values = array("benches","tables","bird_housing","planters","gates","bin_stores","sheds","pet_housing","default");

if(isset($_POST['name'])){

 //if script does not die, the user submitted the form. delete last element (submit button) as we do not need it.
 (isset($_POST['submit'])) ? array_pop($_POST) : "";

 //create array to hold any errors.
 $errors = array();

 //firstly, check to see if my required fields contain any data. if they dont we add errors to the error array.
 if(empty($_POST['name']) || empty($_POST['phone'])){
     $errors[] = "You must fill in the required fields marked with a RED asterix(*).";
 }

 //check to see if the errors array contains anything. if it does, we need to send the user back to the form and display the error.
 //do not carry on if the if statement executes because we dont want to process any more as we know we are going to have to send them back anyway.
 if(!empty($errors)){
     $output = $errors;
 }
 else{
	//if the code reaches here, we have data inside the two required fields so carry on processing all of the data now.
	//pass a reference of the value so that if any ARE set to string NULL, it also changes the original $_POST value.
	foreach ($_POST as $post => &$value) {
		if($value == ""){
			$value = "NULL";
		}
		else{
			switch ($post) {

				case "name": 
					if(!ctype_alpha($value)){
						$errors[] = "The name field can only contain alphabetical characters.";//specify just a first name in form
					}
				break;

				case "email": 
					if(!filter_var($value,FILTER_VALIDATE_EMAIL)){
						$errors[] = "You did not enter a valid email address.";//give an example of an email someone@provider.com in form
					}	
				break;

				case "phone":
					//replaces all characters that are NOT digits 0-9.
					$value = preg_replace("/\D/","",$value);

					//we need to check if it is not equal to an empty string again because if they entered all letters, the preg_replace will replace them
					//and my second if statement here will show an undefined index error. if it is an empty string, add to error array and break out of case
					//prematurely.
					if($value == ""){ $errors[] = "You did not enter a phone number."; break;}

					//checks to see if the first character of the string is not equal to a 0 or if the length of the string isn't 11 (which means its not valid).
					if($value[0] != "0" || strlen($value) != 11){
						$errors[] = "You did not enter a valid phone number.";
					}
				break;

				case "user_comments":
					$len = strlen($value);

					if ($len > 400){
						$less = ($len - 400);
						$errors[] = "You must enter {$less} LESS characters in the 'Additional Comments' field.";
					}
				break;

				case "product_options":
					//if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. 
					if(!in_array($value, $get_values)){
						header("Location: index.php?page=contact");
					}
				break;

				case "product_ref":

					//checks to see if the length of the string is not equal to 7
					if(strlen($value) != 7) {
						$errors[] = "The product id you entered was not long enough, must be 7 numbers.";

					}
					//checks to see if any of the characters entered were not digits. if this executes, we know that the user entered something different
					//than 7 digits so there is no need to carry on and check the ref no against the records so we break out of case prematurely.
					if(!ctype_digit($value)){
						$errors[] = "Product id's can only contain numbers.";
						break;
					}

					//prepared statement which checks the product ref no submitted against a product ref in the database. 
					require("core/prepared_select_pref.php");

					if($row != 1){
						$errors[] = "Your Product ID did not match one of our products.";
					}

				break;

				case "product_comments":
					$len = strlen($value);

					if($len > 400){
						$less = ($len - 400);
						$errors[] = "You must enter {$less} LESS characters in the 'Product Comments' field.";
					}
				break;
			}
		}

	}
 }

 //if the error array contains data, we had some errors during validation, so we display all of these error(s) to the user.
 if (!empty($errors)){

	$output = "<ul>";
        foreach ($errors as $err => $error_value){
	        $output .= "<li>".$error_value."</li>";
			$output .= "<hr>";
	    }
    $output .= "</ul>";
 }
 else{//if there were no errors after all the validation, insert data to database.
    require("core/prepared_insert.php");
	if($row >= 1){
        $output = "Your information has successfully sent!";
	}
	else{
	    //maybe send their information to my email instead if there is an issue with insert....probably the best idea rather than displaying an error.
	    $output = "There was an error receiving your information.";
	}
 }

}

if (isset($_GET['page']) && $_GET['page'] == "products") {



   if (isset($_GET['order'])){

  if(in_array($_GET['order'],$get_values)){
     require("core/get_products.php");
  }
  else{
     header("Location: index.php?page=products");
  }
   }
   else{
      require("core/get_products.php");
   }
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php echo "Gardenable - ".$title; ?></title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<script type="text/javascript" src="js/clock.js"></script>
</head>

<body>
<div id="container">

   <div id="header">
      <img src="images/gardenable1.fw.png" alt="Gardenable Logo" title="Gardenable" id="logo" border="0" />

  <div id="navigation_div">
     <img src="images/flowerbed.fw.png" alt="Navigation Image" id="flowerbed_img" border="0" />
	 <ul>
	     <li><a href="?page=home">Home</a></li>
	     <li><a href="?page=about">About</a></li>
	     <li><a href="?page=products">Products</a></li>
	     <li><a href="?page=contact">Contact</a></li>
	     <li><a href="?page=find">Find Us</a></li>
	 </ul>
  </div>
   </div>

   <div id="content">

 <?php include($include_page); ?>

   </div>



   <div id="footer">


   </div>

</div>
<p id="pageviews"><?php echo "Page Hits: ".$page_views; ?></p>
</body>
</html>

Thanks very much for any help/tips you can give me.

Labby

    Write a Reply...