PHP Help: Form Validation, "Get"

[shackrock]

Hi All. I'm building a simple script to take a user's registration for a basketball camp, and store it in a MYSQL database. Also putting together an ADMIN interface, which displays who has registered for each camp, as well as the ability to add a new camp/edit existing camps.

I've completed most of this, but am having issues with the following:
1. Form validation. The preg_match is giving me a headache. I'd like to get my form fields to stop all characters that aren't needed, but as of now I can only get simple simple things to work. Here is my code for the errors (verify function). If somebody could suggest some good preg match regexp strings, I'd love you. I've tried everything, I'm just going crazy. haha!

Code:

<?php
function VerifyForm(&$values, &$errors)
{

    include("connect.php");            // Connects to DB

    // Do all necessary form verification
         
        // escape all
        foreach($values as $key=>$value){
            $values[$key] = mysql_real_escape_string($value);
        }
         
  $ParticipantName=$values['ParticipantName'];
    if($ParticipantName == ''){
      $errors['ParticipantName'] = 'Must be 5 to 30 Characters, and contain only letters and dashes.';
      }

  $ParticipantBday=$values['ParticipantBday'];
    if($ParticipantBday == ''){
      $errors['ParticipantBday'] = 'Not a Valid Date.';
      }
      
  $ParentName=$values['ParentName'];
    if($ParentName == ''){
      $errors['ParentName'] = 'Must be 5 to 30 Characters, and contain only letters and dashes.';
      }
    
  $Email=$values['Email'];
    if(
        ($Email == '') ||
        (strpos($Email, "@") <= 0)
      ){
      $errors['Email'] = 'Invalid Email Address.';
      }

  $Phone=$values['Phone'];
    if($Phone == '') {
      $errors['Phone'] = 'Invalid Phone Number.';
      }

  $Camp=$values['Camp'];
    if (!is_numeric($Camp))
      $errors['Camp'] = 'Invalid Camp Selection.';
  
  $Terms=$values['Terms'];
    if(($Terms == NULL))
      $errors['Terms'] = 'You Must Agree to the Terms.';

    mysql_close();
    return (count($errors) == 0);
}
?>

2. This one is also giving me a headache. I have a "camp_list.php" - which is an admin page. This page takes the input from the link (camp_list.php?campid=X), where X is a number corresponding to the given campID. It uses this to display all registrants for that Camp into a table. I can do this successfully.

I also display the current camp information from the SQL database into form fields, read to be edited. I have an update script that correctly writes the updates to the database. However, my problem arrives because I am submitting a form, and cannot keep my "_GET" variable in the page when I reload (after calling my verify_form function, and trying to display the errors).

In other words, I need to keep the page link the same, OR find a way to submit a POST form, but also place a GET variable in the form somehow, so that the page reloads correctly. Without this, I can't actually reach my "update sql database" function.

I'm not sure this makes sense, but if it does, please help!

THANKS!

[shackrock]

If people need, I can PM the links and more information (i'd rather not publicly post all my code, as then anyone can come by and pick it apart to find loopholes!)...

[John]

1. What are the valid/invalid characters for for each of your cases?
2. A quick and dirty solution would be to submit the form to $_SERVER["REQUEST_URI"] (I think)

[shackrock]

1. What are the valid/invalid characters for for each of your cases?
2. A quick and dirty solution would be to submit the form to $_SERVER["REQUEST_URI"] (I think)

1. For Names, I would like to allow letters, numbers, and hyphens (-).
For emails, well that one should be obvious .
For dates, I'd like to put it in a format that works with the MYSQL DATE datatype...
For Phone, I'd like to allow hyphens (-), Parenthesis ( ( ) ), spaces, and numbers.

2. This is actually the code I'm already using... But it doesn't keep the "get" variable after pressing submit on the form.

[webcodez]

You might want to have a look at this tutorial: user input validation in PHP and validation examples.

Example pattern for name would be:

Code:

/[A-Za-z0-9-]*/ 


If any length, otherwise change * by {min_length,max_length}.

If you need any further help on this let me know

[Orjan]

You need to add the variables again if you send the information to a third page, they aren't remembered between pages, unless you add them to a session.

[John]

2. This is actually the code I'm already using... But it doesn't keep the "get" variable after pressing submit on the form.

Then you are doing something else wrong.

[shackrock]

OK... so I have gotten the Request_URI to work now. It sayid Request URL before... of course...


Now, the page does reload correctly with the GET variable remaining. However, it's not calling the scripts it should, and nothing in the db gets updated... Is there anyone willing to look at some of my code and help me find the bug?





As for the form validation. I'll check on those pages. However, I've read about this for days, and am having really bad luck getting it to work. haha. I was hoping to find some pre-made expressions that "always work." haha... But I'll try again!

Thanks!

[John]

I have some pre-made expressions in the tutorials forum somewhere.