I'm new to PHP and the validation. I have been asked by my lecturer to make a form with session and validation.I have 3 php pages such as pbt1.php , pbt2.php and validation.php After all validated, it will go to display page. However, it seems like it only stopped at validation page [validation.php]. I need someone to check if my codes are correct or wrong too.
pbt1.php
session_start();
?>
<html>
<?php
if(isset($_SESSION['pbt1']))
{
$nameError = $_SESSION['pbt1']['nameError'];
$numberError = $_SESSION['pbt1']['numberError'];
$cityError = $_SESSION['pbt1']['cityError'];
$addressError = $_SESSION['pbt1']['addressError'];
$zipcodeError = $_SESSION['pbt1']['zipcodeError'];
$dateError = $_SESSION['pbt1']['dateError'];
}
?>
<style>
.registrationform
{
padding: 20px;
margin: auto;
margin-top: 20px;
line-height: 30px;
width: 600px;
border: solid 3px red;
}
Label
{
width:200px;
display:inline-block;
}
</style>
<div class= "registrationform">
<h1>ONLINE MARATHON REGISTRATION</h1>
<br><br>
<form name = "pbt1" method = "post" action = "validation.php">
<Label>Name<span style="color: red;">*</span>: </Label>
<input type = "text" name = "name">
<span id = "warning" style="color: red;" > <?php echo isset($nameError)?$nameError :'';?></span>
<br><br>
<Label>Gender <span style="color: red;">*</span>:</Label>
<input type = "radio" name = "gender" value = "Female" required>Female
<input type = "radio" name = "gender" value = "Male" required>Male
<br><br>
<Label>Date Of Birth <span style="color: red;">*</span>:</Label>
<input type = "date" name = "date">
<span id = "warning" style="color: red;"><?php echo isset($dateError)?$dateError:'';?></span>
<br><br>
<Label>Contact Number <span style="color: red;">*</span>:</Label>
<input type = "text" name = "phonenumber">
<span id = "warning" style="color: red;"><?php echo isset($numberError)?$numberError:'';?></span>
<br><br>
<Label>Address <span style="color: red;">*</span>:</Label>
<input type = "text" name = "address" >
<span id = "warning" style="color: red;"><?php echo isset($addressError)?$addressError :'';?></span>
<br><br>
<Label>City <span style="color: red;">*</span>:</Label>
<input type = "text" name = "city" >
<span id = "warning" style="color: red;"><?php echo isset($cityError)?$cityError:'';?></span>
<br><br>
<Label>Zip Code <span style="color: red;">*</span>:</Label>
<input type = "text" name = "zipcode" >
<span id = "warning" style="color: red;"><?php echo isset($zipcodeError)?$zipcodeError:'';?></span>
<br><br>
<div style="text-align:center;">
<input type = "submit" value = "Submit" name="Submit">
</div>
</form>
</div>
<br><br>
</html>
pbt2.php
<?php
session_start();
?>
<html>
<style>
table
{
text-align:center;
}
</style>
<div style="background-color:cyan;">
<h1 align = 'center'> YOUR INFORMATION AS THE TABLE BELOW </h1>
<table width = '400' border = '1' align = 'center'>
<tr>
<td>Name</td>
<td><?php echo $_SESSION['Userdata']['name'];?></td>
</tr>
<tr>
<td>Phone Number</td>
<td><?php echo $_SESSION['Userdata']['phonenumber'];?></td>
</tr>
<tr>
<td>Address</td>
<td><?php echo $_SESSION['Userdata']['address'];?></td>
</tr>
<tr>
<td>City</td>
<td><?php echo $_SESSION['Userdata']['city'];?></td>
</tr>
<tr>
<td>Zip Code</td>
<td><?php echo $_SESSION['Userdata']['zipcode'];?></td>
</tr>
<tr>
<td>Gender</td>
<td><?php echo $_SESSION['Userdata']['gender'];?></td>
</tr>
<tr>
<td>Date</td>
<td><?php echo $_SESSION['Userdata']['date'];?></td>
</tr>
</table>
</div>
</html>
validation.php
<?php
session_start();
if(isset($_POST['Submit']))
{
$name = $_POST['name'];
if(isset($name) && empty($name))
{
$_SESSION['pbt1']['nameError']="Name must be required!";
header('location:pbt1.php');
}
else
{
if(!preg_match("/^[a-zA-Z ]*$/",$name))
{
$_SESSION['pbt1']['nameError'] = "Only letters and white space allowed";
header('location:pbt1.php');
}
}
$phonenumber = $_POST['phonenumber'];
if(isset($phonenumber) && empty($phonenumber))
{
$_SESSION['pbt1']['numberError'] = "Error, insert phone number";
header('location:pbt1.php');
}
else
{
if(!preg_match('/^([0-9]*)$/', $phonenumber))
{
$_SESSION['pbt1']['numberError'] = "Numbers only";
header('location:pbt1.php');
}
}
$address = $_POST['address'];
if(isset($address) && empty($address))
{
$_SESSION['pbt1']['addressError'] = "Error, enter your address";
header('location:pbt1.php');
}
$city = $_POST['city'];
if(isset($city) && empty($city))
{
$_SESSION['pbt1']['cityError'] = "Error, enter your city";
header('location:pbt1.php');
}
$zipcode = $_POST['zipcode'];
if(isset($zipcode) && empty($zipcode))
{
$_SESSION['pbt1']['zipcodeError'] = "Error, enter your zipcode";
header('location:pbt1.php');
}
else
{
if(!preg_match('/^([0-9]*)$/', $zipcode))
{
$_SESSION['pbt1']['zipcodeError'] = "Numbers only";
header('location:pbt1.php');
}
}
$gender = $_POST['gender'];
$date = $_POST['date'];
if(isset($date) && empty($date))
{
$_SESSION['pbt1']['dateError'] = "Error, select the date";
header('location:pbt1.php');
}
$_SESSION['Userdata'] = ['name'=>$name ,'phonenumber'=>$phonenumber,'address'=>$address,'city'=>$city,
'zipcode'=>$zipcode,'gender'=>$gender,'date'=>$date ];
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if($_SESSION['pbt1']['nameError'] == "" && $_SESSION['pbt1']['numberError'] == "" && $_SESSION['pbt1']['addressError']== "" && $_SESSION['pbt1']['cityError']=="" && $_SESSION['pbt1']['zipcodeError']=="" && $_SESSION['pbt1']['dateError']=="")
{
header("location:pbt2.php");
exit; }
?>
CodePudding user response:
Depending on the PHP version (>= 7.0) you are using, you could change
<?php echo isset($nameError)?$nameError :'';?>
to
<?php echo $nameError ?? ''; ?>
As for HTML, you might want to change
<form name = "pbt1" method = "post" action = "validation.php">
to
<form name="pbt1" method="post" action="validation.php">
That doesn't change the outcome, but easier to read.
What's next...
$name = $_POST['name'];
if(isset($name) && empty($name))
{
could be changed into
if (array_key_exists('name', $_POST) && trim($_POST['name']) === '') {
Looks like more code, but the intention of the if becomes more clear.
As far as this one goes
if(isset($_SESSION['pbt1']))
{
$nameError = $_SESSION['pbt1']['nameError'];
$numberError = $_SESSION['pbt1']['numberError'];
$cityError = $_SESSION['pbt1']['cityError'];
$addressError = $_SESSION['pbt1']['addressError'];
$zipcodeError = $_SESSION['pbt1']['zipcodeError'];
$dateError = $_SESSION['pbt1']['dateError'];
}
...don't trust your session. I would change it to
if (array_key_exists('pbt1', $_SESSION)) {
$nameError = $_SESSION['pbt1']['nameError'] ?? '';
$numberError = $_SESSION['pbt1']['numberError'] ?? '';
$cityError = $_SESSION['pbt1']['cityError'] ?? '';
$addressError = $_SESSION['pbt1']['addressError'] ?? '';
$zipcodeError = $_SESSION['pbt1']['zipcodeError'] ?? '';
$dateError = $_SESSION['pbt1']['dateError'] ?? '';
}
This one
$_SESSION['Userdata'] = ['name'=>$name ,'phonenumber'=>$phonenumber,'address'=>$address,'city'=>$city,
'zipcode'=>$zipcode,'gender'=>$gender,'date'=>$date ];
I would change to
$_SESSION['Userdata'] = [
'name' => $_POST['name'] ?? '',
'phonenumber' => $_POST['phonenumber'] ?? '',
'address'. => $_POST['address'] ?? '',
'city'. => $_POST['city'] ?? '',
'zipcode' => $_POST['zipcode'] ?? '',
'gender'. => $_POST['gender'] ?? '',
'date'. => $_POST['date'] ?? '',
];
Since validation.php is pure PHP, get rid of
?>
at the end of the file.
What else...
At the beginning of validation.php, make sure you clear out $_SESSION['pbt1'] aka.
unset($_SESSION['pbt1']);
Instead of doing header('location:pbt1.php'); after every issue, remove header('location:pbt1.php'); from every individual if block and put it at the end, as in
if(isset($date) && empty($date)) {
$_SESSION['pbt1']['dateError'] = "Error, select the date";
// header('location:pbt1.php');
}
if (array_key_exists('pbt1', $_SESSION)) {
header('location:pbt1.php');
exit;
}
$_SESSION['Userdata'] = ...
that way you don't have to fix every error by itself and you show them all at once.