I have to verify and validate information inputted in an HTML form against a database created in phpMyAdmin. Currently, when I input my data and hit submit, I get a message that I have at the end of my PHP file. (Account not found). Also whatever transaction they select should be redirected to that page.
Is it giving me an error msg because I have the wrong name somewhere or is it skipping over all the functions?
This is the Form
<body>
<form name="form" action="Verify.php" method="post">
<h1>Lushest Lawns and Landscaping</h1>
<label for="input"><b>Landscaper's First Name: </b></label>
<input type="text" name="fname" placeholder="Example: John" required>
<label for="required"><b>REQUIRED</b></label>
<br>
<label for="input"><b>Landscaper's Last Name: </b></label>
<input type="text" name="lname" placeholder="Example: Doe" required>
<label for="required"><b>REQUIRED</b></label>
<br>
<label for="input"><b>Landscaper's Password: </b></label>
<input type="password" name="pass" placeholder="Example: Ba9877bb$Bb9" required >
<label for="required"><b>REQUIRED</b></label>
<br>
<label for="input"><b>Landscaper's ID#: </b></label>
<input type="number" name="id" placeholder="Example: 123456" required>
<label for="required"><b>REQUIRED</b></label>
<br>
<label for="input"><b>Landscaper's Phone#: </b></label>
<input type="number" name="Pid" placeholder="Example: 1234567890" required>
<label for="required"><b>REQUIRED</b></label>
<br>
<label for="input"><b>Landscaper's Email: </b></label>
<input type="text" name="email" placeholder="Example: [email protected]">
<br>
<label for="input"><br><b>Select a Transaction: </b></label>
<select id="transaction" name="transaction" required>
<option name="1">Search A Landscaper's Accounts</option>
<option name="2">Book A Customer's Appoinment</option>
<option name="3">Place A Customer's Order</option>
<option name="4">Update A Customer's Order</option>
<option name="5">Cancel A Customer's Appoinment</option>
<option name="6">Cancel A Customer's Order</option>
<option name="7">Create A New Customer Account</option>
</select>
<br>
<input type="checkbox" id="confirmation" name="emailconfirm">
<label for="checkbox"><b>Email the Transaction Confirmation</b></label>
<button name="submit">Submit</button>
</form>
</body>
This is the PHP file. I just removed the server name and everything for now but I have it in my file.
<?php
if(isset($_POST["submit"])){
session_start();
$servername = "";
$username = "";
$password = "";
$dbname = "";
$connection = mysqli_connect($server,$username,$password,$dbname);
if($connection-> connect_error){
die("Connection failed: " . $connection-> connect_error);
}
//Form input data
$Fname = $_POST["fname"];
$Lname = $_POST["lname"];
$Lid = $_POST["id"];
$Lpass = $_POST["pass"];
$transaction = $_POST["transaction"];
$Lemail = $_POST["email"];
$Lphone = $_POST["Pid"];
$_SESSION['id'] = $Lid;
$validate = true;
$verify = false;
function validate() {
//validate first name
if (empty($_POST["fname"])) {
echo ("First Name is required <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
//validate last name
if (empty($_POST["lname"])) {
echo ("Last Name is required <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
//validate id
if (empty($_POST["id"])) {
echo("Invalid ID: Enter 6-digit number <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
//validate password
if (empty($_POST["pass"])) {
echo("Invalid Password: Enter 6-digit number <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
//Validate transaction
if (empty($_POST["transaction"])) {
echo ("Please select a Transaction <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
//Validate phone number
if (empty($_POST["Pid"])) {
echo("Invalid Phone Number <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
//validate email
if(isset($_POST["emailconfirmation"]) && !empty($_POST["emailconfirmation"])) {
if(empty($_POST["emailconfirmation"])) {
echo("Please enter an Email <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
} else {
$email = $_POST["emailconfirmation"];
if (!filter_var($email, 'FILTER_VALIDATE_EMAIL')) {
echo ("Invalid Email Format, Correct Format: [email protected] <br>");
$validate = false;
header( "refresh:3;url=Pro4.html" );
}
}
}
}
function verify($connection) {
$sql = "SELECT * FROM `Landscaper DB`";
$result = $connection -> query($sql);
while ($row = $result-> fetch_assoc()) {
if (($_POST["fname"]) == ($row["LFirstName"])) {
if (($_POST["lname"]) == ($row["LLastName"])) {
if ($_POST["id"] == $row["LID"]) {
if ($_POST["Pid"] == $row["LPhone"]) {
if ($_POST["pass"] == $row["LPassword"]){
return true;
}
}
}
}
}
}
return false;
}
validate();
if(validate()) {
$verify = verify($connection);
}
if($verify) {
//transaction
if($transaction == "1") {
header("Location: Landscaper.php" );
}
elseif($transaction == "2") {
header("Location: AppoinmentForm.html" );
}
elseif($transaction == "3") {
header("Location: OrderForm.html");
}
elseif($transaction == "4"){
header("Location: UpDateOrder.html" );
}
elseif($transaction == "7"){
header("Location: CreateAccount.html" );
}
elseif($transaction == "5"){
header("Location: CancelCusApoin.html" );
}
elseif($transaction == "6"){
header("Location: CancelOrder.html" );
}
}
else {
echo "Sorry, account not found.\n Please try again with a valid Name, ID, and Password.";
header( "refresh:3;url=Pro4.html" );
}
$connection -> close();
}
?>
DATABASE This is the table of inputs that should work.
CodePudding user response:
You're not going to pass validation because your select element options have no values, so transaction will be blank.
You have lots of badly formed html. Read up on forms, labels, input elements, and IDs, names, and values. Once you have the html ironed out then the server side validation will follow.
CodePudding user response:
validate(); if(validate()) { $verify = verify($connection); }
For whatever reason you are calling the validate() function twice. You only need to call it once. Additionally, you are checking the return value of the validate() function with an if() statement, but your validate() function does not have any return statement. This means that the "return value" of this function is always NULL. This will result in the following code/execution:
validate();
if(NULL) {
$verify = verify($connection);
}
That way the if() block is never executed. So your verify() function is never called and your $verify variable is never updated, it stays false. When you want to use your verify() function in an if() statement, your function has to use the return statement to return a "result" like return true; or return false;.
Your $_POST['transaction'] field does not contain the name="..." values but instead the label content of the <option> entry. The syntax to set a (different) value for an <option> entry is set the value="..." attribute, something like:
<option value="4">Update A Customer's Order</option>
You can always check with var_dump($_POST); to see what the actual values are the browser is sending to your PHP script.