Xajax 0.5 available

Ashoo · 2009-11-27 7:44:08 AM

Ashoo
Newbie
Offline

Registered: 2009-11-10
Posts: 7

Topic: Form inserts everthing

What changes in the following function can make the form insert only valid values?

//$msg2="";
if(empty($data['txtemail'])) {
$msg="Required";
} else {
$pattern="/^([0-9a-zA-Z]([-\.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})+$/";
$email=$data['txtemail'];
if(!preg_match_all($pattern,$email,$match,PREG_PATTERN_ORDER)) {
$msg="Invalid email id";
} else {
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$db="assigment2db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($db, $conn);
$sql_user="SELECT * FROM membership WHERE email='".$data['txtemail']."'";
mysql_query($sql_user);
$num=mysql_affected_rows();
if($num > 0)
$msg="email is already in use";
else
$msg="";
}}
if($msg!="")
$objResponse->assign('err2', 'innerHTML', $msg);

//$msg3="";
if(empty($data['txtpsw'])) {
$msg="Required";
} else {
if(strlen($data['txtpsw'])<7) {
$msg="password must be at least 7 characters long";
} else if(strlen($data['txtpsw'])>25)
$msg="password cannot have more than 25 characters";
else
$msg="";
}
if($msg!="")
$objResponse->assign('err3', 'innerHTML', $msg);

//$msg4="";
if(empty($data['txtcpsw'])) {
$msg="Required";
} else {
if($data['txtcpsw']!=$data['txtpsw'])
$msg="password does not match";
else
$msg="";
}
if($msg!="")
$objResponse->assign('err4', 'innerHTML', $msg);

//$msg5="";
if(empty($data['veri']))
$msg="Required";
else
$msg="";
if($msg!="")
$objResponse->assign('err5', 'innerHTML', $msg);

if(empty($msg)) {
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$db="assigment2db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($db, $conn);
$sql_user="INSERT INTO membership (username,email,password,package) VALUES('".$data['txtusername']."','".$data['txtemail']."','".$data['txtpsw']."','".$data['rd']."')";
mysql_query($sql_user);
/* $num=mysql_affected_rows();
if($num > 0)
$msg="username is already in use"; */
}

Martin1982 · 2009-12-15 12:46:05 AM

Martin1982
Newbie
Offline

Registered: 2009-10-28
Posts: 8

Re: Form inserts everthing

I don't quite understand your question, inserting only valid values is what your code is already doing, right?
If you are looking for more validation you could have a look at Zend_Validate

I did do a small refactor of your code, to make it shorter;

Code: PHP

<?php


$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$db="assigment2db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($db, $conn);


function processFormData($data) {
    $objResponse = new xajaxResponse();
    $msg="";
    if(empty($data['txtusername'])) {
        $msg="Required";
    } else {
        if(strlen($data['txtusername'])<7) {
            $msg="username must be at least 7 characters long";
        } else if(strlen($data['txtusername'])>25) {
            $msg="username cannot have more than 25 characters";
        } else {
            $sql_user="SELECT * FROM membership WHERE username='".$data['txtusername']."'";
            $sqlExec = mysql_query($sql_user);
            $num=mysql_num_rows($sqlExec);
            if($num > 0)
                $msg="username is already in use";
            else
                $msg="";
        }
    }
    
    if($msg!="")
        $objResponse->assign('err', 'innerHTML', $msg);
    
    //$msg2="";
    if(empty($data['txtemail'])) {
        $msg="Required";
    } else {
        $pattern="/^([0-9a-zA-Z]([-\.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})+$/";
        $email=$data['txtemail'];
        if(!preg_match_all($pattern,$email,$match,PREG_PATTERN_ORDER)) {
            $msg="Invalid email id";
        } else {
            $sql_user="SELECT * FROM membership WHERE email='".$data['txtemail']."'";
            $sqlExec = mysql_query($sql_user);
            $num=mysql_num_rows($sqlExec);
            if($num > 0)
                $msg="email is already in use";
            else
                $msg="";
        }
    }
    if($msg!="")
    $objResponse->assign('err2', 'innerHTML', $msg);
    
    //$msg3="";
    if(empty($data['txtpsw']))  {
        $msg="Required";
    } else {
        if(strlen($data['txtpsw'])<7)  {
            $msg="password must be at least 7 characters long";
        } else 
        if(strlen($data['txtpsw'])>25)
            $msg="password cannot have more than 25 characters";
        else
            $msg="";
    }
    
    if($msg!="")
        $objResponse->assign('err3', 'innerHTML', $msg);
    
    //$msg4="";
    if(empty($data['txtcpsw'])) {
        $msg="Required";
    } else {
        if($data['txtcpsw']!=$data['txtpsw'])
            $msg="password does not match";
        else
            $msg="";
    }
    
    if($msg!="")
        $objResponse->assign('err4', 'innerHTML', $msg);
    
    //$msg5="";
    if(empty($data['veri']))
        $msg="Required";
    else
        $msg="";
    if($msg!="")
        $objResponse->assign('err5', 'innerHTML', $msg);
    
    if(empty($msg)) {
        $sql_user="INSERT INTO 
                            membership 
                        (
                            username,
                            email,
                            password,
                            package
                        ) VALUES(
                            '".$data['txtusername']."',
                            '".$data['txtemail']."',
                            '".$data['txtpsw']."',
                            '".$data['rd']."'
                        )";
        mysql_query($sql_user);
    }
    
    return $objResponse;
}
 

Xajax 0.5 available

Form inserts everthing

Posts [ 2 ]

1 Topic by Ashoo 2009-11-27 7:44:08 AM

Topic: Form inserts everthing

2 Reply by Martin1982 2009-12-15 12:46:05 AM

Re: Form inserts everthing

Code: PHP