0

I am writing a PHP application to store telephone directory entries in a MySQL database. However, with my current validation it displays an error message even if all information is filled out.

I was hoping someone could help. Here is my validation code:

if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['address'])
|| empty($_POST['city']) || empty($_POST['state']) || empty($_POST['zip']) || 
empty($_POST['telephone']))
echo "<p>You must fill out all fields! Click your browser's 
Back button to return to the Telephone Directory form.</p>";

else if (is_numeric($_POST['zip']) === FALSE || is_numeric($_POST['telephone']) === FALSE)
echo "<p>You must enter numeric values for the zip code and phone number.</p>";

I've looked it over quite a bit and I think the guilty party is the 'telephone' field but I'm not 100% sure. Here is the HTML:

<h2>New Entry</h2>
<form method="POST" action="TelephoneDirectoryWrite.php">
<p>First Name <input type="text" name="first_name" /></p>
<p>Last Name <input type="text" name="last_name" /></p>
<p>Address <input type="text" name="address" /></p>
<p>City <input type="text" name="city" /></p>
 <p>State <input type="text" name="state" /></p>
<p>Zip <input type="text" name="zip" /></p>
<p>Phone Number <input type="text" name="telephone" /></p>

<p><input type="submit" value="Add Entry" /></p>
BenMorel
  • 34,448
  • 50
  • 182
  • 322
Vagabond251
  • 63
  • 7
  • 1
    When in doubt, `var_dump` is your best friend. Dump the whole `$_POST` variable and find the culprit. We can't tell what's going wrong without you specifying a set of data that fails the check. – El_Vanja Dec 11 '20 at 15:04
  • form validation can be directly made in html5 (without JS) – Mister Jojo Dec 11 '20 at 15:06
  • Which error message is shown? – brombeer Dec 11 '20 at 15:09
  • tested your code filling in the correct data type generates no error. unless your Canadian. – Jason K Dec 11 '20 at 15:13
  • @MisterJojo Client side validation is insufficient. – user3783243 Dec 11 '20 at 15:13
  • You receive `You must fill out all fields! Click your browser's Back button to return to the Telephone Directory form` or `You must enter numeric values for the zip code and phone number`? You shouldn't treat phone numbers or zip codes as integers. – user3783243 Dec 11 '20 at 15:14
  • @user3783243 this is here just to verify non empty input. client side verification is sufficient, and you can use **pattern** to other – Mister Jojo Dec 11 '20 at 15:18
  • @MisterJojo Depends on the intent of validation. `curl` can be run and none of those checks would be run. Server side validation should always be in place. Client side can be a nice first pass. – user3783243 Dec 11 '20 at 15:40
  • @user3783243 https://stackoverflow.com/questions/9391137/can-servers-block-curl-requests – Mister Jojo Dec 11 '20 at 15:45
  • @MisterJojo What's the purpose of that link? OP doesn't care about CURL, I don't think. Original was again a note again that `Server side validation should always be in place`. I guess sure you can get stricter but that again is going even beyond the `dont just validate client side` argument. – user3783243 Dec 11 '20 at 15:57
  • @user3783243 Client-side validation is not only nice, it is also to keep the connection from irrelevant tasks, CURL access should be blocked. and anyway the PO is mainly interested in a classic client-server relationship, or an error message (which could be directly managed on the client side) is returned when the same page is reloaded – Mister Jojo Dec 11 '20 at 16:25

0 Answers0