My form Verification and Validation with php is not working

Question

I have to verify and validate information inputted in an HTML form against a database created in phpMyAdmin. Currently, when I input my data and hit submit, I get a message that I have at the end of my PHP file. (Account not found). Also whatever transaction they select should be redirected to that page. Is it giving me an error msg because I have the wrong name somewhere or is it skipping over all the functions?
This is the Form

<body>
  <form name="form" action="Verify.php" method="post">
    <h1>Lushest Lawns and Landscaping</h1>
    <label for="input"><b>Landscaper's First Name: </b></label>
    <input type="text" name="fname" placeholder="Example: John" required>
    <label for="required"><b>REQUIRED</b></label>
        <br>
    <label for="input"><b>Landscaper's Last Name: </b></label>
    <input type="text" name="lname" placeholder="Example: Doe" required>
    <label for="required"><b>REQUIRED</b></label>
    <br>
    <label for="input"><b>Landscaper's Password: </b></label>
    <input type="password" name="pass" placeholder="Example: Ba9877bb$Bb9" required >
    <label for="required"><b>REQUIRED</b></label>
    <br>    
    <label for="input"><b>Landscaper's ID#: </b></label>
    <input type="number" name="id" placeholder="Example: 123456" required>
    <label for="required"><b>REQUIRED</b></label>
    <br> 
    <label for="input"><b>Landscaper's Phone#: </b></label>
    <input type="number" name="Pid" placeholder="Example: 1234567890" required>
    <label for="required"><b>REQUIRED</b></label>
    <br>
    <label for="input"><b>Landscaper's Email: </b></label>
    <input type="text" name="email" placeholder="Example: abc@abc.com">
    <br>
    <label for="input"><br><b>Select a Transaction: </b></label>
    <select id="transaction" name="transaction" required>
            <option  name="1">Search A Landscaper's Accounts</option>
            <option  name="2">Book A Customer's Appoinment</option>
            <option  name="3">Place A Customer's Order</option>
            <option  name="4">Update A Customer's Order</option>
            <option  name="5">Cancel A Customer's Appoinment</option>
            <option  name="6">Cancel A Customer's Order</option>
            <option  name="7">Create A New Customer Account</option>
    </select>
<br>
    <input type="checkbox" id="confirmation" name="emailconfirm">
    <label for="checkbox"><b>Email the Transaction Confirmation</b></label>
    <button class="button button5" name="submit">Submit</button>
</form>
  </body>

This is the PHP file. I just removed the server name and everything for now but I have it in my file.

<?php
  if(isset($_POST["submit"])){
    session_start();
    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";
    $connection = mysqli_connect($server,$username,$password,$dbname);
    if($connection-> connect_error){
        die("Connection failed: " . $connection-> connect_error);
    }

    //Form input data
    $Fname = $_POST["fname"];
    $Lname = $_POST["lname"];
    $Lid = $_POST["id"];
    $Lpass = $_POST["pass"];
    $transaction = $_POST["transaction"];
    $Lemail = $_POST["email"];
    $Lphone = $_POST["Pid"];

    $_SESSION['id'] = $Lid;
    $validate = true;
    $verify = false;
    
    function validate() {
        
        //validate first name
        if (empty($_POST["fname"])) {
            echo ("First Name is required <br>");
            $validate = false;
            header( "refresh:3;url=Pro4.html" );
        }
        //validate last name
        if (empty($_POST["lname"])) {
            echo ("Last Name is required <br>");
            $validate = false;
            header( "refresh:3;url=Pro4.html" );
        }
        //validate id
        if (empty($_POST["id"])) {
            echo("Invalid ID: Enter 6-digit number <br>");
            $validate = false;
            header( "refresh:3;url=Pro4.html" );
        }

        //validate password
        if (empty($_POST["pass"])) {
            echo("Invalid Password: Enter 6-digit number <br>");
            $validate = false;
            header( "refresh:3;url=Pro4.html" );
        }

        //Validate transaction
        if (empty($_POST["transaction"])) {
            echo ("Please select a Transaction <br>");
            $validate = false;
            header( "refresh:3;url=Pro4.html" );
        }

        //Validate phone number
        if (empty($_POST["Pid"])) {
            echo("Invalid Phone Number <br>");
            $validate = false;
            header( "refresh:3;url=Pro4.html" );
        }

        //validate email
        if(isset($_POST["emailconfirmation"]) && !empty($_POST["emailconfirmation"])) {
            if(empty($_POST["emailconfirmation"])) {
                echo("Please enter an Email <br>");
                $validate = false;
                header( "refresh:3;url=Pro4.html" );
            } else {
                $email = $_POST["emailconfirmation"];
                if (!filter_var($email, 'FILTER_VALIDATE_EMAIL')) {
                    echo ("Invalid Email Format, Correct Format: email@example.com <br>");
                    $validate = false;
                    header( "refresh:3;url=Pro4.html" );
                }
            }
        }
    }
    
    function verify($connection) {
        $sql = "SELECT * FROM `Landscaper DB`";
        $result = $connection -> query($sql);
        while ($row = $result-> fetch_assoc()) {
            if (($_POST["fname"]) == ($row["LFirstName"])) {
                if (($_POST["lname"]) == ($row["LLastName"])) {
                if ($_POST["id"] == $row["LID"]) {
                    if ($_POST["Pid"] == $row["LPhone"]) {                      
                    if ($_POST["pass"] == $row["LPassword"]){
                        return true; 
                    }
                }
            }
        }
    }
}

        return false;
}
    validate();
    if(validate()) {
        $verify = verify($connection);
    }

    if($verify) {
        //transaction
        if($transaction == "1") {
            header("Location: Landscaper.php" );
        }
        elseif($transaction == "2") {
            header("Location: AppoinmentForm.html" );
        }
        elseif($transaction == "3") {
            header("Location: OrderForm.html");
        }
        elseif($transaction == "4"){
            header("Location: UpDateOrder.html" );
        }
        elseif($transaction == "7"){
            header("Location: CreateAccount.html" );
        }
        elseif($transaction == "5"){
            header("Location: CancelCusApoin.html" );
        }
        elseif($transaction == "6"){
            header("Location: CancelOrder.html" );
        }
    }
    else {
        echo "Sorry, account not found.\n Please try again with a valid Name, ID, and Password.";
        header( "refresh:3;url=Pro4.html" );
    }
    $connection -> close();
  }
  ?>

DATABASE This is the table of inputs that should work.

Now is a good time to [start debugging](https://stackoverflow.com/q/25385173/328193). Even in the absence of a debugger, you can log/output useful information throughout the code to observe its runtime behavior, such as the values of variables and indications of entering logical blocks/branches. This will be far more effective in narrowing down the problem than just looking at the code. — David, Apr 15 '22 at 17:44

score 1 · Answer 1 · answered Apr 15 '22 at 20:58

You're not going to pass validation because your select element options have no values, so transaction will be blank.

You have lots of badly formed html. Read up on forms, labels, input elements, and IDs, names, and values. Once you have the html ironed out then the server side validation will follow.

score 0 · Answer 2 · answered Apr 16 '22 at 07:46

validate();
if(validate()) {
    $verify = verify($connection);
}

For whatever reason you are calling the validate() function twice. You only need to call it once. Additionally, you are checking the return value of the validate() function with an if() statement, but your validate() function does not have any return statement. This means that the "return value" of this function is always NULL. This will result in the following code/execution:

 validate();
 if(NULL) {
     $verify = verify($connection);
 }

That way the if() block is never executed. So your verify() function is never called and your $verify variable is never updated, it stays false. When you want to use your verify() function in an if() statement, your function has to use the return statement to return a "result" like return true; or return false;.

Your $_POST['transaction'] field does not contain the name="..." values but instead the label content of the <option> entry. The syntax to set a (different) value for an <option> entry is set the value="..." attribute, something like:

<option value="4">Update A Customer's Order</option>

You can always check with var_dump($_POST); to see what the actual values are the browser is sending to your PHP script.

My form Verification and Validation with php is not working

2 Answers2