<?php
error_reporting(-1);
ini_set('display_errors', 1);
// debug ==========
function dd($value, $vd=FALSE)
{
echo '<pre>';
if( $vd):
var_dump($value);
else:
print_r($value);
endif;
echo '</pre>';
die;
}
include_once 'core/init.php';
$general->logged_out_protect();
//////Displaying Data/////////////
dd( $_GET ); // rem to proceed
$article_id=$_GET['article_id']; // Collecting data from query string
if(!is_numeric($article_id)){ // Checking data it is a number or not
echo "Data Error";
exit;
}
?>
Sorry, maybe I didn’t explain right. The problem is that on submit of the form if I enter ??<<???//// in as the name or email it doesn’t throw an error and it should which means the validation isn’t working.
The function dd( $val ) displays the $val parameter and then halts program execution.
Try calling dd($_POST); immediately after the the function. If the $_POST parameters are what you expected then REM // dd($_POST); and then use the dd(,); to trace your program execution.
<?php
error_reporting(-1);
ini_set('display_errors', 1);
// debug ==========
function dd($value, $vd=FALSE)
{
echo '<pre>';
if( $vd):
var_dump($value);
else:
print_r($value);
endif;
echo '</pre>';
die;
}
dd( $_POST ); // REM when values are correct then use the function again to trace execution.
include_once 'core/init.php';
$general->logged_out_protect();
//////Displaying Data/////////////
dd( $_GET ); // rem to proceed
$article_id=$_GET['article_id']; // Collecting data from query string
if(!is_numeric($article_id)){ // Checking data it is a number or not
echo "Data Error";
exit;
}
?>
Your script has quite a few if(…) validations. Which particular one do you mean?
May I suggest inserting the following line which will show the script line number and then halt the script. Once you have established your script is working as expected up to that line then remove the line and move on to the next possible problematic validation.
echo '<br />'. __LINE__; dd( $testVar); die;
// revised script
<?php
include_once 'core/init.php';
$general->logged_out_protect();
//////Displaying Data/////////////
$article_id=$_GET['article_id']; // Collecting data from query string
if(!is_numeric($article_id)){ // Checking data it is a number or not
echo "Data Error";
exit;
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/style.css" >
<title>Settings</title>
</head>
<body>
<div id="container">
<?php include 'includes/menu.php'; ?>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo '<h3>Your details have been updated!</h3>';
}else{
if(empty($_POST) === false) {
$errors = array();
if (isset($_POST['name']) && !empty ($_POST['name'])){
if (ctype_alpha($_POST['name']) === false) {
$errors[] = 'Please enter your Name with only letters!';
}
}
if (isset($_POST['email']) && !empty ($_POST['email'])){
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'Please enter a valid email address';
}
}
$name = htmlentities(trim($_POST['name']));
$email = htmlentities(trim($_POST['email']));
$bio = htmlentities(trim($_POST['bio']));
$users->update_user($name, $email, $bio, $user_id);
header("Location: settings.php?success&article_id=$article_id");
exit();
} else if (empty($errors) === false) {
echo '<p>' . implode('</p><p>', $errors) . '</p>';
}
}
?>
<h2>Settings.</h2>
<p><b>Note: Information you post here is made viewable to others.</b></p>
<hr />
<form action="" method="post" enctype="multipart/form-data">
<div id="personal_info">
<h3 >Change Profile Information </h3>
<ul>
<li>
<h4>Name:</h4>
<input type="text" name="name" value="<?php if (isset($_POST['name']) ){echo htmlentities(strip_tags($_POST['name']));} else { echo $user['name']; }?>">
</li>
<li>
<h4>Email:</h4>
<input type="text" name="email" value="<?php if (isset($_POST['email']) ){echo htmlentities(strip_tags($_POST['email']));} else { echo $user['email']; }?>">
</li>
<li>
<h4>Bio:</h4>
<textarea name="bio">
<?php if (isset($_POST['bio']) )
{
echo htmlentities(strip_tags($_POST['bio']));
}else{
echo $user['bio'];
}
?>
</textarea>
</li>
</ul>
<div class="clear">
</div>
<hr />
<span>Update Changes:</span>
<input type="submit" value="Update">
</div><!-- div id="personal_info" -->
</form>
</div><!-- div id="container" -->
</body>
</html>
I am trying to validate the name is a name and that the email is valid but it will not error if it’s not on either of them that is what I am trying to get working. Like I said this was a tutorial I followed for a user area. I get
Without seeing your code that interacts with the database or the tutorial that you based it on, i can’t see what database server software you’re using or what extension you’re using to interact with the database but it you’re using the mysql_* extension then please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.
Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.
DROP TABLE IF EXISTS users;
CREATE TABLE IF NOT EXISTS users (
id int(11) unsigned zerofill NOT NULL AUTO_INCREMENT,
username varchar(18) NOT NULL,
`password` varchar(512) NOT NULL,
email varchar(64) NOT NULL,
email_code varchar(64) NOT NULL,
`time` int(11) NOT NULL,
confirmed int(4) NOT NULL,
ip varchar(32) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;