Can't figure out why I'm not getting errors

I used a tutorial to do this and it is posting fine but the error checks aren’t working


<?php
include_once 'core/init.php';
$general->logged_out_protect();
//////Displaying Data/////////////
 $article_id=$_GET['article_id']; // Collecting data from query string
 if(!is_numeric($article_id)){ // Checking data it is a number or not
 echo "Data Error";
 exit;
 }
?>
<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<link rel="stylesheet" type="text/css" href="css/style.css" >
    <title>Settings</title>
</head>
<body>
	<div id="container">
		<?php include 'includes/menu.php'; ?>
		<?php
	    if (isset($_GET['success']) && empty($_GET['success'])) {
	        echo '<h3>Your details have been updated!</h3>';	
	    } else{

            if(empty($_POST) === false) {		
			$errors = array();

				if (isset($_POST['name']) && !empty ($_POST['name'])){
					if (ctype_alpha($_POST['name']) === false) {
					$errors[] = 'Please enter your Name with only letters!';
					}	
				}
if (isset($_POST['email']) && !empty ($_POST['email'])){
				if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
            $errors[] = 'Please enter a valid email address';
        }
	}
				      $name 	= htmlentities(trim($_POST['name']));
                                 $email 	= htmlentities(trim($_POST['email']));
					$bio 			= htmlentities(trim($_POST['bio']));
					
					$users->update_user($name, $email, $bio, $user_id);
					header("Location: settings.php?success&article_id=$article_id");
					exit();
				
				} else if (empty($errors) === false) {
					echo '<p>' . implode('</p><p>', $errors) . '</p>';	
				}	
            }
    		?>

    		<h2>Settings.</h2> <p><b>Note: Information you post here is made viewable to others.</b></p>
            <hr />

            <form action="" method="post" enctype="multipart/form-data">

            	<div id="personal_info">
	            	<h3 >Change Profile Information </h3>
	                <ul>
	                    <li>
	                        <h4>Name:</h4>
	                        <input type="text" name="name" value="<?php if (isset($_POST['name']) ){echo htmlentities(strip_tags($_POST['name']));} else { echo $user['name']; }?>">
	                    </li>
<li>
	                        <h4>Email:</h4>
	                        <input type="text" name="email" value="<?php if (isset($_POST['email']) ){echo htmlentities(strip_tags($_POST['email']));} else { echo $user['email']; }?>">
	                    </li>
	                     <li>
	                        <h4>Bio:</h4>
	                        <textarea name="bio"><?php if (isset($_POST['bio']) )
{
echo htmlentities(strip_tags($_POST['bio']));
} else {
 echo $user['bio'];
 }?></textarea>
	                    </li>
	            	</ul>
            	</div>
            	<div class="clear"></div>
            	<hr />
            		<span>Update Changes:</span>
                    <input type="submit" value="Update">

            </form>
    </div>
</body>
</html>
<?php
//}
?>

Try after putting this at the beginning

<?php
error_reporting(E_ALL);
ini_set('display_errors', true);

Try this debugging funtion:



<?php 
error_reporting(-1);
ini_set('display_errors', 1);

// debug ==========
function dd($value, $vd=FALSE)
{
   echo '<pre>';
     if( $vd):
       var_dump($value);
     else:
       print_r($value);
     endif;
   echo '</pre>';
   die;
}

include_once 'core/init.php';
$general->logged_out_protect();
//////Displaying Data/////////////


dd( $_GET ); // rem to proceed


 $article_id=$_GET['article_id']; // Collecting data from query string
 if(!is_numeric($article_id)){ // Checking data it is a number or not
 echo "Data Error"; 
 exit;
 }
?>

Sorry, maybe I didn’t explain right. The problem is that on submit of the form if I enter ??<<???//// in as the name or email it doesn’t throw an error and it should which means the validation isn’t working.

Taking only a quick look for now it looks like a problem with your code logic.

Take a look at where $errors is being assigned and where the conditionals are testing for it.

The function dd( $val ) displays the $val parameter and then halts program execution.

Try calling dd($_POST); immediately after the the function. If the $_POST parameters are what you expected then REM // dd($_POST); and then use the dd(,); to trace your program execution.


<?php  
error_reporting(-1); 
ini_set('display_errors', 1); 

// debug ========== 
function dd($value, $vd=FALSE) 
{ 
   echo '<pre>'; 
     if( $vd): 
       var_dump($value); 
     else: 
       print_r($value); 
     endif; 
   echo '</pre>'; 
   die; 
} 

dd( $_POST ); // REM when values are correct then use the function again to trace execution.

include_once 'core/init.php'; 

$general->logged_out_protect(); 
//////Displaying Data///////////// 


dd( $_GET ); // rem to proceed 


 $article_id=$_GET['article_id']; // Collecting data from query string 
 if(!is_numeric($article_id)){ // Checking data it is a number or not 
 echo "Data Error";  
 exit; 
 } 
?>

Not really understanding but what I get is expected
Array
(
[article_id] => 1
)

Like I said the form submits fine it’s the validating that doesn’t work.

Your script has quite a few if(…) validations. Which particular one do you mean?

May I suggest inserting the following line which will show the script line number and then halt the script. Once you have established your script is working as expected up to that line then remove the line and move on to the next possible problematic validation.



  echo '<br />'. __LINE__; dd( $testVar); die;


// revised script


<?php  
include_once 'core/init.php';
$general->logged_out_protect();
//////Displaying Data/////////////
$article_id=$_GET['article_id']; // Collecting data from query string
if(!is_numeric($article_id)){ // Checking data it is a number or not
  echo "Data Error"; 
exit;
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/style.css" >
<title>Settings</title>    
</head>
<body>
  <div id="container">
    <?php include 'includes/menu.php'; ?>
    <?php
      if (isset($_GET['success']) && empty($_GET['success'])) {
          echo '<h3>Your details have been updated!</h3>';          
      }else{
        if(empty($_POST) === false) {   
          $errors = array();

          if (isset($_POST['name']) && !empty ($_POST['name'])){
            if (ctype_alpha($_POST['name']) === false) {
              $errors[] = 'Please enter your Name with only letters!';
          } 
        }

        if (isset($_POST['email']) && !empty ($_POST['email'])){
          if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
                    $errors[] = 'Please enter a valid email address';
          }
        }
        $name   = htmlentities(trim($_POST['name']));
                               $email   = htmlentities(trim($_POST['email']));
        $bio      = htmlentities(trim($_POST['bio']));

        $users->update_user($name, $email, $bio, $user_id);
        header("Location: settings.php?success&article_id=$article_id");
        exit();

        } else if (empty($errors) === false) {
          echo '<p>' . implode('</p><p>', $errors) . '</p>';  
        } 
      }
    ?>
         
    <h2>Settings.</h2> 
    <p><b>Note: Information you post here is made viewable to others.</b></p>
    <hr />

    <form action="" method="post" enctype="multipart/form-data">
      <div id="personal_info">
        <h3 >Change Profile Information </h3>
        <ul>
          <li>
            <h4>Name:</h4>
            <input type="text" name="name" value="<?php if (isset($_POST['name']) ){echo htmlentities(strip_tags($_POST['name']));} else { echo $user['name']; }?>">
          </li>     
          <li>
            <h4>Email:</h4>
            <input type="text" name="email" value="<?php if (isset($_POST['email']) ){echo htmlentities(strip_tags($_POST['email']));} else { echo $user['email']; }?>">
          </li>     
          <li>
            <h4>Bio:</h4>
            <textarea name="bio">
              <?php if (isset($_POST['bio']) )
              {
                echo htmlentities(strip_tags($_POST['bio']));
              }else{
                echo $user['bio'];
              }
              ?>
            </textarea>
          </li>
        </ul>    

        <div class="clear">
        </div>

        <hr />
        <span>Update Changes:</span>
        <input type="submit" value="Update">
      </div><!-- div id="personal_info" -->
    </form>

  </div><!-- div id="container" -->

</body>
</html>

I am trying to validate the name is a name and that the email is valid but it will not error if it’s not on either of them that is what I am trying to get working. Like I said this was a tutorial I followed for a user area. I get

   Your details have been updated!      

even if there should be an error

What did you try and what values did you enter?

Can you supply a link to the Tutorial. maybe others have had problems and they are now resolved.

Try modifying your script so that you know what values are being passed:


// lines to insert
  echo '<br />$name = '   . $name;
  echo '<br /> $mail = '    . $email;
  echo '<br />$bio = '       . $bio;
  echo '<br />$user_id = ' . $user_id;
  die;

// about line 42
        $users->update_user($name, $email, $bio, $user_id); 
        header("Location: settings.php?success&article_id=$article_id"); 
        exit(); 


Without seeing your code that interacts with the database or the tutorial that you based it on, i can’t see what database server software you’re using or what extension you’re using to interact with the database but it you’re using the mysql_* extension then please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.

Here is a link to the tutorial I used http://www.sunnytuts.com/article/login-and-registration-with-object-oriented-php-and-pdo

I had a look at the tutorial and was not impressed. Also the comments were not fully answered.

I managed to get the demo to work after amending numerous errors.

Here is the users table structure that does save, validate, display members, etc.

Copy and paste the SQL into your “http://localhost/phpMyAdmin” and at least your user table will be good.



DROP TABLE IF EXISTS users;
CREATE TABLE IF NOT EXISTS users (
  id int(11) unsigned zerofill NOT NULL AUTO_INCREMENT,
  username varchar(18) NOT NULL,
  `password` varchar(512) NOT NULL,
  email varchar(64) NOT NULL,
  email_code varchar(64) NOT NULL,
  `time` int(11) NOT NULL,
  confirmed int(4) NOT NULL,
  ip varchar(32) NOT NULL,
  PRIMARY KEY (id)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;


My take on it.

    <?php
	if (isset($_GET['success']) && empty($_GET['success'])) {
		echo '<h3>Your details have been updated!</h3>';          
	}else{
		if(isset($_POST)) {   
			$errors = array();
			if (isset($_POST['name']) && !empty ($_POST['name'])){
				if (ctype_alpha($_POST['name']) === false) {
					$errors[] = 'Please enter your Name with only letters!';
				} 
			}
		
			if (isset($_POST['email']) && !empty ($_POST['email'])){
				if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
					$errors[] = 'Please enter a valid email address';
				}
			}
			
			$name   = htmlentities(trim($_POST['name']));
			$email   = htmlentities(trim($_POST['email']));
			$bio      = htmlentities(trim($_POST['bio'])); 
			
			//Then check $errors array to show errors or make update
			if (!empty($errors)) {
				echo '<p>' . implode('</p><p>', $errors) . '</p>';  
			}else{
				$users->update_user($name, $email, $bio, $user_id);
				header("Location: settings.php?success&article_id=$article_id");
				exit();		
			}		
		}
	}
	?>

I just re did the whole thing. So much for tutorials. But it’s all working now. Thanks for all your help.