Hi,
I’m building a form in PHP which captures the data into a MySQL database. Once the user has completed the form it is meant to redirect them to a thankyou.php page. I’ve put in some validation onto the form, but am getting errors and can’t seem to fix them, hence asking for your help. I’m pretty new to PHP so please excuse if I’m asking any silly questions.
So, I have 3 pages, a form.php, functions.php and db-connetion.php.
form.php
<?php
require_once('db-connection.php');
include('functions.php');
$NAME = cleanInput($conn, $_POST['NAME']); // line 6
$EMAIL = cleanInput(trim($conn, $_POST['EMAIL'])); // line 7
$COMMENTS = cleanInput($conn, $_POST['COMMENTS']); // line 8
// date
$DATE = date(cleanInput("Y-m-d", $conn));
$errors = array();
// If request is a form submission
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Validation
// Check NAME is not empty
if(strlen($NAME) < 2) {
$errors['NAME'] = "Your name is not long enough";
}
// Check TELEPHONE is not empty
if (0 === preg_match("/^((\\(?0\\d{4}\\)?\\s?\\d{3}\\s?\\d{3})|(\\(?0\\d{3}\\)?\\s?\\d{3}\\s?\\d{4})|(\\(?0\\d{2}\\)?\\s?\\d{4}\\s?\\d{4}))(\\s?\\#(\\d{4}|\\d{3}))?$/", $_POST['TELEPHONE'])) {
$errors['TELEPHONE'] = "Please enter valid phone number";
}
// Check EMAIL is valid
if(strlen($EMAIL) < 5) {
$errors['EMAIL'] = "Your email address is not long enough";
}
// Check COMMENTS is valid
if(strlen($COMMENTS) < 3) {
$errors['COMMENTS'] = "Please enter a comment";
}
// If no validation errors
if (0 === count($errors)) {
// Sanitise details
$NAME = cleanInput($conn, $_POST['NAME']);
$TELEPHONE = cleanInput($conn, $_POST['TELEPHONE']);
$EMAIL = cleanInput(trim($conn, $_POST['EMAIL']));
$COMMENTS = cleanInput($conn, $_POST['COMMENTS']);
// Insert user into the database
$query = "INSERT INTO 'test-form'
('DATE', 'NAME', 'TELEPHONE', 'EMAIL', 'COMMENTS')
VALUES
('$DATE', '$NAME', '$TELEPHONE', '$EMAIL', '$COMMENTS')";
$result = mysqli_query($conn, $query);
if(mysql_errno() === 0){
// Form submitted successfully
header("Location: thankyou.php");
}
}
}
// Helpers
function form_row_class($eName,$errors){
return isset($errors[$eName]) ? "form_error_row" : ""; // Using isset to prevent undefined index
}
function error_for($eName,$errors){
return isset($errors[$eName]) ? "<div class='form_error'>" .$errors[$eName] . "</div>" : '';
}
function hsc($string){
return htmlspecialchars($string);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<table class="form">
<tr class="<?php echo form_row_class("NAME",$errors); ?>" >
<th><label for="NAME">Name</label></th>
<td><input name="NAME" id="NAME" type="text" value="<?php echo isset($_POST['NAME']) ? hsc($_POST['NAME']) : ''; ?>" />
<?php echo error_for("NAME",$errors); ?></td>
</tr>
<tr class="<?php echo form_row_class("TELEPHONE",$errors); ?>">
<th><label for="TELEPHONE">Telephone</label></th>
<td><input name="TELEPHONE" id="TELEPHONE" type="text" value="<?php echo isset($_POST['TELEPHONE']) ? hsc($_POST['TELEPHONE']) : ''; ?>" />
<?php echo error_for("TELEPHONE",$errors); ?></td>
</tr>
<tr class="<?php echo form_row_class("EMAIL",$errors); ?>">
<th><label for="EMAIL">Email Address</label></th>
<td><input name="EMAIL" id="EMAIL" type="text" "value="<?php echo isset($_POST['EMAIL']) ? hsc($_POST['EMAIL']) : ''; ?>" />
<?php echo error_for("EMAIL",$errors); ?></td>
</tr>
<tr class="<?php echo form_row_class("COMMENTS",$errors); ?>">
<th><label for="COMMENTS">Comments</label></th>
<td><textarea name="COMMENTS" id="COMMENTS"><?php echo isset($_POST['COMMENTS']) ? hsc($_POST['COMMENTS']) : ''; ?></textarea>
<?php echo error_for("COMMENTS",$errors); ?></td>
</tr>
<tr>
<th></th>
<td>
<input type="submit" value="Go!" /></td>
</tr>
</table>
</form>
</body>
</html>
functions.php
<?php
require_once('db-connection.php');
/**
* Cleans input
* @param String $data - the data to clean
* @return String - the sanitised data
*/
function cleanInput($data, $conn){ // line 10
if (get_magic_quotes_gpc()) {
$data = stripslashes($data);
$data = strip_tags($data);
$data = mysqli_real_escape_string($conn, $data);
} else {
$data = strip_tags($data); // line 16
$data = mysqli_real_escape_string($conn, $data); // line 17
}
return $data;
}
?>
and db-connection.php
<?php
// setting variable for db connection
$host = "localhost";
$username = "root";
$password = "myPassword";
$database = "form";
// connect to database
$conn = mysqli_connect("$host", "$username", "$password", "$database");
if (!$conn) {
die("Could not connect: " . mysqli_error());
}
?>
The errors I’m getting are around the following. I’ve taken a screenshot of the errors and uploaded to here.
I’ve put comments in my code such as " // line xx" so you know what the errros refer to. Thanks in advance