I am working on a silent auction for my school and have run into a problem. I have a form where they submit their information with a button to actually submit it. When the button is pressed at the moment their information is transferred to a database where I can look over it later and see who is the winner. The user is then directed to a success page where they can go to the bids page which contains the names and items of the people who have bid. The problem is that people can submit the form without actually entering anything. I wrote some code that would make the fields mandatory but since there is a redirection on submit the code is not working properly. I am not sure how to go about fixing this.
I can post the codes here if necessary just let me know. Also if any other clarification is needed just ask.
Here is the form page code:
<?php
$nameERR = $numberERR = $emailERR = $bidERR = "";
$name = $number = $email = $bid = "";
if($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["name"]))
{
$nameERR = "Name is required";
}
if (empty($_POST["number"]))
{
$numberERR = "Student number is required";
}
if (empty($_POST["email"]))
{
$emailERR = "E-mail is required";
}
if (empty($_POST["price"]))
{
$bidERR = "A bid is required";
}
}
?>
<html>
<head>
<title>Silent Auction</title>
</head>
<body>
<form method="POST" action="database.php">
<b>Please Enter the Following Information Accurately</p>
<br>
Name:
<br>
<input type="text" name="name" style="width: 200px;" />
<span class="error"><?php echo $nameErr ?></span>
<br>
Student Number:
<br>
<input type="text" name="number" style="width: 200px;" />
<span class="error"><?php echo $numberErr ?></span>
<br>
E-mail:
<br>
<input type="text" name="email" style="width: 200px;" />
<span class="error"><?php echo $emailErr ?></span>
<br>
Item:
<br>
<select name="item" style="width: 200px;">
<option name="thing" value="thing">Thing</option>
<option name="other" value="other">Other Thing</option>
</select>
<br>
Bid Amount:
<br>
<input type="text" name="price" />
<span class="error"><?php echo $bidErr ?></span>
<br>
<input type="submit" value="Place Bid" />
<br>
<br>
<a href="bids.html">Open Bids Page</a>
</form>
</body>
</html>
And here is database.php:
<?php
//Create connection
$con = mysqli_connect("localhost","user","pass","database");
//Test connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySql: " . mysqli_connect_error();
}
if($_POST)
{
$name = $_POST['name'];
$bid = $_POST['price'];
$site = fopen("bids.html","a");
fwrite($site, $name . " - " . $item . "<br>
");
fclose($site);
}
$sql = "INSERT INTO Persons (name, number, email, item, price) VALUES
(
'$_POST[name]',
'$_POST[number]',
'$_POST[email]',
'$_POST[item]',
'$_POST[price]'
)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added. Click " . "<a href='bids.html'>Here</a>" . " to view other bids.";
mysqli_close($con);
?>
in the database file add the code below
Server Side Validation
if($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["name"]))
{
$nameERR = "Name is required";
die($nameERR);
}
if (empty($_POST["number"]))
{
$numberERR = "Student number is required";
die($numberERR);
}
if (empty($_POST["email"]))
{
$emailERR = "E-mail is required";
die($emailERR);
}
if (empty($_POST["price"]))
{
$bidERR = "A bid is required";
die( $bidERR);
}
/* paste reset of code here */
}
also in the front-end
add required for example in text field
<html>
Silent Auction
<form method="POST" action="">
<b>Please Enter the Following Information Accurately</p>
<br>
Name:
<br>
<input type="text" name="name" style="width: 200px;" required />
<span class="error"><?php echo $nameErr ?></span>
<br>
Student Number:
<br>
<input type="text" name="number" style="width: 200px;" required />
<span class="error"><?php echo $numberErr ?></span>
<br>
E-mail:
<br>
<input type="text" name="email" style="width: 200px;" required />
<span class="error"><?php echo $emailErr ?></span>
<br>
Item:
<br>
<select name="item" style="width: 200px;" required>
<option name="thing" value="thing">Thing</option>
<option name="other" value="other">Other Thing</option>
</select>
<br>
Bid Amount:
<br>
<input type="text" name="price" requried />
<span class="error"><?php echo $bidErr ?></span>
<br>
<input type="submit" name="submit" value="Place Bid" required />
<br>
<br>
<a href="bids.html">Open Bids Page</a>
</form>
if you want interactive client side validation there a many site providing it
Currently you are doing server side validation.
Use Javascript/jquery validation that will be performed on client side.
There isn't anything wrong with server side validation... in fact, you should do both.
This should work, just do the entire operation in the same script.
<?php
$nameERR = $numberERR = $emailERR = $bidERR = "";
$name = $number = $email = $bid = "";
$errors = false;
if(isset($_POST['submit']))
{
if (empty($_POST["name"]))
{
$nameERR = "Name is required";
$errors = true;
}
if (empty($_POST["number"]))
{
$numberERR = "Student number is required";
$errors = true;
}
if (empty($_POST["email"]))
{
$emailERR = "E-mail is required";
$errors = true;
}
if (empty($_POST["price"]))
{
$bidERR = "A bid is required";
$errors = true;
}
if(!$errors) {
//Create connection
$con = mysqli_connect("localhost","user","pass","database");
//Test connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySql: " . mysqli_connect_error();
}
if($_POST)
{
$name = $_POST['name'];
$bid = $_POST['price'];
$site = fopen("bids.html","a");
fwrite($site, $name . " - " . $item . "<br>
");
fclose($site);
}
$sql = "INSERT INTO Persons (name, number, email, item, price) VALUES
(
'$_POST[name]',
'$_POST[number]',
'$_POST[email]',
'$_POST[item]',
'$_POST[price]'
)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added. Click " . "<a href='bids.html'>Here</a>" . " to view other bids.";
mysqli_close($con);
}
}
?>
<html>
<head>
<title>Silent Auction</title>
</head>
<body>
<form method="POST" action="">
<b>Please Enter the Following Information Accurately</p>
<br>
Name:
<br>
<input type="text" name="name" style="width: 200px;" />
<span class="error"><?php echo $nameErr ?></span>
<br>
Student Number:
<br>
<input type="text" name="number" style="width: 200px;" />
<span class="error"><?php echo $numberErr ?></span>
<br>
E-mail:
<br>
<input type="text" name="email" style="width: 200px;" />
<span class="error"><?php echo $emailErr ?></span>
<br>
Item:
<br>
<select name="item" style="width: 200px;">
<option name="thing" value="thing">Thing</option>
<option name="other" value="other">Other Thing</option>
</select>
<br>
Bid Amount:
<br>
<input type="text" name="price" />
<span class="error"><?php echo $bidErr ?></span>
<br>
<input type="submit" name="submit" value="Place Bid" />
<br>
<br>
<a href="bids.html">Open Bids Page</a>
</form>
</body>
</html>
You should use javascript for client side verification. For server side you should use that php verification. I have put the sql query inside if($_POST) block. So only when you will have a valid data then the db will be updated.
if(!empty($_POST['name'))
{
$name = $_POST['name'];
$bid = $_POST['price'];
$site = fopen("bids.html","a");
fwrite($site, $name . " - " . $item . "<br>
");
fclose($site);
$sql = "INSERT INTO Persons (name, number, email, item, price) VALUES
(
'$_POST[name]',
'$_POST[number]',
'$_POST[email]',
'$_POST[item]',
'$_POST[price]'
)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added. Click " . "<a href='bids.html'>Here</a>" . " to view other bids.";
mysqli_close($con);
}
?>
Just curious, what's the purpose of this: ?
$nameERR = $numberERR = $emailERR = $bidERR = "";
$name = $number = $email = $bid = "";