mike316

I'm sorry, this is the wrong place to post this question. The question was supposed to be posted in PHP for the Web 5th edition. I was looking up something for MySQL at the time and posted a question in the wrong book forum. Again, I'm sorry for posting this here and maybe Larry can move it to the appropriate place.

The form works if I use the if(!empty) conditional that you see in this form. If the textbox is left empty or the passwords do not match the correct message appear. <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>Password</title> </head> <body> <?php // Turning on error report ini_set('display_errors', 1); error_reporting(E_ALL); // Having the form processed on the same page if($_SERVER['REQUEST_METHOD'] == 'POST') { $problem = false; if(!empty($_POST['password'])) { if($_POST['password'] != $_POST['confirm_password']) { $problem = true; print '<p>The two emails do not match</p>'; } // second conditioanal } else { $problem = true; print '<p>The password is empty</p>'; } // first conditional } ?> <!-- Standard form with two inputs for the password --> <form action="password.php" method="post"> <p> <label for="password">Password:</label> <input type="password" id="password" name="password"> </p> <p> <label for="confirm_password">Confirm Password:</label> <input type="password" id="confirm_password" name="confirm_password"> </p> <p> <input type="submit" name="submit" value"Submit!!"> </p> </form> </body> </html> Now if I use this nested conditional statement below instead of the if(!empty), the statements and the form do not work. <?php if(empty($_POST['password'])) { if($_POST['password'] != $_POST['confirm_password']) { $problem = true; print '<p>The two emails do not match</p>'; } } else { $problem = true; print '<p>Please enter your email</p>'; } ?> I'm lost on why the if(!empty) works, but the if(empty) doesn't work? My last question is, I can use the if(!empty), that would be the correct way to make sure that no field is empty and the two fields match, correct? It just seems "unnatural" and empty would be the correct one to use. I got the idea of using the (!empty) from page 216 from the book. Nice work on the website Larry, I'm digging the new colors, fonts, and general layout. The blue really compliments the white background, and general layout of the site.

I made a mistake when I copied the PHP Code, I didn't copy the actual PHP code in the body of the HTML, I copied the code after the closing HTML tag, and it was too late to edit sorry about that.

This post is going to be a little longer than a typical post. I made a form using filter_var/sanitize. Here is my HTML: <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Filter Var Practice</title> <meta name="viewport" content="width=device-width, initial-scale=1"> </head> <body> <form action="practice.php" method="POST"> <p> <label for="first_name">First Name:</label> <input type="text" id="first_name" name="first_name"> </p> <p> <label for="last_name">Last Name:</label> <input type="text" id="last_name" name="last_name"> </p> <p> <label for="email">Email:</label> <input type="text" id="email" name="email"> </p> <p> <label for="comments">Comments:</label> <textarea name="comments" id="comments"></textarea> </p> <p> <input type="submit" name="submit" value="Submit"> </p> </form> </body> </html> And here is my PHP: <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Page Title</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style> .error { color: red; font-weight: bold; } </style> </head> <body> <h1>Filter Var Practice</h1> </body> </html> <?php // Setting error managment. ini_set('display_errors', 1); error_reporting(E_ALL); // Declaring the variables $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; /* Allowing users to enter their own line breaks in the comments if they chose to, and using strip_tags to remove unwanted tags like <i></i><b></b> and <script> </script> tags. */ $comments = nl2br(strip_tags($_POST['comments'])); // Sanitizing the data $first_name = filter_var($_POST['first_name'], FILTER_SANITIZE_STRING); $last_name = filter_var($_POST['last_name'], FILTER_SANITIZE_STRING); $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); /* Setting a true variable so, if something is empty it will fail, and the print statement inside the if will be false indicating the user left a input field empty. */ $okay = true; if(empty($first_name)) { print '<p class="error">Please enter your first name</p>'; $okay = false; } if(empty($last_name)) { print '<p class="error">Please enter your last name</p>'; $okay = false; } if(empty($email)) { print '<p class="error">Please enter your email</p>'; $okay = false; } if(empty($comments)) { print '<p class="error">Please leave us a comment about our service</p>'; $okay = false; } if($okay) { print "<p>Thank you $first_name $last_name<br> We will be contacting you soon at $email email address<br> And Thank you for your comments: <br> $comments</p>"; } ?> I posted my code on another forum, and below is the answer I received. Here is a link to the post, https://forums.phpfreaks.com/topic/307229-i-have-a-few-questions-about-sanitizing-my-data/ Requinix is user who replied to my question. I don't think the answer I received is correct. I made a post about being confused between, strip_tags, htmlspecialchars, and which one to use, and Larry stated, "Sorry for the confusion! Yes, this should be used on *any* user-submitted data. Forms are very easy to manipulate and I could easily provide to your site any value whatsoever as my ZIP code or salutation. I'd always go with the most strict function you can get away with, which normally means strip_tags()." I think the answer I received is wrong because, as Larry has stated I should use strip_tags to remove unwanted characters from my form submission. Am I correct in my assumption and that I sanitized the data correctly? Sorry for the long post, and thanks for any help.

Thank you, Larry, for the quick reply. I have a couple of questions, I did try the first_name without the dollar sign before I posted my question, and the script did work. I'm just kinda lost on how this script works without the dollar sign in the if statement if I use $first_name like this: $first_name = strip_tags(trim($_POST['first_name'])); I did the correct thing up above correct, by declaring $first_name, and then my functions? I just don't get why to use first_name instead of $first_name in my if statement.

Below is the Xammp information: XAMPP Version: 7.1.10 XAMPP Control Panel Version: V3.2.2 PHP version: 7.1.10 Windows version: 64 bit, Windows 10 And Xampp is installed on my C drive. I wanted to practice chapter 6 validation functions, if, if else statements, and security functions in PHP. Every time I type in my first name in the form and hit the submit button, the contact.php script gives me the error Please enter your first name, even though I'm using the empty() validation function. My else statement never even fires off. I'm not sure what I'm doing wrong here, if the quotes I'm using, or if something is not declared correctly in my code. In the contact.php lines, 21-27 are my variables I created from my contact.html form. The if else statement starts on lines 35-39. I only did one statement so far, because every variable I've tried fails, just like first one. Below I will paste my HTML, PHP, and CSS for the form. The form looks good with the CSS, but it just doesn't work properly Thanks in advance for any help. HTML: <!doctype html> <html> <head> <meta charset = "utf-8"> <title>Contact Us</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" type="text/css" href="css/normalize.css"> <link rel="stylesheet" href="css/styles.css?v=e031e80c3d8b"> <link href="https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300,700%7COswald" rel="stylesheet"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> </head> <body> <div class="container"> <form action="contact.php" method="POST"> <label for="first_name">First Name:</label> <input type="text" id="first_name" name="first_name"> <label for="last_name">Last Name:</label> <input type="text" id="last_name" name="last_name"> <label for="email">Email:</label> <input type="email" id="email" name="email"> <label for="password">Password:</label> <input type="password" id="password" name="password"> <label for="confirm_password">Confirm Password</label> <input type="password" id="confirm_password" name="confirm_password"> <label for="year">Birth Year:</label> <input type="number" id="year" name="year"> <label for="interest">Interest:</label> <select name="hobbies" id="interest"> <option value="html">HTML</option> <option value="css">CSS</option> <option value="programming">Programming</option> <option value="photoshop">Photoshop</option> </select> <label for="color">Color:</label> <select name="color" id="color"> <option value="red">Red</option> <option value="yellow">Yellow</option> <option value="green">Green</option> <option value="blue">Blue</option> </select> <label for="comments">Comments:</label> <textarea name="comments" id="comments" name="comments"></textarea> <label for="terms">Terms And Conditions</label> <input type="checkbox" id="terms" name="terms" value="Yes"><label class="yes">Yes</label> <input type="submit" id="submit" name="submit" value="submit"> </form> </div> </body> </html> Contact PHP: <!doctype html> <html> <head> <meta charset = "utf-8"> <title>Contact Us</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" type="text/css" href="css/normalize.css"> <link rel="stylesheet" href="css/styles.css?v=e031e80c3d8b"> <link href="https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300,700%7COswald" rel="stylesheet"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> </head> <body> <h1>Registration Results</h1> <?php /* Error Reporting */ ini_set('display_errors', 1); error_reporting(E_ALL); // Declaring the variable from the form and applying security to the for $first_name = strip_tags(trim($_POST['first_name'])); $last_name = strip_tags(trim($_POST['last_name'])); $email = strip_tags(trim($_POST['email'])); $password = strip_tags(trim($_POST['password'])); $confirm_password = strip_tags(trim($_POST['confirm_password'])); $year = strip_tags(trim($_POST['year'])); $comments = nl2br(strip_tags($_POST['comments'])); // Flag variable to track success $okay = true; /* Setting the first conditional to make sure $first_name isn't empty and printing a message with $first_name if the user did. */ if (empty($_POST['$first_name'])) { print '<p class="error">Please enter your first name</p>'; } else { print "<p>$first_name</p>"; } // If there were no errors, print a success message: if ($okay) { print '<p>You have been succesfully registered (but not really).</p>'; } ?> </body> </html> CSS: /* Font family selection font-family: 'Oswald', sans-serif; font-family: 'Open Sans Condensed', sans-serif; Oswald can be 300 and 700 for font weight. */ body { background-color: rgba(110,202,233, .5); } .container { background: linear-gradient(to bottom, rgba(195,217,255,1) 20%,rgba(152,176,217,1) 99%); max-width: 45em; margin: 0 auto; text-align: center; } label, #submit { display: block; font-family: 'Oswald', sans-serif; font-size: 1.2em; font-weight: 700; padding: .45em 0; } input, select, textarea { font-family: 'Open Sans Condensed', sans-serif; width: 15em; } .yes { display: inline; } #terms { width: 5%; } #submit { width: 4em; margin-left: 2em; } /* coloring the errors in the if statements */ .error { color: red; }

Hi, I figured out how to test my email. I'm using Papercut from github, and it just catches the email I send, and I can look at it to see if everything looks okay.

I've searched youtube without much luck on this subject. What I would like to do is create a form, and send that form data to my gmail account, or my other email account I use with AT&T. I would like to do this so I can practice sending and receiving data from my practice forms we create in our book. Here's some information about my XAMPP version, and where Xampp is stored. XAMPP Version: 7.1.10 XAMPP Control Panel Version: V3.2.2 Windows version: 64 bit, Windows 10 And Xampp is installed on my C drive. Thank you, for any help.

Hi Larry, thank you for the reply, that makes sense. I was having a hard time understanding which function to use.

In chapter 5 the book states, for security purposes, it's almost always a good idea to use the above functions with any user-provided data that's being printed to the browser. Besides textarea tags, does this also include input tags, radio button tags, select tags and checkbox tags as well? For example, a username text, a first and last name text box, or are these functions just for a textarea? My last question is, which one is the best to use, or should we use, and why? Thank in advance for any replies, I'm really lost on this topic.

Worked like a charm. Great job Iromao, and thanks. I spent some time trying to figure this out.

I first want to say that this book is awesome. I bought PHP for the Web the fifth edition. I have made two functional forms, and I'm so happy with the book. The version of PHP that I have installed is 7.1.10, and I'm on a Windows 64bit. Here is my HTML below. <!doctype html> <html> <head> <meta charset = "utf-8"> <title>Contact Us</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style> label, #submit { display: block; } </style> </head> <body> <h1>The Ticket Center</h1> <form action="wwf_tickets.php" method="post"> <label for="price">Price:</label> <input type="text" id="price" name="price"> <label for="quantity">Quantity:</label> <input type="number" id="quantity" name="quantity" min="1"> <label for="shipping">Shipping:</label> <select id="shipping" name="shipping"> <option value="5.00">Standard Delivery $5.00</option> <option value="10.00">Two Day $10.00</option> <option value="25.00">Overnight $25.00</option> </select> <label for="tax">Tax:</label> <input type="number" id="tax" name="tax"> <input type="submit" name="submit" value="Submit" id="submit"> </form> </body> </html> Now the problem I'm having is, I want to show the cost of the tickets with tax (pre-grand total). For example, if I purchase 1 ticket at $45.00 with 10.00 shipping with a tax rate of .06, the tax would be $3.30, and I would like to print that result to the screen. For some reason, everything I tried I always get the grand total for everything. I didn't use the format_number() function yet because I want to figure out the current problem first. Here is my PHP below, can someone here please show me how to do that, and thank you in advance for any help. <!doctype html> <html> <head> <meta charset = "utf-8"> <title>Contact Us</title> <meta name="viewport" content="width=device-width, initial-scale=1"> </head> <body> <?php // Display errors ini_set('display_errors', 1); error_reporting(E_ALL); $price = $_POST['price']; // The price for ticket/s $quantity = $_POST['quantity']; // Number of tickets wanting $shipping = $_POST['shipping']; // choosing a shipping option $tax = $_POST['tax']; // Entering the tax rate. $taxrate = $tax / 100; // getting the tax rate $taxrate++; // adding 1 to the tax rate $total = ($price * $quantity) + $shipping; // price of the ticket times the quantity, and adding the shipping chosen $grand_total = $total * $taxrate; // getting the grand total for the tickets, and getting the total cost with tax. print "<p>The ticket price you selected is: <span>$</span>$price</p> <p>The number of tickets you have selected is: $quantity</p> <p>The shipping you have selected is: <span>$</span>$shipping</p> <p>The tax rate you have selected is: $tax <span>%</span><br> <p>The cost of the ticket(s) including shipping is: <span>$</span>$total</p><br> <p>The total ticket(s) price including tax is: <span>$</span>$grand_total</p> ?> </body> </html>