torads Posted September 23, 2010 Share Posted September 23, 2010 I want to redirect my visitors to a certain page after validating their form input to be correct. I have 3 codes which are named code1, code2 and code 3. these are just 6 digit numbers. After a user has filled out the correct 3 codes I want to forward them to specific page but as of now I get no errors but the page that opens up is my handle_form.php which is the file that is only supposed to be validating the inputs. Here's is the code to the form: <form action="handle_form.php" method="post"> <div class="class6"> <b> <table border="1" width="500" height="60" bgcolor="#898989" bordercolor="black"> <tr> <td align="center" width="150"> <a href="/step1.php" target="_blank">Link 1</a> </td> <td align="center" width="150"> Code 1 </td> <td width="200" align="center"> <input type="text" name="code1" size="6"/> </td> </tr> <tr> <td align="center" width="150"> <a href="/step2.php" target="_blank">Link 2</a> </td> <td align="center" width="150"> Code 2 </td> <td width="200" align="center"> <input type="text" name="code2" size="6"/> </td> </tr> <tr> <td align="center" width="150"> <a href="/step3.php" target="_blank">Link 3</a> </td> <td align="center" width="150"> Code 3 </td> <td width="200" align="center"> <input type="text" name="code3" size="6"/> </td> </tr> </table></b><br> <input type="submit" name="submit" value="Take me to the Download Page"/> </div> </form> Now here is the code within the handle_form.php <?php if (isset($_POST['submitted'])) { $realcode1 = 723598; $realcode2 = 193598; $realcode3 = 887362; if (!empty($_POST['code1'])) { $code1 = escape_data (htmlspecialcharacters($_POST['code1'])); } else { echo '<p><font color="red"> You forgot to enter code1.</font></p>'; $code1 = FALSE; } if (!empty($_POST['code2'])) { $code2 = escape_data (htmlspecialcharacters($_POST['code2'])); } else { echo '<p><font color="red"> You forgot to enter code2.</font></p>'; $code2 = FALSE; } if (!empty($_POST['code3'])) { $code3 = escape_data (htmlspecialcharacters($_POST['code3'])); } else { echo '<p><font color="red"> You forgot to enter code1.</font></p>'; $code3 = FALSE; } if ($code1 = $realcode1 && $code2 = $realcode2 && $code3 = $realcode3) { $url .= '/software/Express_Paste.zip'; header('Location: $url'); } else { echo "You haven't entered the correct codes."; } } exit(); ?> When i submit the form using the correct data my handle_form.php page opens??? Where am I going wrong? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 23, 2010 Share Posted September 23, 2010 According to your form's action attribute, that's what's supposed to happen. What are you expecting to happen differently? Quote Link to comment Share on other sites More sharing options...
torads Posted September 23, 2010 Author Share Posted September 23, 2010 OK, I knew I was doing something wrong. I thought that my form post action would just use the handle_form.php to validate the input data and return it true or false. If true then forwarding them to the download. Do you any suggestions if you understand what I'm trying to do? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 23, 2010 Share Posted September 23, 2010 Try changing the single-quotes to double-quotes in the header() redirect, and see if that helps. Quote Link to comment Share on other sites More sharing options...
torads Posted September 23, 2010 Author Share Posted September 23, 2010 No luck. Do you think it's is returning true or is there an issue with my validation code? It seems to be by not printing from what I have in the else statement Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 23, 2010 Share Posted September 23, 2010 Haven't had time to go over all of it, but I noticed in your last conditional you are using the assignment operator = instead of the comparison operator == Quote Link to comment Share on other sites More sharing options...
torads Posted September 24, 2010 Author Share Posted September 24, 2010 Thanks for your assistance Pik. I did have that as == before i posted my question and hadn't noticed I had' changed it back. I am still getting the same result. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 I noticed that you were checking if( isset($_POST['submitted']) ), but that array element will never exist. The form will send $_POST['submit']. Also, you were going through a lot of unnecessary steps. There is no reason to use any escaping functions, or any of that with that form, since none of the input is used in a database query, or echoed back to the screen. All you need to do is trim() the input to remove whitespace, cast the values as integers, since that is what the expected input is, and compare them to the valid values. See the comments in the code below . . . Hopefully, this should make sense, but if it doesn't let me know. <?php if( isset($_POST['submit']) ) { // This was '$_POST['submitted']', therefore it would always evaluate to FALSE. $errors = array(); // Initialize an array to store validation errors array_map('trim', $_POST); // Send entire $_POST array through trim() function to remove whitespace $realcode1 = 723598; $realcode2 = 193598; $realcode3 = 887362; // validate form fields contain a value. If not, store an error in the array. if( !empty($_POST['code1']) ) { $code1 = (int) $_POST['code1']; } else { $errors[] = 'Code 1 is required.'; } if( !empty($_POST['code2']) ) { $code2 = (int) $_POST['code2']; } else { $errors[] = 'Code 2 is required'; } if( !empty($_POST['code3']) ) { $code3 = (int) $_POST['code3']; } else { $errors[] = 'Code 3 is required.'; } //if the $errors array is empty, compare the values from the form to the valid values if( empty($errors) ) { if ($code1 == $realcode1 && $code2 == $realcode2 && $code3 == $realcode3) { // If all values are valid, redirect the user to the specified URL $url .= '/software/Express_Paste.zip'; header('Location: ' . $url); exit(); } else { // If any of the values are invalid, display an error message. echo "You haven't entered the correct codes.";} } else { // if the $errors array is not empty, loop through the errors, and display them $n = count($errors); $i = 1; foreach( $errors as $v ) { echo '<font color="red">' . $v . '</font>'; if( $i < $n ) { // echo a line break after errors, unless it is the last one to be displayed echo '<br>'; } $i ++; } } } ?> Quote Link to comment Share on other sites More sharing options...
torads Posted September 24, 2010 Author Share Posted September 24, 2010 I read through your suggestions and realize now the unnecessary steps that i was going through for the input. I got the security stuff while looking through forums and realize now that since this data will never be called from a db and displayed on another page there is no need to worry about hacks persay. Making the change with the isset statement has now made everything work. Thanks for your help, I am grateful. Sincerely, Satisfied Forum newbie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.