I have created a small registration sticky form. Everything is working fine, but if I input any wrong value,like numbers in name, letters in age or even wrong email format, then still the data is saved in the database, I cannot figure out the validation problem. And another 1 is search option. Whenever I input any FirstName or lastname in the search box, it should display the name that is in the database or it will show an error message. Any 1 can suggest me what should I do.. Please see my coding below.
sticky_form codes...
<html>
<head>
<?php
global $fname,$lname,$gender,$age,$course,$email;
if(isset($_POST['register']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$gender=$_POST['gender'];
$age=$_POST['age'];
$course=$_POST['course'];
$email=$_POST['email'];
if (preg_match("/[a-zA-Z ]+$/", $_POST['fname'])) {
$fname = trim($_POST['fname']);
}
else
{
echo '<p>The First name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
//$error = true;
}
if (preg_match("/[a-zA-Z ]+$/", $_POST['lname'])) {
$lname = trim($_POST['lname']);
}
else
{
echo '<p>The last name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
$error = true;
}
if(isset($_POST['gender']))
{
$gender = $_POST['gender'];
}
else
{
echo "<p>No gender found!</p>";
}
if (preg_match("/[a-zA-Z ]+$/", $_POST['age'])) {
$age = trim($_POST['age']);
}
else
{
echo '<p>Please enter age. Or your age contains illegal characters</p>';
//$error = true;
}
if(isset($_POST['course']))
{
$course = $_POST['course'];
}
else
{
echo "<p>Please Select Course!</p>";
}
// Validate the email:
if (preg_match("/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/", $_POST['email'] )){
$email = trim($_POST['email']);
}
else
{
echo '<p>The email is empty or has illegal characters! To edit please go the link Display Data Information</p>';
//$error = false;
}
echo "<br/>";
echo "<br/>";
echo "<br/>";
}
if($fname&&$lname&&$gender&&$age&&$email&&$course)
{
require_once('connection.php');
$query = mysql_query("INSERT INTO members SET FirstName='$fname', LastName='$lname', Gender='$gender', Age='$age', Email='$email', Course='$course'") or die(mysql_error());
if($query){
echo"Your Data Successfully Saved";
}
else
{
echo "Please recheck your Data!";
}
}
?>
</head>
<body id="body">
<h2><strong>Register Student Account</strong></h2>
<form action="student_form.php" method="post" >
<table border="1" id="container">
<tr>
<td>First Name</td>
<td>:</td>
<td><input type="text" name="fname" size="30" maxlength="50"/></td>
</tr>
<tr>
<td>Last Name</td>
<td>:</td>
<td><input type="text" name="lname" size="30" maxlength="50"/></td>
</tr>
<tr>
<td>Age</td>
<td>:</td>
<td><input type="text" name="age" size="3" /></td>
</tr>
<tr>
<td >Gender </td>
<td> : </td>
<td> Male
<input type="radio" name="gender" value="Male"/>
Female
<input type="radio" name="gender" value="Female"/></td>
</tr>
<tr>
<td valign="top">Course</td>
<td valign="top"> : </td>
<td> <input type="radio" name="course" value="Bachelor Of Computing"/>Bachelor Of Computing<br/>
<input type="radio" name="course" value="Bachelor Of Science"/>Bachelor Of Science<br/>
<input type="radio" name="course" value="Bachelor Of Software Engineering"/>Bachelor Of Software Engineering<br/>
<input type="radio" name="course" value="Bachelor Of Networking"/>Bachelor Of Networking<br/>
<input type="radio" name="course" value="Bacelor Of IT"/>Bacelor Of IT <br/>
<input type="radio" name="course" value="Bachelor Of Computer Science"/>Bachelor Of Computer Science<br/></td>
</tr>
<tr>
<td>Email Address</td>
<td>:</td>
<td><input type="text" name="email" size="30" maxlength="50"/></td>
</tr>
</table>
<input type="submit" name="register" value="REGISTER"/>
</form><br>
<p><a href="student_form.php" >Home</a></p>
<p><a href="display_data.php">Display Data Information</a>
<p><a href="search.php">To search for Members</a>
</body>
</html>
and this is the search_form codes......
<html>
<head>
<?php
//require_once('student_form.php');
if(isset($_POST['s1'])){
$id=$_REQUEST['id'];
$fname=$_POST['fname'];
//connect to the database
include('connection.php');
//-query the database table
$sql=mysql_query("SELECT * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
//-run the query against the mysql query function
$result=mysql_query($sql);
if($row=mysql_fetch_array($result)){
$fname=$row['FirstName'];
$lname=$row['LastName'];
/*$email=$row['Email'];
$age =$row['Age'];
$gender=$row['Gender'];
$course = $row['Course'];*/
}
//-display the result of the array
else
{
<?php echo $rows['FirstName']; ?>
<?php echo $rows['LastName']; ?>
}
}
?>
</head>
<body>
<form action="search.php" method="post">
<table>
<tr>
<td><strong>search box</strong></td>
<td><strong>:</strong></td>
<td><input type="text" name="search" value=""size="30"/><input type="submit" name="s1" value="Search"/></td>
</table>
</form>
</body>
</html>