if(isset($_POST['save'])){
if (ctype_alpha(str_replace(' ', '', $_POST['fn'])) === false) {
$fn_error = "* Enter a valid name";
} if (ctype_alpha(str_replace(' ', '', $_POST['ln'])) === false) {
$ln_error = "* Enter a valid name";
} if (!preg_match('/^\+@wmsu\.edu\.ph$/i', $_POST['email'])) {
$email_error = "* Enter a valid email";
} if( $_POST['rank'] == "None" ) {
$rank_error = "* Please select an Academic Rank";
} if( $_POST['department'] == "None" ) {
$department_error = "* Please select a Deparment";
}else{
$firstname = htmlentities($_POST['fn']);
$lastname = htmlentities($_POST['ln']);
$email = htmlentities($_POST['email']);
$status = 'Inactive';
if(isset($_POST['status'])){
$status = $_POST['status'];
}
$faculty = array(
"firstname" => $firstname,
"lastname" => $lastname,
"email" => $email,
"academic_rank" => $_POST['rank'],
"department" => $_POST['department'],
"admission_role" => $_POST['role'],
"status" => $status
);
array_push($_SESSION['faculty'], $faculty);
//redirect user to faculty page after saving
header('location: faculty.php');
}
}
It works well but in the second dropdown which is the DEPARTMENT it has a bug like even tho I input a wrong input on the name or email but if I select an input in the department dropdown it will automatically save even tho it did not pass the sanitize. What did I miss on my code? thank you
Validating multiple inputs is not mutually exclusive. You would validate all the independent inputs all at once, by using an array to hold the validation errors, with the array index being the field name. After the end of all the validation logic, if the array holding the errors is empty, use the form data. To display the errors, you would either test, then loop over the array of errors at the appropriate location in the html document OR test if there’s an error for each field name and display it separately adjacent to the field when you re-display the form.
IMHO, setting multiple error variables is messy and doesn’t give you a simple pass/fail to continue with processing. If however you were to create an array $errors = array(); and set any error messages to this array you could simply check if this array is empty to continue with processing.
if(empty($errors)){
//processing
}
Any error messages can be defined by the POST key to the error array. For example:
$errors['fn'] = "* Enter a valid name";
These errors could be used at Form level to display error message at the input.
The use of ctype_alpha and str_replace is a flawed approach to validation. What if my last name is St’ John? Your code will tell me my last name is not valid.
Unfortunately, what is being “taught” by professors is usually wrong or way outdated. You would do much better to learn on your own.
To validate a choice from a drop-down list, what I would do is have a pre-set array of valid values, then check if the value posted is in the array. This will give you very robust validation, to the point that sanitization isn’t an issue. “None” may be the only invalid response in your list, but by no means the only invalid value that could be received.
This also begs the question: if “None” isn’t a valid value, why is it even in the list?
But the cause of the issue is as mentioned, how you are recording errors. You have a bunch of error messages in different variables, all of which will have to be tested for. Better to collect them all into one array, then check it it’s empty at the end.
