0

I'm trying to use php to validate my form. I would like to validate a product_name box for being not empty, a price box for being numeric and having a decimal, and a quantity box for being an integer. Right now I'm getting an error:
Parse error: syntax error, unexpected T_VARIABLE in C:\Program Files\IndigoPerl\apache\htdocs\process_games.php on line 60

I don't think I have how the price is validated correct either, how would I include the decimal point? I'm not sure if the way I have the code that the information will still be added to the DB if the error message for the price & quantity comes up. Maybe I should nest them with the product name?

<?php

echo '<html>
<head><link rel="stylesheet" type="text/css" href="styles.css" />
<title>Uploading image and adding game to database...</title>
</head>
<body>
<h3>Uploading file...</h3>';

if ($_FILES['filename']['error'] > 0)
{
	echo 'Problem: ';
    	switch ($_FILES['filename']['error'])
    	{
      		case 1:  echo 'File exceeded upload_max_filesize';  break;
      		case 2:  echo 'File exceeded max_file_size';  break;
      		case 3:  echo 'File only partially uploaded';  break;
      		case 4:  echo 'No file uploaded';  break;
    	}
    	exit;
}

// put the file where we'd like it
$upfile = './images/'.$_FILES['filename']['name'];

if (is_uploaded_file($_FILES['filename']['tmp_name']))
{
     	if (!move_uploaded_file($_FILES['filename']['tmp_name'], $upfile))
     	{
        	echo 'Problem: Could not move file to destination directory';
        	exit;
     	}
}
else
{
    	echo 'Problem: Possible file upload attack. Filename: ';
    	echo $_FILES['filename']['name'];
    	exit;
}

echo '<p>File uploaded successfully<br><br>';

if (isset($_POST['description'])) {
	$description = $_POST['description'];
} else {
        $description = $_FILES['filename']['name'];
}

// show what was uploaded
echo '<p>Preview of uploaded file:<br><hr>';
echo "<a href='$upfile'>$description</a>";
echo '<br><hr>';
echo '</body></html>';

$imagename = $description;

// Set up the database connection.
require_once ('mysqli_connect.php');

if (! preg_match('/^-?\d+$/'$_POST['price'])) {
    print 'Price must be a number.';
}
if (! preg_match('/^-?\d+$/'$_POST['quantity'])) {
    print 'Quantity must be an integer.';
}

	if (!empty($_POST['product_name'])
		{
			// add new sandwich
			$product_name = $_POST['product_name];
			$quantity = $_POST['quantity'];
			$price = $_POST['price'];
			$systemid = $_POST[systemid];
			$genreid = $_POST[genreid];
			$conditionid = $_POST[conditionid];

			$query = "INSERT INTO products (productName, quanity, price, image_name, systemid, genreid, conditionid)
								   VALUES ('$product_name', '$quantity', '$price', $imagename, $systemid, $genreid, $conditionid)";

			$result = mysqli_query ($dbc, $query);
			$productid = mysqli_insert_id($dbc);
		}

		else
		{
			echo '<p>Error - All fields are required!</p>';
		}
		echo 'Productid: ' . $productid . ' ' . ' Game Name: ' . $product_name . ' ' . ' Image Name: ' .
		$imagename . ' Quantity: ' . $quantity . ' Price: ' . $price . '<br>';

?>
2
Contributors
2
Replies
3
Views
7 Years
Discussion Span
Last Post by xylude
0

You are missing a comma in line 60:

if (! preg_match('/^-?\d+$/',$_POST))

also php's is_numeric function should work just fine for checking if the number is numeric. For example change line 60 with:

if(!is_numeric($_POST) {
//fail
}

Edited by xylude: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.