i dont understand what i am doing wrong and why its not displaying an error code but it displays the rest of my code after a specific word.
Code:
<?php
$errors = array();
$required = array(
'InvoiceFrom' =>'This is required',
'InvoiceTo' =>'This is required',
'InvoiceAddress'=>'This is required',
'ContactName' =>'This is required',
'ContactNumber' =>'This is required',
'Email' =>'This is required',
'PoNo' =>'This is required',
'Details' =>'This is required',
'InvoiceAmount' =>'This is required',
'Submitted' =>'This is required',
'SubmittedBy' =>'This is required',
);
if ('POST' === $_SERVER['REQUEST_METHOD'])
{
foreach ($required as $field => $error)
{
$isEmpty = 0 == strlen(trim($_POST[$field]));
if ($isEmpty) {
$errors[] = $error;
}
}
if ( ! filter_var($_POST['Email'], FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Email must be a valid email address';
}
if ( ! preg_match('~^[0-9.]+$~i', $_POST['InvoiceAmount'])) {
$errors[] = 'Invoice amount value is invalid';
}
if ( ! empty($errors))
{
$con = mysqli_connect("localhost","FORM","form","form");
$sql = sprintf(
"INSERT INTO
table
(InvoiceFrom, InvoiceTo, InvoiceAddress, ContactName, ContactNumber, Email, PoNo, Details, InvoiceAmount, Submitted, SubmittedBy )
VALUES
('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','%s','%s');",
mysql_real_escape_string($_POST['InvoiceFrom']),
mysql_real_escape_string($_POST['InvoiceTo']),
mysql_real_escape_string($_POST['InvoiceAddress']),
mysql_real_escape_string($_POST['ContactName']),
mysql_real_escape_string($_POST['ContactNumber']),
mysql_real_escape_string($_POST['Email']),
mysql_real_escape_string($_POST['PoNo']),
mysql_real_escape_string($_POST['Details']),
mysql_real_escape_string($_POST['InvoiceAmount']),
mysql_real_escape_string($_POST['Submitted']),
mysql_real_escape_string($_POST['SubmittedBy'])
);
$res = mysql_query($sql, $con);
if ($res) {
header('Location: http://example.org/success', true, 301);
exit;
}
$errors[] = mysql_error($con);
}
}
?>
<html>
<head></head>
<body>
<?php if (count($errors)): ?>
<ul>
<?php foreach ($errors as $error): ?>
<li><?php echo $error; ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<form method="post">
</form>
</body>
What is outputed:
'This is required','InvoiceTo' =>'This is required','InvoiceAddress'=>'This is required','ContactName' =>'This is required','ContactNumber' =>'This is required','Email' =>'This is required','PoNo' =>'This is required','Details' =>'This is required','InvoiceAmount' =>'This is required','Submitted' =>'This is required','SubmittedBy' =>'This is required',); if ('POST' === $_SERVER['REQUEST_METHOD']) { foreach ($required as $field => $error) { $isEmpty = 0 == strlen(trim($_POST[$field])); if ($isEmpty) { $errors[] = $error; } } if ( ! filter_var($_POST['Email'], FILTER_VALIDATE_EMAIL)) { $errors[] = 'Email must be a valid email address'; } if ( ! preg_match('~^[0-9.]+$~i', $_POST['InvoiceAmount'])) { $errors[] = 'Invoice amount value is invalid'; } if ( ! empty($errors)) { $con = mysqli_connect("localhost","FORM","form","form"); $sql = sprintf( "INSERT INTO table (InvoiceFrom, InvoiceTo, InvoiceAddress, ContactName, ContactNumber, Email, PoNo, Details, InvoiceAmount, Submitted, SubmittedBy ) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','%s','%s');", mysql_real_escape_string($_POST['InvoiceFrom']), mysql_real_escape_string($_POST['InvoiceTo']), mysql_real_escape_string($_POST['InvoiceAddress']), mysql_real_escape_string($_POST['ContactName']), mysql_real_escape_string($_POST['ContactNumber']), mysql_real_escape_string($_POST['Email']), mysql_real_escape_string($_POST['PoNo']), mysql_real_escape_string($_POST['Details']), mysql_real_escape_string($_POST['InvoiceAmount']), mysql_real_escape_string($_POST['Submitted']), mysql_real_escape_string($_POST['SubmittedBy']) ); $res = mysql_query($sql, $con); if ($res) { header('Location: http://example.org/success', true, 301); exit; } $errors[] = mysql_error($con); } } include "ERROR.html" ?>
Could you please explain what i'm doing wrong and how i caould make it better?
