Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Problem with server side validation checkbox

ku
kuti 21 Sep, 2011
Hi,

I followed Bob's guide at here http://greyhead.net/chronoforms/chronoforms-adding-a-validated-checkbox to trying validation the "I agree" checkbox by server side and it always show error, please have a look at the image below.




Your name and Your email fields (followed Chronobook-Chapter5,p113) are able to pass server side validation.

I using latest chronocontact component which is V3.2.0

Any suggestion are really appreciated.

Many thanks.
kuti
Gr
GreyHead 21 Sep, 2011
Hi Kuti,

What code do you have in the the Form HTML and the ServerSide Validation boxes?

Bob
ku
kuti 21 Sep, 2011
WOW, thank you for respond me too fast.

I assumed that you like to see html checkbox code and its php verification. Please let me know if you like to see all code form.

Below is html checkbox code:


<div class="form_item">
  <div class="form_element cf_checkbox">
    <label class="cf_label" style="width: 700px;">I confirm that all the information I have given in my application form is correct to the best of my knowledge.</label>
    <div class="float_left">
        <input value="I Agree" title="" class="radio" id="check00" name="agree_check0[]" type="checkbox" />
        <label for="check00" class="check_label">I Agree</label>
        <br />                        
    </div>                
  </div>                      
  
  <div class="cfclear"> </div>
</div>



PHP code in Validation tag - Enable Server side is YES.

<?php
$messages = array();

$agree = JRequest::getString('agree_check0[]', 'empty', 'post');
if ( $agree == 'empty' ) {
$messages[] = "Please check the box to confirm your agreement";
}
// check if there are any error messages and return
if ( count($messages) ) {
return implode('<br />', $messages);
}
?>


I even create a fresh new form which contain only checkbox and submit button then pasted the validation code into it but the new form also cannot pass the server side validation check.

This bug was prevent me to apply server side validation to my multipage form.

Thank you very much Bob,

Please let me know if you need more information.

kuti
Gr
GreyHead 21 Sep, 2011
Hi kuti,

Pleae replace agree_check0[] with agree_check0 in both chunks of code.

Bob
ku
kuti 21 Sep, 2011
Hi Bob,

Your code is great, the form was passed server side validation now.

My multipage form has another checkbox with more than 8 item, I wonder if the above code is able to handle this one as from my understood that you remove the data array.

Pardon me, could you help me two more questions, Bob?

1. How to apply this validation for drop box and checkbox with multi field?

2. In my confirmation page at multiform, I used this code to get the data from previous steps:

 <?php
   if (isset($posted['family_name']))
   {
     $family_name=$posted['family_name'];
   }else{
     $other_names='';
   }
   echo '' .$family_name. '';
?>


And when I added the "mysql_real_escape_string" to protect the mysql injection attack:

 <?php
   if (isset($posted['family_name']))
   {
     $family_name=mysql_real_escape_string($posted['family_name'])
   }else{
     $other_names='';
   }
   echo '' .$family_name. '';
?>


The code is worked but it made the form performed really slow at the confirmation page.

So the question is it right? is there another way to make it perform faster? or I no need to add mysql_real_escape_string because the form is already solid.

Thank you for your patient with me.

kuti
ku
kuti 21 Sep, 2011
Hi Bob,

I just resolved my question 1, basically I only need to remove the array quote "[]" at server side validation code.

Please forgive me for my laziness.

But I am still waiting for your guide at question 2.

Many thanks
Gr
GreyHead 21 Sep, 2011
Hi Kuti,

You are missing the ; at the end of
$family_name=mysql_real_escape_string($posted['family_name']);


Joomla! does some results filtering but I suspect that ChronoForms may over-ride that, it's good to be safe.

Bob
ku
kuti 21 Sep, 2011
Hi Bob,

I made a mistake when post the code so that line code also has ";" at the end. I am so sorry about it.

Let me explain more about question 2.

- If I am not use mysql_real_escape_string at the confirmation page (form 5) then after submit at the step 4 (form 4), all fields data from form1;form2;form3;form4 will be post to confirmation page by using the above code, the browser usually take no more than 2 second to process from form 4 to form 5.

- But if I added mysql_real_escape_string into all the field at the confirmation page then browser will take more than 2 minutes and sometime longer.

I thought this happen because my form is a long form and the form maybe take time to filter all the data.

I also tested joomla as well as chronoform filters by insert words have characters like ",='; and they were inserted into database, they weren't only I added mysql_real_escape_string.

So I just wonder if there is anyway to make the processing quicker when added mysql_real_escape_string to the confirmation page.

Kind regards,

kuti
Gr
GreyHead 22 Sep, 2011
Hi kuti,

I don't use mysql_real_escape_string() and never have so I have no idea why that might cause a delay. I use the Joomla! Request filters instead, they seem to work OK.

Checking the PHP manual I see that the function calls the database each time it is executed - I guess that might cause some delay though to me it sounds more like there is a bug in the code.

Bob
ku
kuti 22 Sep, 2011
Hi Bob,

I will try Joomla! Request filters and will let you know the result.

Thank you very much for support.

kuti
This topic is locked and no more replies can be posted.