0

I'm trying to validate my php form using exception, but somehow it doesn't work. The exception is supposed to be thrown if the user enters in "nameg" any character which is not string and in the "amountg" anything which is not integer. Should Exceptions even be used in this case:

if(!empty($_POST['nameg']) && !empty($_POST['amountg']))
{
    $user="rootdummy";
    $pass="password";
    $db="practice";
    $nameg=$_POST['nameg'];
    $amountg=$_POST['amountg'];

    try{
        if(!is_int($amountg) || !is_string($nameg)){
            throw new Exception("This is the exception message!");
        }
    }
    catch (Exception $e){
        $e->getMessage();
    }

    mysql_connect('localhost',$user,$pass) or die("Connection Failed!, " . mysql_error());
    $query="INSERT INTO practable (name,given) VALUES('$nameg',$amountg) ON DUPLICATE KEY UPDATE name='$nameg', given=IFNULL(given + $amountg,$amountg)";
    mysql_select_db($db) or die("Couldn't connect to Database, " . mysql_error());
    mysql_query($query) or die("Couldn't execute query! ". mysql_error());

    mysql_close() or die("Couldn't disconnect!");
    include("dbclient.php");
    echo "<p style='font-weight:bold;text-align:center;'>Information Added!</p>";
}
Improve this question
6
  • Your code is vulnerable to SQL injection and mysql_* is softly deprecated. Commented Mar 24, 2012 at 14:07
  • What did you post as $_POST['amountg'], the value ? Commented Mar 24, 2012 at 14:08
  • Yes $_POST['amountg'] is the value that the user enters through the form. Commented Mar 24, 2012 at 14:15
  • 1
    Everything coming out of _POST/_GET/_REQUEST is a string, even if it is a "number". Commented Mar 24, 2012 at 14:28
  • @MarcB I think now i understand why it throws exceptions even if i pass it an integer... How would you validate this form? Commented Mar 24, 2012 at 14:35

3 Answers 3

Reset to default
3

Presumably you want to output the exception? Do:

echo $e->getMessage();

Edit: In response to your later comment regarding script ending, put the MySQL queries in the try block.

Edit 2: Changed validation in response to your comments.

if(!empty($_POST['nameg']) && !empty($_POST['amountg']))
{
    $user="rootdummy";
    $pass="password";
    $db="practice";
    $nameg=$_POST['nameg'];
    $amountg=$_POST['amountg'];

    try{

        if(!ctype_numeric($amountg) || !ctype_alpha($nameg)){
            throw new Exception("This is the exception message!");
        }

      mysql_connect('localhost',$user,$pass) or die("Connection Failed!, " . mysql_error());
      $query="INSERT INTO practable (name,given) VALUES('$nameg',$amountg) ON DUPLICATE KEY UPDATE name='$nameg', given=IFNULL(given + $amountg,$amountg)";
      mysql_select_db($db) or die("Couldn't connect to Database, " . mysql_error());
      mysql_query($query) or die("Couldn't execute query! ". mysql_error());

      mysql_close() or die("Couldn't disconnect!");
      include("dbclient.php");
      echo "<p style='font-weight:bold;text-align:center;'>Information Added!</p>";

    }
    catch (Exception $e){
        echo $e->getMessage();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Just modified the code and tried, it does work! BUT now it throws the exception even "nameg" contains string and "amountg"contains integer. Throws it everytime! Am i too noob for exceptions? :(
In the catch block, put var_dump($amountg) and var_dump($nameg) and show us the outputs.
This is what i get: This is the exception message!string(2) "45" string(7) "testone"
As you can see, they're both strings so is_int($amountg) fails. Try instead is_numeric($amountg) (allows decimals) or ctype_digit($amountg) (does not allow decimals)
Because it's still a string (just a string of numbers). Use ctype_alpha($nameg).
|
1

It does, but you're doing nothing with your exception, except catching it.

Try 

echo $e->getMessage()
Improve this answer

Comments

1

You are catching it and performing a statement that does virtually nothing.

$e->getMessage(); just gets it as a string and throws it away without echoing it.

Either echo it or rethrow or, if you just wanted to exit at that point, don't catch the exception at all (you can remove both the try and catch blocks).

Improve this answer

4 Comments

True, I just added that. However I want the script to break if the exception is thrown. I added break; in the catch block but it gives me an error: Fatal error: Cannot break/continue 1 level in c:\ Is the way I used exceptions with form validation correct or should if/else conditions be used like the initial checking to see if the form is empty?
I think you just want to throw, so I edited that in. Throwing without catching will cause the exception to bubble upwards till it is caught or it reaches any set_exception_handler.
Well I wanted something like this: try{} catch{echo "enter again please!";include("form.php");break;} something like which shows the form again with a message, throwing without catching the exception gives me an exception error.
You can do that, just don't include the break statement. When it gets to the end of the catch block the code will continue, or use return to return from the function.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.