select list from database validation

Question

i will sincerely appreciate your effort at getting this bug resolved. made a select(drop down list) from database.while the dropdown worked(as it showed up in ia normal form.), i could not get the validation right.or somethihg wen wrong which i dont know. if i select a country from the list, it gives error as conditioned in the form(please select business head office country)

here is the form:

    <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>"  />
Country of Residence of Business' Head Office<br />
<select name="country_location" class="select">
<option> Select Country</option>
<?php
include('inc/mysqli_connect.php');
$q ="SELECT id, CONCAT_WS('', country) FROM country ORDER BY country ASC";
$r =  mysqli_query($dbc, $q);
if(mysqli_num_rows($r) > 0){
while ($row = mysqli_fetch_array($r, MYSQLI_NUM)){
echo "<option value=\"$row[0]\"";
// check for stickyness
if(isset($_POST['country']) && ($_POST['country']==$row[0])) echo'country="country"';
echo ">$row[1]</option>\n";
}
}
mysqli_close($dbc);
 ?>
</select><br />
<input type="hidden" name="submitted" value="TRUE" /><br />
<input type="submit" name="submit" value="Register"  id="submit"/>
</div>
</form>

then the validation

  <?php
  require_once('inc/config_inc.php');
  $page_title = 'Register';

include('inc/session.html');
if(isset($_POST['submitted'])){
  require_once ('inc/mysqli_connect.php');
  $trimmed =array_map('trim', $_POST);
  $business_name=$country_location=$business_city=$nature_of_business=$email=$telephone=$director_last_name=$director_first_name=$password=FALSE;

if(isset($_POST['country_location']) && ($_POST['country_location'] == 'country') && ($_POST['country'] > 0)){
 $country_location = (int)$_POST['country'];
 }
 else{
 $country_location = FALSE; 
 echo'<p class="error">Please select business\' head office country!</p>';
  }
   if($business_name && $country_location && $business_city && $nature_of_business && $email 
   && $telephone && $director_last_name && $director_first_name && $password){
   "SELECT registration_id FROM users WHERE email='$email' ";
   $q = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br /> MYSQL Error:
   ".mysqli_error($dbc));
   if(mysqli_num_rows($r) == 0){
   $a = md5(uniqid(rand(), true));

   $q = "INSERT INTO registration( business_name,country_location,business_city,nature_of_business,email,telephone,director_last_name,director_first_name, ,password ,active,registration_date) 
                                VALUES
( '$business_name', '$country_location', '$business_city' ,'$nature_of_business', '$email', '$telephone', '$director_last_name','$director_first_name','$active','SHA1($password)' NOW())";

$r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br \> MySQL Error:     ".mysqli_error($dbc));

if(mysqli_affected_rows($dbc) ==1){  // send email
$body =" Thank you for registering at....You are guaranteed customer statifaction!. To activate your account, please click on this lin:\n\n";
$body .=BASE_URL .'activate.php?x='.urlencode($email) . "&y=$a"; mail($trimmed
['email'], 'Registration Confirmation', $body, 'From: example.com');
echo'<h3 > Thank you for registering! A confirmation email has been sent to your email address. Click on the link in that email to activate your account.</h3>';

include('inc/footer.php');
exit();
}
else{ 
echo'<p class="error"> You could not be registered due to a system error. We apologise for any inconvinience.</p>';
}
}
else{ echo'<p class="error"> The email address entered has been registered.if you have forgotten your password, click link to <a href="recover_password.php">recover your password</a></p>';
}
} 
else{ echo'<p class = "error">Please re-enter your password and try again.</p>';
}mysqli_close($dbc);
}
  ?>

the database:

database name: users table name :country. rows:id (int), value(country name), country( country names)

Please do note that there are lot of fields in the form and i have only pointed out the concerend field, hence the validation seen.

Please note also that am an absolutey new developer, and also to this forum.hence i might have broken rules. Kindly correct me instead of insult and i will alway take corrections.

thanks in advance!

Answer 1

In your form, you have the <select name="country_location"> , and you set the value for each <option> to the ID of each country ( echo "<option value=\\"$row[0]\\""; ). This means that when the form is posted, the value of $_POST['country_location'] is the selected country ID.

In your validation, you check for the following:

if(isset($_POST['country_location']) && ($_POST['country_location'] == 'country') && ($_POST['country'] > 0)){

But how can $_POST['country_location'] have the value 'country'? It should hold the ID of the country. You try to set the <option country="country"> , but this will not work. Only the <option value> will be sent through POST.

If you would change the line mentioned above to:

if(isset($_POST['country_location']) && ctype_digit($_POST['country_location']) && ($_POST['country'] > 0)){

ctype_digit checks if a value consists of numbers only. Please see PHP: ctype_digit - Manual for more information. Since I expect that your IDs are numeric, this should do the trick.