Validating a greater than/less than numeric amount on php form

Question

I am trying to create a form in which a logged in user can enter a sale (ltd_entry_amount), but only sales that are $200.00 or more, but with no luck. If I get rid of the '> 199.99' the form works ok but for now the 'Please check all manatory fields are complete and try again.' message shows. Can anyone help?

                <?php 

                require_once ('./includes/config.inc.php');

                $page_title = 'Log a Sale';
                include ('./includes/header.html');

                if (!isset($_SESSION['ltd_user_id'])) {

                   $url = 'http://' . $_SERVER['HTTP_HOST']
                    . dirname($_SERVER['PHP_SELF']);
                   if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
                        $url = substr ($url, 0, -1); // Chop off the slash.
                   }
                   $url .= '/login.php'; 

                ob_end_clean(); // Delete the buffer.
                header("Location: $url"); 
                exit(); // Quit the script.
                }
                $users = $_SESSION['ltd_user_id'];

                if (isset($_POST['submitted'])) {// Handle the form.

                   require_once ('database.php');
                   // Connect to the database.    

                    $errors = array(); // Initialize error array.

                    // Check for a Invoice Number.
                    if (empty($_POST['ltd_invoice_no'])) {
                       $errors[] = '<p>• You forgot to enter your Invoice Number.</p>';
                    } else {
                       $inv = escape_data($_POST['ltd_invoice_no']);
                    }

                    // Check for invoice amount.
                    if (empty($_POST['ltd_entry_amount']) < 199.99) {
                       $errors[] = '<p>• You forgot to enter your Total Amount. Please ensure it is at least $200.00</p>';
                    } else {
                       $amount = escape_data($_POST['ltd_entry_amount']);
                    }

                    // Check for business name.
                    if (empty($_POST['ltd_business_name'])) {
                       $errors[] = '• You forgot to enter your Dealership Name.';
                    } else {
                       $dealer = escape_data($_POST['ltd_business_name']);
                    }

                    if (empty($errors) && $amount)  { // If everything's OK. // If everything's OK.

                      // Make sure the invoice number is available.
                      $uid = @mysql_insert_id(); //Get the url ID.

                        // Add the user.
                        $query = "INSERT INTO ltd_sales_list (ltd_item_id , ltd_user_id, ltd_invoice_no, ltd_entry_amount, ltd_entry_userdate, ltd_business_name, ltd_entry_date) VALUES
                        ('$uid', '$users', '$inv', '$amount', '$_POST[ltd_entry_userdate]', '$dealer' , NOW())";
                        $result = @mysql_query ($query); // Run the query.


                        if (mysql_affected_rows() == 1) {
                        // If it ran OK.
                           echo 'Your sale is registered into the system.';
                           include ('./includes/footer.html'); // Include the HTML footer.
                           exit();

                        } else { // If it did not run OK.
                           echo 'You could not be registered due to a system error. We apologize for any inconvenience.';
                        }

                   } else { // If one of the data tests failed.
                      echo 'Please check all manatory fields are complete and try again.';
                   }

                   mysql_close(); // Close the database connection.

                } // End of the main Submit conditional.
                ?>                          


                <form action="logsale.php" method="post">



                                        <table width="550" border="0" cellspacing="1" cellpadding="5">

                                              <tr>
                                                <td width="250"><div align="right">Invoice Number <span class="red_light">*</span></div></td>
                                                <td width="267">
                                                <input type="text" name="ltd_invoice_no" size="30" maxlength="30" value="<?php if (isset($_POST['ltd_invoice_no'])) echo $_POST['ltd_invoice_no']; ?>" /></td>
                                              </tr>
                                              <tr>
                                                <td><div align="right">Total Amount of sale 
                                                        <em><strong>(exc. GST)</strong></em> <span class="red_light">*</span></div></td>
                                                <td>
                                                <input type="text" name="ltd_entry_amount" size="30" maxlength="30" 
                                                value="<?php if (isset($_POST['ltd_entry_amount'])) echo $_POST['ltd_entry_amount']; ?>" /></td>
                                              </tr>
                                              <tr>
                                                <td></td>
                                                <td>Please enter number only</td>
                                              </tr>
                                              <tr>
                                                <td><div align="right">Date of Invoice</div></td>
                                                <td>
                                                <script type="text/javascript">
                                                    $(function() {
                                                    $("#datepicker").datepicker({ dateFormat: "dd/mm/yy" }).val()
                                                    });
                                                    </script>

                                                <input size="30" maxlength="10" id="datepicker" name="ltd_entry_userdate" type="text" value="<?php if (isset($_POST['ltd_entry_userdate'])) echo $_POST['ltd_entry_userdate']; ?>" /></td>

                                              </tr>
                                                <tr>
                                                <td></td>
                                                <td><span class="sml_italics"><strong>Please enter as <strong>DD-MM-YYYY</strong></td>
                                              </tr>
                                              <tr>
                                                <td><div align="right">Dealership <span class="red_light">*</span></div></td>
                                                <td><input type="text" name="ltd_business_name" size="50" maxlength="60" value="<?php if (isset($_POST['ltd_business_name'])) echo $_POST['ltd_business_name']; ?>" /></td>
                                               </tr> 

                                                <tr>
                                                <td></td>
                                                <td><p><input type="submit" name="submit" value="Submit" /></p><input type="hidden" name="submitted" value="TRUE" />
                                                </td>
                                                </tr>

                                            </table>


                  </form>


                 <?php
                include ('./includes/footer.html');
                ?>

Ref. http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php - not only is it safer, but it helps prevent stupid bugs like syntax errors on unexpected input. — , Jan 31 '13 at 00:10
Could this help? `if (empty($_POST['ltd_entry_amount']) || $_POST['ltd_entry_amount'] <= 199.99)` — Mr. Radical, Jan 31 '13 at 00:13
For reference, "You forgot" is a bit presumptuous, considering you could actually enter an amount of 199.98 and trigger the message. You might want to word it differently, and/or break up checking whether the data is *present* vs whether it's *valid*. — cHao, Jan 31 '13 at 00:49

score 3 · Accepted Answer · answered Jan 31 '13 at 00:10

3

if (empty($_POST['ltd_entry_amount']) < 199.99) {

You are comparing a boolean value with a float number

You must separate both conditions:

if(empty($_POST['ltd_entry_amount']) or $_POST['ldt_entry_amount'] < 199.99){

answered Jan 31 '13 at 00:10

markmb

852
4
12
32

If the OP was to include only 200 or more I think he should use <= is instead of <. `if (empty($_POST['ltd_entry_amount']) || $_POST['ltd_entry_amount'] <= 199.99)` – Mr. Radical Jan 31 '13 at 00:15

CoderOfHonor · Answer 2 · 2013-01-31T00:21:34.540

1

It looks like there is a problem with your if statement:

if (empty($_POST['ltd_entry_amount']) < 199.99)

should be

if (empty($_POST['ltd_entry_amount']) || $_POST['ltd_entry_amount'] < 199.99)

edited Jan 31 '13 at 00:21

answered Jan 31 '13 at 00:08

CoderOfHonor

741
7
17

@AdamMc I edited my solution. I think it'll fix your problem. – CoderOfHonor Jan 31 '13 at 00:22

Validating a greater than/less than numeric amount on php form

2 Answers2