How to Display Error Message While Downloading Report

Hello Experts!

I have a php page where students enter information to check their results.
See here

I want to display relevant error message on the same page when wrong info is entered. Currently, I'm using error_reporting(0);.
The result is in PDF format.

Please use following to get accurate result:
Class:                       SS 1A
Session:                  2018/2019
Term:                      1st Term
Adminssion No:    GSS/0001
Password:              abc (could be any string)

And use random data to get what I'm taking about.

Bellow is part of the codes:

myForm:
<form id="resultForm" action="terminal_result.php" method="POST">
                        <!--Form with header-->
                        <div class="card wow fadeIn white" data-wow-delay="0.3s">
                            <div class="card-body">
                                <!--Header-->
                                <div class="form-header blue-gradient">
                                    <h3><i class="fa fa-download mt-2 mb-2"></i> Check Result</h3>
                                </div>
                                <div id="error"></div>
                                <!--Body-->
                                <div>                                    
                                    <select name="class_name" id="class_name" class="mdb-select colorful-select dropdown-info" required="required">
                                        <option value="" disabled selected>Choose Class</option>
                                        <?php echo fill_class_box($conn); ?>
                                    </select>
                                </div>
                                <div>                                    
                                    <select name="session" id="session" class="mdb-select colorful-select dropdown-info" required="required">
                                        <option value="" disabled selected>Choose Year of Result</option>
                                        <?php echo fill_session_box($conn); ?>
                                    </select>
                                </div>
                                <div>                                    
                                    <select name="term" id="term" class="mdb-select colorful-select dropdown-info" required="required">
                                        <option value="" disabled selected>Choose Term</option>
                                        <?php echo fill_term_box($conn); ?>
                                    </select>
                                </div>
                                
                                <div class="md-form">
                                    <i class="fa fa-user prefix grey-text"></i>
                                    <input type="text" name="student_id" id="student_id" class="form-control" autocomplete="off" required="required">
                                    <label for="student_id">Admission No</label>
                                </div>

                                <div class="md-form">
                                    <i class="fa fa-lock prefix grey-text"></i>
                                    <input type="password" name="password" id="password" class="form-control" required="required">
                                    <label for="password">Password</label>
                                </div>
                                <div class="text-center">
                                    <button type="submit" name="download_result" id="download_result" class="btn blue-gradient btn-lg">Submit</button>
                                
                                </div>
                            </div>
                        </div>
                    </form>

Open in new window


The script:
<?php
require('../../fpdf.php');
require('../conn.php');
error_reporting(0);

function clean($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

$stu_id = clean($_POST['student_id']);
$class = clean($_POST['class_name']);
$session = clean($_POST['session']);
$term = clean($_POST['term']);

//biodata
$biodata = $conn->prepare("SELECT * FROM ... WHERE Student_ID = ? ");
$biodata->bind_param("s", $stu_id);
$biodata->execute();
$report = $biodata->get_result();
$student = $report->fetch_object();

//date in yyyy-mm-dd format; or it can be in other formats as well
  $birthDate = $student->Date_Of_Birth;
  //explode the date to get month, day and year
  $birthDate = explode("-", $birthDate);
  //get age from date or birthdate
  $age = (date("md", date("U", mktime(0, 0, 0, $birthDate[2], $birthDate[1], $birthDate[0]))) > date("md") ? ((date("Y") - $birthDate[0]) - 1) : (date("Y") - $birthDate[0]));
  $age_year = "".$age." years";

//attendance and comment
$attendance_comment = $conn->prepare("SELECT ... FROM ... LEFT JOIN ... ON ... WHERE Student_ID = ? AND Class_Name = ? AND Session = ? AND Term = ?");

//and so on

Open in new window


Please help.
Opeyemi AbdulRasheedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gr8gonzoConsultantCommented:
Personally, I would use an AJAX page/controller to validate login. The flow would be:

1. HTML form posts data to the AJAX controller.

2. AJAX controller checks the login.
- If the login is valid, then it sets up the session with the student ID and returns a JSON result to indicate success and the new URL to go to
- If the login is invalid, then it returns a JSON result indicating the error message

3. The HTML form gets the JSON response back from the AJAX controller.
- If the JSON result indicates success, it redirects the browser to the new URL (and now you have the appropriate info in your session)
- If the JSON result indicates failure, show the error message

The AJAX controller would look something like this:
<?php
// Sleep 1 second to deter brute-force attacks
sleep(1); 

// Start/resume session
session_start();

// Connect to the database
$conn = ...

// Sanitize the input
$stu_id = clean($_POST['student_id']);
...etc...

// Validate the student ID and password by querying the database
$login_check = $conn->prepare("SELECT ... FROM Students WHERE Student_ID = ? AND Password = ?");
...etc...

// Now determine success or failure
$return_data = array();
if(successful criteria)
{
  // Success, record the student ID in our session variable
  $_SESSION["student_id"] = $student_id;
  $return_data["result"] = 1; // 1 = Success
  $return_data["url"] = "/url/of/next_page.php";
  echo json_encode($return_data);
  return;
}
else
{
  // Failure
  $return_data["result"] = 0; // 0 = Failure
  $return_data["error"] = "The error message here, like Invalid Login or something";
  echo json_encode($return_data);
  return;
}

Open in new window



Finally, in the /url/of/next_page.php, just check the session to make sure the user is logged in, and if they are, then go ahead and show them their data. Otherwise, give an error message:
<?php
// Start/resume the session
session_start();

// Make sure the student has logged in successfully before
if(!isset($_SESSION["student_id"]))
{
  // They haven't logged in yet - redirect to the login page.
  header("Location: loginform.php");
  exit();
}

// If the code reaches this point, then the user is logged in, so we can go ahead and generate the data and show it to them.
require('../../fpdf.php');
require('../conn.php');
...etc...

Open in new window


Also, unless you're intentionally requiring the student to type in all the class details, it seems like you could present them with an intermediate page after logging in. That page could pull their available classes, years, terms, etc... and present them with dropdowns for selection. That way you eliminate any accidental typos (which also means less students complaining about not being able to log in), and you're in much better control of the data overall (you can pass IDs around instead of full names).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Opeyemi AbdulRasheedAuthor Commented:
Superb! I'll check it out now.
0
Opeyemi AbdulRasheedAuthor Commented:
Thank you so much. I implemented your suggestion and it really makes sense.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PDF

From novice to tech pro — start learning today.