• v.Server-side Validation

  Modify tma02_validate.php to provide server-side validation for booking reference field.

  (10 marks)

Although the client-side validation checks the correct form of the booking reference, it does not actually check it is a valid booking reference.

For a reference to be valid, the server-side should validate the reference to the same format as the client-side, plus the following additional constraints: the three letter group must be one of ZRE, FGH, TYU. Anything else is invalid.

The next character must be a hyphen. Anything else is invalid.

The first digit may only be 6 or 9. The other digits may be any value between 0 and 9 inclusive.

You need to provide checks and only if all are valid, proceed to write the data to the database. If not, provide feedback to the user that the booking reference is invalid.

provided code :

$value = $data['firstname']; // ^$ = anchors, [a-zA-Z ] = letters/spaces, {1,30} = 1-30 characters $format = "/^[a-zA-Z ]{1,30}$/"; // If value does NOT match the format then it is invalid if (!preg_match($format, $value)) { $feedback['firstname'] = 'Server feedback: Only 1-30 letters/spaces are permitted'; $valid = false; }

$value = $data['lastname']; // ^$ = anchors, [a-zA-Z ] = letters/spaces, {1,30} = 1-30 characters $format = "/^[a-zA-Z ]{1,30}$/"; // If value does NOT match the format then it is invalid if (!preg_match($format, $value)) { $feedback['lastname'] = 'Server feedback: Only 1-30 letters/spaces are permitted'; $valid = false; }

$value = $data['email']; // If value does NOT match the filter then it is invalid if (!filter_var($value, FILTER_VALIDATE_EMAIL)) { $feedback['email'] = 'Server feedback: Only valid email addresses are permitted'; $valid = false; } // Also check the maximum length for this field as filter_var doesn't do this if (strlen($value) > 50) { $feedback['email'] = 'Server feedback: Email must be 50 characters or less'; $valid = false; } Need booking reference to be completed just for this section