Easiest way to validate that a user selected a state from a drop down menu of all US states in php

Question

My assignment is to build a form using php that gets the users first name, last name, street address, city, state, zip code, phone number, quantity of product wanted, and preferred shipping method. I have built the code and validation up to the point of the state; however, the state question is a drop down menu that is supposed to list all the states and have the user select one. When I try this code below that correlates with my state variable my code quits working. I have tried changing my form action to the PHP self post because that seemed to be the most common fix but was unsuccessful with all of my attempts. The if test i have below that posts the state variable was my latest attempt at trying a solution found on this website, so if there is anyway to validate that the user selected a state with the value="0" option that would be great!

<?php
$stateError = "";
if(0 != $_POST['state'])
{
    $state = $_POST['state'];
}
else 
{
    $stateError = "<span class='error'>Enter a valid state from the dropdown menu</span>";
     error++;
}
?>
<form action="test.php" method="post">
<p>State:
            <select id="statedrop" name="state">
                <option value="0" selected>enter state</option>
                <option value="AL">Alabama</option>
                <option value="AK">Alaska</option>
                <option value="AZ">Arizona</option>
                <option value="AR">Arkansas</option>
                <option value="CA">California</option>
                <option value="CO">Colorado</option>
                <option value="CT">Connecticut</option>
                <option value="DE">Delaware</option>
                <option value="DC">District Of Columbia</option>
                <option value="FL">Florida</option>
                <option value="GA">Georgia</option>
                <option value="HI">Hawaii</option>
                <option value="ID">Idaho</option>
                <option value="IL">Illinois</option>
                <option value="IN">Indiana</option>
                <option value="IA">Iowa</option>
                <option value="KS">Kansas</option>
                <option value="KY">Kentucky</option>
                <option value="LA">Louisiana</option>
                <option value="ME">Maine</option>
                <option value="MD">Maryland</option>
                <option value="MA">Massachusetts</option>
                <option value="MI">>Michigan</option>
                <option value="MN">Minnesota</option>
                <option value="MS">Mississippi</option>
                <option value="MO">Missouri</option>
                <option value="MT">Montana</option>
                <option value="NE">Nebraska</option>
                <option value="NV">Nevada</option>
                <option value="NH">New Hampshire</option>
                <option value="NJ">New Jersey</option>
                <option value="NM">New Mexico</option>
                <option value="NY">New York</option>
                <option value="NC">North Carolina</option>
                <option value="ND">North Dakota</option>
                <option value="OH">Ohio</option>
                <option value="OK">Oklahoma</option>
                <option value="OR">Oregon</option>
                <option value="PA">Pennsylvania</option>
                <option value="RI">Rhode Island</option>
                <option value="SC">South Carolina</option>
                <option value="SD">South Dakota</option>
                <option value="TN">Tennessee</option>
                <option value="TX">Texas</option>
                <option value="UT">Utah</option>
                <option value="VT">Vermont</option>
                <option value="VA">Virginia</option>
                <option value="WA">Washington</option>
                <option value="WV">West Virginia</option>
                <option value="WI">Wisconsin</option>
                <option value="WY">Wyoming</option>
            </select>
        </p>
</form>

Answer 1

To avoid php injections you should keep the possible values for your POST variable as an array. And if something was selected check if the value you got is in the array. Bad guys will try to manipulate your page otherwise.

<?php
$stateError = "";
$states = array("AL","AK","AZ","AR","CA","CO","CT","DE","DC","FL",
              "GA","HI","ID","IL","IN","IA","KS","KY","LA","ME",
              "MD","MA","MI","MN","MS","MO","MT","NE","NV","NH",
              "NJ","NM","NY","NC","ND","OH","OK","OR","PA","RI",
              "SC","SD","TN","TX","UT","VT","VA","WA","WV","WI","WY");
$state_names = array("Alabama","Alaska","Arizona","Arkansas","California",
              "Colorado","Connecticut","Delaware","District Of Columbia",
              "Florida","Georgia","Hawaii","Idaho","Illinois","Indiana",
              "Iowa","Kansas","Kentucky","Louisiana","Maine","Maryland",
              "Massachusetts",">Michigan","Minnesota","Mississippi","Missouri",
              "Montana","Nebraska","Nevada","New Hampshire","New Jersey",
              "New Mexico","New York","North Carolina","North Dakota","Ohio",
              "Oklahoma","Oregon","Pennsylvania","Rhode Island","South Carolina",
              "South Dakota","Tennessee","Texas","Utah","Vermont","Virginia",
              "Washington","West Virginia","Wisconsin","Wyoming");

// we check if the posted state is in the array states
if(isset($_POST['state']) && in_array($_POST['state'],$states))
{
  $state = $_POST['state'];
}
else 
{
  $stateError = "<span class='error'>Enter a valid state from the dropdown menu</span>";
  $error++; // error++ is a typo, it should be $error whatever $error is.
}

echo '<form action="test.php" method="post">';

echo '<p>State:<select id="statedrop" name="state">';
echo '<option>enter state</option>';
foreach ($states as $key => $val){
  echo '<option value="'.$val.'" ';
  if ($val===$state){
    // if state was selected remember the position
    echo " selected ";
  }
  echo '>'.$state_names[$key].'</option>';
}
echo '</select></p></form>';
?>