Hi - My question: Using the following form and included validation script, how do I send a form to a remote URL. If I include the code in the head of the <Form> tag it send without validation. I need to validate then send. The code works fine otherwise. (My opinion LOL)
I'd also like to know how to validate both a drop down and one check box in the validation code. Your help is appreciated thank you.
The Form
<?php include('form_verify.php'); ?>
<form action="a website for processing" method="post" id="form">
<div>
<label for="first_name">First Name<em>*</em></label>
<input type="text" id="first_name" name="first_name" value="<?= $_POST['first_name']; ?>" maxlength="60" required tabindex="10">
<?php if(isset($firstNameError)) echo '<span class="error">'.$firstNameError.'</span>'; ?>
</div>
<div>
<label for="last_name">Last Name<em>*</em></label>
<input type="text" id="last_name" name="last_name" value="<?= $_POST['last_name']; ?>" maxlength="60" required tabindex="20">
<?php if(isset($lastNameError)) echo '<span class="error">'.$lastNameError.'</span>'; ?>
</div>
<div>
<label for="phone">Email Address<em>*</em></label>
<input type="text" id="email" name="email" value="<?= $_POST['email']; ?>" maxlength="60" required tabindex="30">
<?php if(isset($emailError)) echo '<span class="error">'.$emailError.'</span>'; ?>
</div>
<div>
<label for="email2">Email Address Confirm<em>*</em></label>
<input type="text" id="email2" name="email2" value="<?= $_POST['email2']; ?>" maxlength="120" required tabindex="40">
<?php if(isset($email2Error)) echo '<span class="error">'.$email2Error.'</span>'; ?>
</div>
<div>
<label for="phone">Phone<em>*</em></label>
<input type="text" id="phone" name="phone" value="<?= $_POST['phone']; ?>" maxlength="20" required tabindex="40">
<?php if(isset($phoneError)) echo '<span class="error">'.$phoneError.'</span>'; ?>
</div>
<div>
<label for="title">Job Title<em>*</em></label>
<input type="text" id="title" name="title" value="<?= $_POST['title']; ?>" maxlength="60" required tabindex="50">
<?php if(isset($jobTitleError)) echo '<span class="error">'.$jobTitleError.'</span>'; ?>
</div>
<div>
<label for="company">Company<em>*</em></label>
<input class="wide" type="text" id="company" name="company" value="<?= $_POST['company']; ?>" maxlength="60" required tabindex="60">
<?php if(isset($companyError)) echo '<span class="error">'.$companyError.'</span>'; ?>
</div>
<div>
<label for="platform">Platform</label>
<div class="select-box">
<select id="platform" name="platform" tabindex="70"> <!--Add Validation-->
<option value="">Please select one</option>
<option value="a">a</option>
<option value="b">b</option>
<option value="c">c</option>
<option value="w">w</option>
</select>
</div>
</div>
<div>
<input id="checkit" name="checkit" type="checkbox" value="1" tabindex="70" style="margin-top: 20px"> Check it.<!--Add Validation-->
</div>
<div>
<p class="buttons">
<button type="submit" id="submit" name="submit">Submit</button>
<input name="submitted" id="submitted" value="true" type="hidden">
</p></div>
</form>
The PHP
<?php
if(isset($_POST['submitted'])) {
if($_POST['first_name'] == '') {
$firstNameError = 'Please enter your first name.';
}
if($_POST['last_name'] == '') {
$lastNameError = 'Please enter your last name.';
}
if($_POST['email'] == '') {
$emailError = 'Please enter your email address.';
} else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", $_POST['email'])) {
$emailError = 'Please enter a valid email address.';
}
if($_POST['email2'] == '') {
$email2Error = 'Please enter your email address.';
} else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", $_POST['email2'])) {
$email2Error = 'Please enter a valid confirmation email address.';
}
if($_POST['phone'] == '') {
$phoneError = 'Please enter your phone number.';
}
if($_POST['title'] == '') {
$jobTitleError = 'Please enter your job title.';
}
if($_POST['company'] == '') {
$companyError = 'Please enter your company name.';
}
//Problem how to validate dropdown and checkbox as checked
//Problem: How to get form to action to external web server
}
?>
Thanks again!
How do I validate a form then site to remote URL
Moderator: General Moderators
Re: How do I validate a form then site to remote URL
Once you validate you can send the posted information using header() to POST it to a remote URL. You can also request a remote script and have your validated information as parameters in the remote script's query string.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Re: How do I validate a form then site to remote URL
Ok...thank you for your help!
Re: How do I validate a form then site to remote URL
I always though header() went to the browser, I would be interested in seeing sample code to use to submit POST data to another site. Didn't find much when searching other than people asking how to do it.s.dot wrote:Once you validate you can send the posted information using header() to POST it to a remote URL.
Here is sample code to handle some ways of accomplishing this. Some explanation for it:
If you are using on a form with "low-risk hacking" (ie, most likely nothing that someone will want to force non validated info), then as is the code below will use javascript to auto submit a basic form with all the data after validation to the remote URL. if you only want to use the cURL method, all you have to leave out is the <script> section at the bottom of the form. This is what tells the code you have JS enabled since it looks for a form input that was created with JS.
The non JS method uses cURL to post the form data to the remote URL, and takes the output and displays it to the user. To the user, they will still see your URL in the address bar, but it will automatically add a <base> tag to the other site's output to specify that all references to relative URLs (IMG/CSS/HREF's etc) are based off the other site, not yours, so everything *should* work fine (I didn't test any of that part). As noted in the comment at the top, if you are not specifying the file on the remote URL, you need to have the trailing slash so <base> is set to the correct place.
Some of this code may seem like overkill, (ie, using a function and an array to hold <SELECT> values since you only have one select) , but the base of it makes it easier to add/change or build a new form off of. Also for this example, i changed the displayed platforms to include the word "platform" just to make it clear how to set up the array.
Also through the code there are a few places where it has code commented out on how to handle <SELECT>s that allow multiple items selected just for reference.
There is a section of the code where you should any "default" values for form inputs and also need to define the list of checkboxes you use that you need at least one item checked (unselected checkboxes are not in $_POST, so we default them to being blank) Do not include any checkboxes that can be left blank, otherwise it may interfere with the post to the remote URL since it will sent actually will include that post item as blank.
This method also uses a "honeypot" which is an input, named "url" so that if a bot hits your page, it will most likely fill in this field as well, so the form will not submit (helps keep down on automated spamming of form) You can adjust the styling of the div however you want, the idea is that it is moved off of the visible page, but still has a label for those using a screen reader.
You will notice that I use preg_match instead of eregi as eregi is on its way out (and depending on server settings, may generate notices in error logs)
I added an extra check for the phone numbers, which is primarily for US phone numbers. It will check to make sure that the phone number is a "movie" number (555-whatever) or a special number (911 / 311 / 611). If they only enter numbers without separators, it won't find it them since it looks for a non number separator for area code/prefix, but for US type number, adds a nice second level.
Lastly, to keep the HTML part cleaner, I added a few functions to keep down on repetative coding. Since most all inputs have ID/NAME/VALUE all using the same index, just have a function you pass the index (and optional TYPE if it isn't TEXT) and it will auto fill that for you.
The error code is pretty much what you have, just did the checking inside the function. This allows you to change the formatting of the ERROR in one place if you need to change it. (Also, you will notice there is a <DIV> at the top to let them know to look for issues).
Hope it helps! Note, this code wasn't actually tested, just typed it up while watching TV. Also, the use of $aryErr and $aryData all over may seem a lot of extra typing, but I have the habit of it since in PhpED, I have shortcuts to auto type $aryErr[''] and $aryData[''] and put the cursor between the quotes, so it is what I prefer.
-Greg
Code: Select all
<?php
// MAKE SURE THAT IF YOU DON'T HAVE FILENAME, INCLUDE TRAILING SLASH
define('SUBMIT_URL','http://example.com/form.php');
$aryData = array(); // holds data values
$aryErr = array(); // holds any errors
$aryList = array(); // holds list items for selects
// BEGIN: Set "default" values for the form and also define any checkboxes
$aryData['platform'] = '';
// If the select allowed multiple, you would do:
// $aryData['platform'] = array();
$aryData['checkit'] = '';
// END: Set "default" values for the form and also define any checkboxes/selects
// BEGIN: Define lists to use
$aryList['platform'] = array('a'=>'a platform','b'=>'b platform','c'=>'c platform ','w'=>'w platform');
// END: Define lists to use
// $_POST['url'] is the HoneyPot that should exist and be left blank
if (count($_POST)>0 && isset($_POST['url']) && $_POST['url']=='') {
// Assign POST to aryData and trim all string values
foreach($_POST as $key=>$val) {
$aryData[$key] = (is_string($val)) ? trim($val) : $val;
}
// BEGIN: validation
if (!isset($aryData['first_name']) || $aryData['first_name']=='') {
$aryErr['first_name'] = 'Please enter your first name.';
}
if (!isset($aryData['last_name']) || $aryData['first_name']=='') {
$aryErr['last_name'] = 'Please enter your last name.';
}
if (!isset($aryData['email']) || $aryData['email']=='') {
$aryErr['email'] = 'Please enter your email address.';
}
elseif (!preg_match('/^[a-z0-9._%-]+@[a-z0-9._%-]+\.[a-z]{2,4}$/i',$aryData['email'])) {
$aryErr['email'] = 'Please enter a valid email address.';
}
if (!isset($aryData['email']) || $aryData['email']=='') {
$aryErr['email'] = 'Please confrim your email address.';
}
elseif (isset($aryData['email']) && $aryData['email']!=$aryData['email2']) {
$aryErr['email'] = 'Please make sure your confirm email matches.';
}
if (!isset($aryData['phone']) || $aryData['phone']=='') {
$aryErr['phone'] = 'Please enter your phone number.';
}
elseif (preg_match('/(555|11)[^0-9]/',$aryData['phone'])) {
$aryErr['email2'] = 'Please enter a valid phone number.';
}
if (!isset($aryData['title']) || $aryData['title']=='') {
$aryErr['title'] = 'Please enter your job title.';
}
if (!isset($aryData['company']) || $aryData['company']=='') {
$aryErr['company'] = 'Please enter your company name.';
}
if (!isset($aryData['platform']) || $aryData['platform']=='') {
$aryErr['platform'] = 'Please choose your platform.';
}
// Example for if you were allowing multiple choises...
// if (!isset($aryData['platform']) || count($aryData['platform'])==0) {
// $aryErr['platform'] = 'Please choose your platform(s).';
// }
if (!isset($aryData['checkit']) || $aryData['checkit']=='') {
$aryErr['checkit'] = 'You must agree to the terms.'; // Assuming terms. change if needed
}
// END: validation
if (count($aryErr)==0) {
// Form was submitted, and no validation issues, lets do something with it
if(isset($_POST['javascript_enabled'])) {
// BEGIN: Handle if you know javascript is enabled, so you can use it to submit a form
echo '<html><body onload="document.getElementById(\'frmAuto\').submit();">';
echo '<form action="'.SUBMIT_URL.'" method="post" name="frmAuto" id="frmAuto">';
foreach ($aryData as $key=>$value) {
if (is_array($value)) {
foreach ($value as $key2=>$value2) {
echo '<input type="hidden" name="'.$key2.'[]" value="'.htmlspecialchars($value2).'" />';
}
}
else {
echo '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars($value).'" />';
}
}
echo '<input type="submit" value="Click here to continue..." name="submit" />';
echo '</form></body></html>';
// END: Handle if you know javascript is enabled, so you can use it to submit a form
}
else {
// BEGIN: Use CURL to submit it
// BEGIN: Covert data into proper string for POST data
$strPostData = '';
foreach ($aryData as $key=>$value) {
$strPostData .= '&';
if (is_array($value)) {
foreach ($value as $key2=>$value2) {
$strPostData .= $key2.'[]='.urlencode($value2);
}
}
else {
$strPostData .= $key.'='.urlencode($value);
}
}
$strPostData = substr($strPostData,1);
// END: Convert data into proper string for POST data
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, SUBMIT_URL);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $strPostData);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$strResult = curl_exec($ch);
curl_close($ch);
if (!preg_match('/<haed>.*<base .*</head>/i',$strResult)) {
// They do not already specify a base, so specify it to be the site submitted to
$strBase = substr(SUBMIT_URL,0,strrpos(SUBMIT_URL,'/')).'/';
$strResult = preg_replace('/<head>/i','<head><base href="'.$strBase.'" />',$strResult);
}
echo $strResult;
exit;
// END: Use CURL to submit it
}
} // END: if (count($aryErr)==0)
} // END: if (form was submitted)
function echoError($strItem) {
global $aryErr;
if (isset($aryErr[$strItem])) {
echo '<span class="error">'.htmlspecialchars($aryErr[$strItem]).'</span>';
}
}
function getOptions($strItem) {
global $aryData,$aryList;
if (!isset($aryList[$strItem])) { return '[ERR: List "'.$strItem.'" not defined]'; }
if (!isset($aryData[$strItem])) { $aryData[$strItem] = ''; } // Defaults it in case it was missed
$strCode = '<option value="" style="font-style: italic;">Please Select One</option>';
foreach($aryList[$strItem] as $key=>$value) {
if ($aryData[$strItem]==$key) {
$strCode .= '<option value="'.$key.'" selected="selected">'.htmlspecialchar($value).'</option>';
}
else {
$strCode .= '<option value="'.$key.'">'.htmlspecialchar($value).'</option>';
}
}
return $strCode;
}
function echoInput($strItem,$strType='text') {
global $aryData;
echo 'type="',$strType,'" name="',$strItem,'" id="',$strItem,'" value="',htmlspecialchars($aryData[$strItem],ENT_QUOTES),'" ';
}
?><html>
<head>
<title>My Page</title>
</head>
<body>
<h1>My Form</h1>
<?php if (count($_POST)>0 && count($aryErr)>0): ?>
<div id="errAlert">There are some problems with the form, Please see the notes below.</div>
<?php endif; ?>
<form action="" method="post" id="form">
<div>
<label for="first_name">First Name<em>*</em></label>
<input <?php echoInput('first_name'); ?> maxlength="60" required tabindex="10">
<?php echoError('first_name'); ?>
</div>
<div>
<label for="last_name">Last Name<em>*</em></label>
<input <?php echoInput('last_name'); ?> maxlength="60" required tabindex="20">
<?php echoError('last_name'); ?>
</div>
<div>
<label for="phone">Email Address<em>*</em></label>
<input <?php echoInput('email'); ?> maxlength="60" required tabindex="30">
<?php echoError('email'); ?>
</div>
<div>
<label for="email2">Email Address Confirm<em>*</em></label>
<input <?php echoInput('email2'); ?> maxlength="120" required tabindex="40">
<?php echoError('email2'); ?>
</div>
<div>
<label for="phone">Phone<em>*</em></label>
<input <?php echoInput('phone'); ?> maxlength="20" required tabindex="40">
<?php echoError('phone'); ?>
</div>
<div>
<label for="title">Job Title<em>*</em></label>
<input <?php echoInput('title'); ?> maxlength="60" required tabindex="50">
<?php echoError('title'); ?>
</div>
<div>
<label for="company">Company<em>*</em></label>
<input class="wide" <?php echoInput('company'); ?> maxlength="60" required tabindex="60">
<?php echoError('company'); ?>
</div>
<div>
<label for="platform">Platform</label>
<div class="select-box">
<select id="platform" name="platform" tabindex="70">
<?php getOptions('platform'); ?>
</select>
</div>
<?php echoError('platform'); ?>
</div>
<div>
<input id="checkit" name="checkit" type="checkbox" value="1" tabindex="70" style="margin-top: 20px"> Check it.
<?php echoError('checkit'); ?>
</div>
<div style="left: -8872px; height: 1px;"><!-- SET STYLE SO IT IS OFF THE SCREEN -->
<label for="url">The following needs left blank</label><!-- For those using screen readers -->
<input id="url" name="url" type="text" value="" />
</div>
<div>
<?php // LEAVE OUT THE FOLLOWING <script> SECTION IF YOU DON'T WANT TO USE JavaScript METHOD ?>
<script type="text/javascript">
document.write('<input type="hidden" name="javascript_enabled" value="true" />');
</script>
<p class="buttons">
<button type="submit" id="submit" name="submit">Submit</button>
<input name="submitted" id="submitted" value="true" type="hidden">
</p>
</div>
</form>
</body>
</html>Re: How do I validate a form then site to remote URL
Sorry for the late reply...this was very helpful and I ended up using cURL to send the form info to my remote URL. I will also implement the validation code as time permits.
Thanks for your help
Thanks for your help