PHP 101: Validating a form using PHP instead of JavaScript. Validation works fine when posting to $_SERVER['PHP_SELF'], but does not when the form posts to an outside page (such as a gateway). In the latter case, the form submits the data straight away.
What am I missing?
Thanks.
Form validation
Moderator: General Moderators
- bagelmaster
- Forum Newbie
- Posts: 3
- Joined: Thu Jan 20, 2005 11:52 pm
- Location: Brooklyn, NY
- bagelmaster
- Forum Newbie
- Posts: 3
- Joined: Thu Jan 20, 2005 11:52 pm
- Location: Brooklyn, NY
If I have code like this, I can validate the fields in this form, then insert the form data into a database, as long as the insertion code resides on the same page as the form:
But, if I want to validate form fields on data that is going to be sent through a credit card processor or to an outside processing page, then I guess the PHP validation code must reside on the outside page or on an intermediate page. If have the form validation code on the form page itself in this situation, it will just get bypassed if the user hits submit:
Code: Select all
<html>
<form method="post" їb]action="<?php print $_SERVERї'PHP_SELF']; ?>"ї/b] name="test">
Name: <input type="text" name="name"><br>
E mail: <input type="text" name="email"><br>
<input type="submit" name="submit" value="Submit">
</form>
<?
if(isset( $_POST ї'submit' ])){
$n ="spam" ;
$s =stristr ($_POST ї'name' ], $n );
if(! $_POST ї'name' ] || $_POST ї'name' ] == "name" || $s === false ){
die( "Please enter a valid name." );
}
$at ="@" ;
$email =strpos ($_POST ї'email' ], $at );
if(! $_POST ї'email' ] || $_POST ї'email' ] == "email" && $email === false ){
die( "Please use a valid email." );
}
}
echo "You filled out the form succesfully, congrats!" ;
?>Code: Select all
<html>
<form method="post" їb]action="result.php"ї/b] name="test">
Name: <input type="text" name="name"><br>
E mail: <input type="text" name="email"><br>
<input type="submit" name="submit" value="Submit">
</form>
<?
if(isset( $_POST ї'submit' ])){
$n ="spam" ;
$s =stristr ($_POST ї'name' ], $n );
if(! $_POST ї'name' ] || $_POST ї'name' ] == "name" || $s === false ){
die( "Please enter a valid name." );
}
$at ="@" ;
$email =strpos ($_POST ї'email' ], $at );
if(! $_POST ї'email' ] || $_POST ї'email' ] == "email" && $email === false ){
die( "Please use a valid email." );
}
}
echo "You filled out the form succesfully, congrats!" ;
?>- n00b Saibot
- DevNet Resident
- Posts: 1452
- Joined: Fri Dec 24, 2004 2:59 am
- Location: Lucknow, UP, India
- Contact:
A Suggestion
You could validate the page on your side by having a "confirmation page" where the user can look over what was submitted if it passes validation. The previously submitted data could be in hidden fields and then the user could click submit and submit that data to the server....
Just a suggestion..
Just a suggestion..
- bagelmaster
- Forum Newbie
- Posts: 3
- Joined: Thu Jan 20, 2005 11:52 pm
- Location: Brooklyn, NY