Form validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
bagelmaster
Forum Newbie
Posts: 3
Joined: Thu Jan 20, 2005 11:52 pm
Location: Brooklyn, NY

Form validation

Post by bagelmaster »

PHP 101: Validating a form using PHP instead of JavaScript. Validation works fine when posting to $_SERVER['PHP_SELF'], but does not when the form posts to an outside page (such as a gateway). In the latter case, the form submits the data straight away.

What am I missing?

Thanks.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

explain?

o.O
User avatar
bagelmaster
Forum Newbie
Posts: 3
Joined: Thu Jan 20, 2005 11:52 pm
Location: Brooklyn, NY

Post by bagelmaster »

If I have code like this, I can validate the fields in this form, then insert the form data into a database, as long as the insertion code resides on the same page as the form:

Code: Select all

<html>
<form method="post" &#1111;b]action="<?php print $_SERVER&#1111;'PHP_SELF']; ?>"&#1111;/b] name="test"> 
Name: <input type="text" name="name"><br> 
E mail: <input type="text" name="email"><br> 
<input type="submit" name="submit" value="Submit"> 
</form> 

<? 
if(isset( $_POST &#1111;'submit' ]))&#123; 
$n ="spam" ;
$s =stristr ($_POST &#1111;'name' ], $n ); 

if(! $_POST &#1111;'name' ] || $_POST &#1111;'name' ] == "name" || $s === false )&#123; 
die( "Please enter a valid name." ); 
&#125;
$at ="@" ;
$email =strpos ($_POST &#1111;'email' ], $at ); 
if(! $_POST &#1111;'email' ] || $_POST &#1111;'email' ] == "email" && $email === false )&#123; 
die( "Please use a valid email." ); 
&#125;
&#125;
echo "You filled out the form succesfully, congrats!" ;
?>
But, if I want to validate form fields on data that is going to be sent through a credit card processor or to an outside processing page, then I guess the PHP validation code must reside on the outside page or on an intermediate page. If have the form validation code on the form page itself in this situation, it will just get bypassed if the user hits submit:

Code: Select all

<html>
<form method="post" &#1111;b]action="result.php"&#1111;/b] name="test"> 
Name: <input type="text" name="name"><br> 
E mail: <input type="text" name="email"><br> 
<input type="submit" name="submit" value="Submit"> 
</form> 

<? 
if(isset( $_POST &#1111;'submit' ]))&#123; 
$n ="spam" ;
$s =stristr ($_POST &#1111;'name' ], $n ); 

if(! $_POST &#1111;'name' ] || $_POST &#1111;'name' ] == "name" || $s === false )&#123; 
die( "Please enter a valid name." ); 
&#125;
$at ="@" ;
$email =strpos ($_POST &#1111;'email' ], $at ); 
if(! $_POST &#1111;'email' ] || $_POST &#1111;'email' ] == "email" && $email === false )&#123; 
die( "Please use a valid email." ); 
&#125;
&#125;
echo "You filled out the form succesfully, congrats!" ;
?>
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

you are righto on that because the first will be able to validate only when it will gain access to post vars which it will never get since the vars are sent to another script. thats why the validation part should be moved to the script you are submitting to..
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

A Suggestion

Post by neophyte »

You could validate the page on your side by having a "confirmation page" where the user can look over what was submitted if it passes validation. The previously submitted data could be in hidden fields and then the user could click submit and submit that data to the server....

Just a suggestion..
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

yeah, a confirmation page is the general way to handle this kind of funcitonality.
User avatar
bagelmaster
Forum Newbie
Posts: 3
Joined: Thu Jan 20, 2005 11:52 pm
Location: Brooklyn, NY

Post by bagelmaster »

Turns out I will be able to process through the one page. Via cURL the data will be posted and the result received from the credit card processor.
Post Reply