Page 1 of 1

Form validation

Posted: Thu Jan 20, 2005 11:56 pm
by bagelmaster
PHP 101: Validating a form using PHP instead of JavaScript. Validation works fine when posting to $_SERVER['PHP_SELF'], but does not when the form posts to an outside page (such as a gateway). In the latter case, the form submits the data straight away.

What am I missing?

Thanks.

Posted: Fri Jan 21, 2005 12:04 am
by feyd
explain?

o.O

Posted: Fri Jan 21, 2005 6:59 am
by bagelmaster
If I have code like this, I can validate the fields in this form, then insert the form data into a database, as long as the insertion code resides on the same page as the form:

Code: Select all

<html>
<form method="post" &#1111;b]action="<?php print $_SERVER&#1111;'PHP_SELF']; ?>"&#1111;/b] name="test"> 
Name: <input type="text" name="name"><br> 
E mail: <input type="text" name="email"><br> 
<input type="submit" name="submit" value="Submit"> 
</form> 

<? 
if(isset( $_POST &#1111;'submit' ]))&#123; 
$n ="spam" ;
$s =stristr ($_POST &#1111;'name' ], $n ); 

if(! $_POST &#1111;'name' ] || $_POST &#1111;'name' ] == "name" || $s === false )&#123; 
die( "Please enter a valid name." ); 
&#125;
$at ="@" ;
$email =strpos ($_POST &#1111;'email' ], $at ); 
if(! $_POST &#1111;'email' ] || $_POST &#1111;'email' ] == "email" && $email === false )&#123; 
die( "Please use a valid email." ); 
&#125;
&#125;
echo "You filled out the form succesfully, congrats!" ;
?>
But, if I want to validate form fields on data that is going to be sent through a credit card processor or to an outside processing page, then I guess the PHP validation code must reside on the outside page or on an intermediate page. If have the form validation code on the form page itself in this situation, it will just get bypassed if the user hits submit:

Code: Select all

<html>
<form method="post" &#1111;b]action="result.php"&#1111;/b] name="test"> 
Name: <input type="text" name="name"><br> 
E mail: <input type="text" name="email"><br> 
<input type="submit" name="submit" value="Submit"> 
</form> 

<? 
if(isset( $_POST &#1111;'submit' ]))&#123; 
$n ="spam" ;
$s =stristr ($_POST &#1111;'name' ], $n ); 

if(! $_POST &#1111;'name' ] || $_POST &#1111;'name' ] == "name" || $s === false )&#123; 
die( "Please enter a valid name." ); 
&#125;
$at ="@" ;
$email =strpos ($_POST &#1111;'email' ], $at ); 
if(! $_POST &#1111;'email' ] || $_POST &#1111;'email' ] == "email" && $email === false )&#123; 
die( "Please use a valid email." ); 
&#125;
&#125;
echo "You filled out the form succesfully, congrats!" ;
?>

Posted: Fri Jan 21, 2005 8:20 am
by n00b Saibot
you are righto on that because the first will be able to validate only when it will gain access to post vars which it will never get since the vars are sent to another script. thats why the validation part should be moved to the script you are submitting to..

A Suggestion

Posted: Fri Jan 21, 2005 9:10 am
by neophyte
You could validate the page on your side by having a "confirmation page" where the user can look over what was submitted if it passes validation. The previously submitted data could be in hidden fields and then the user could click submit and submit that data to the server....

Just a suggestion..

Posted: Fri Jan 21, 2005 9:17 am
by feyd
yeah, a confirmation page is the general way to handle this kind of funcitonality.

Posted: Fri Jan 21, 2005 2:17 pm
by bagelmaster
Turns out I will be able to process through the one page. Via cURL the data will be posted and the result received from the credit card processor.