Here's what I always do... but it's probably not "the" best way.
Submit the data via POST to a script dedicated to processing the data.
Validate data within the second script, with no output whatsoever, just processing.
If something doesn't validate, redirect to the form page with either a new session variable or a GET variable identifying that particular error (or if I'm in a rush, just something that identifies an error, full-stop). If all is OK, process the database query (or whatever you're doing) and then redirect to the form page with a GET or session variable which identifies success.
Example:
Code: Select all
<form action="e;process.php"e; method="e;post"e;>
Enter a number : <input type="e;text"e; name="e;the_number"e; />
<br />
<input type="e;submit"e; value="e;Submit"e; />
</form>
<br />
<?php
if (isset($_GETї'success'])) {
echo 'Thanks, your number has been submitted';
}
if (isset($_GETї'failure'])) {
echo 'no, I aksed you to enter a NUMBER';
}
?>
Code: Select all
<?php
if (!empty($_POST)) {
if (isset($_POSTї'the_number'])) {
if (is_nan($_POSTї'the_number']) || $_POSTї'the_number'] == '') {
header ('location: Form.php?failure=1'); //Fail
} else {
//Process your data now!
header ('location: Form.php?success=1'); //Success
}
} else {
header ('location: Form.php?failure=1'); //Fail
}
} else {
echo 'This page is for form submissions only'; //Shouldn't be here
}
?>
If you dont want the user to be able to change the address bar to make it say "Success" (even though nothing will have been done anyway), then use $_SESSION instead
EDIT | Tinkered with !empty($_POST)