PHP form validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
akimm
Forum Contributor
Posts: 460
Joined: Thu Apr 27, 2006 10:50 am
Location: Ypsilanti Michigan, formally Clipsburgh

Oh and Ninja space goat

Post by akimm »

If you look at the very top of this post you'll see PHP

this is a forum for PHP code diagnostics, yes?

If so, then I came for help from better programmers than myself.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

yea it works. It puts a button on the page. But it does not work in the way it is intended. It does not render a button that says "submit your article" it renders a button that says "submit" on it.
User avatar
akimm
Forum Contributor
Posts: 460
Joined: Thu Apr 27, 2006 10:50 am
Location: Ypsilanti Michigan, formally Clipsburgh

My only thing is

Post by akimm »

It does work, but like I said HTML is not my issue, I understand very well the rules, I was just under the impression that double quotation will cause the PHP compiler to error. Hence my reasoning.
User avatar
akimm
Forum Contributor
Posts: 460
Joined: Thu Apr 27, 2006 10:50 am
Location: Ypsilanti Michigan, formally Clipsburgh

Well I no longer have time to be petty.

Post by akimm »

I need to go do about 3 hours worth of homework, including some Latin. Wish me luck haha. But if you do have any sort of suggestions on how I could validate the form input, I would appreciate that. Thanks, and otherwise, goodbye.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

No one was saying anything about you or your HTML skills akimm. What I said (and what Ninja reiterated) is that you should quote your HTML element attribute values. You are partially correct in assuming that PHP will choke on the double quotes. That is, if the double quotes are within double quotes and they are not escaped then you will have problems. You can do this...

Code: Select all

// This escapes your double quoted string
$submit = "<input type=\"submit\" value=\"submit your article\" name=\"submit\">";
Or you could do this...

Code: Select all

// This is prefered, since PHP tries to parse double quoted strings. Single quoted strings are treated as literals.
$submit = '<input type="submit" value="submit your article" name="submit">';
As for your form validating, you can try something like this...

Code: Select all

<?php
$name = '';
$title = '';
$article = '';
$validation = 0;
$submit = "<input type=submit value=submit your article name=submit>";

if (isset($_POST['name']))
{
    $name = $_POST['name'];
    // Depending on what you expect name to be you could regex here
}

/*
    Handle the other form fields the same way
    validating as needed for the expected content
*/

if (empty($name)) 
{
    echo "Please put your name";
}
else
{
    $validation++;
}

if (empty($title))
{
    echo "Please post your title";
}
else
{
    $validation++;
}

if (empty($article))
{
    echo "Please post an article";
}
else
{
    $validation++;
}

if ($validation == 3)
{
    echo $submit;
}
?>
User avatar
akimm
Forum Contributor
Posts: 460
Joined: Thu Apr 27, 2006 10:50 am
Location: Ypsilanti Michigan, formally Clipsburgh

Ah..

Post by akimm »

Excellent, I never thought to make a system that iterates. Very cool. I wish i would of thought of that, but, as you've created with the HTML entities, you needed to leave them unquoted. Thats why i got upset, people knock me for something that is perfectly logical.

But.. Thank you very much for your help. I need to learn something from all these mistakes I've made, you especially, among others have helped immensely, so I'd like to thank you for that.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

What are you talking about? You don't have to leave the attributes unquoted... he just left your html in there for some reason:

Code: Select all

$submit = '<input type="submit" value="submit your article" name="submit">';
And nobody was knocking you... I was merely trying to point out something that you can improve on. Chill out. :roll:
Last edited by Luke on Tue Sep 12, 2006 11:49 pm, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I think there was a misunderstanding in the way we came across. But I think everything is better now Ninja.
User avatar
akimm
Forum Contributor
Posts: 460
Joined: Thu Apr 27, 2006 10:50 am
Location: Ypsilanti Michigan, formally Clipsburgh

nope

Post by akimm »

that code does like my previous attempts, calls the errors early, but doesn't actually stop them, perhaps i do want javascript just to avoid this much problem.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Trust me, you won't be avoiding the problem. If the user disables javascript then your entire validation routine is hosed. Even if you do use client side validation you should still be using server side validation to make sure the server is getting what you expect it to.
User avatar
ok
Forum Contributor
Posts: 393
Joined: Wed May 31, 2006 9:20 am
Location: The Holy Land

Post by ok »

You can see the HTML errors in http://validator.w3.org/check?uri=http: ... dd_art.php.
Or, if you have FireFox installed, you can add "Tidy HTML Validator" to your extension list.
bob_the _builder
Forum Contributor
Posts: 131
Joined: Sat Aug 28, 2004 12:25 am

Post by bob_the _builder »

Hi,

Maybe something like:

Code: Select all

if((!$_POST['name']) || (!$_POST['email']) || (!$_POST['query'])) {
	$error_msg = 'Fields marked * are required to continue';
                return;
}
User avatar
christian_phpbeginner
Forum Contributor
Posts: 136
Joined: Sat Jun 03, 2006 2:43 pm
Location: Java

Post by christian_phpbeginner »

Hi there !

error.php:

Code: Select all

<?php

   session_start();
   
   $postCollections = array ( 'Name'=>$_POST['name'], 
   					 'Email'=>$_POST['email'], 
   					 'Title'=>$_POST['title'],
   					 'Article'=>$_POST['article'] );
   
   foreach($postCollections as $key => $value) {
   	   if (empty($value)) {
   	      switch ($key) {
   	   		case "Name":
   	   			echo "Please put your name".'<br />';
   	   			break;
   	   		case "Title":
   	   			echo "Please post your title".'<br />';
   	   			break;
   	   		case "Article":
   	   			echo "Please post an article".'<br />';
   	   			break;	
   	      } //end switch statement
   	   } else {
   	   	   echo $key.': '.$value.'<br />';
   	   }//end if-else

   }  //end foreach
   
?>
The code is logically the same as people usually use in Javascript form validation.

Hope that help,
Chris
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

bob_the _builder wrote:Hi,

Maybe something like:

Code: Select all

if((!$_POST['name']) || (!$_POST['email']) || (!$_POST['query'])) {
	$error_msg = 'Fields marked * are required to continue';
                return;
}
If a form wasn't posted you are going to get undefined index notices unless you check isset() or empty().
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

christian_phpbeginner wrote:Hi there !

error.php:

Code: Select all

<?php

   session_start();
   
   $postCollections = array ( 'Name'=>$_POST['name'], 
   					 'Email'=>$_POST['email'], 
   					 'Title'=>$_POST['title'],
   					 'Article'=>$_POST['article'] );
   
   foreach($postCollections as $key => $value) {
   	   if (empty($value)) {
   	      switch ($key) {
   	   		case "Name":
   	   			echo "Please put your name".'<br />';
   	   			break;
   	   		case "Title":
   	   			echo "Please post your title".'<br />';
   	   			break;
   	   		case "Article":
   	   			echo "Please post an article".'<br />';
   	   			break;	
   	      } //end switch statement
   	   } else {
   	   	   echo $key.': '.$value.'<br />';
   	   }//end if-else

   }  //end foreach
   
?>
The code is logically the same as people usually use in Javascript form validation.

Hope that help,
Chris
How about a little simpler version...

Code: Select all

<?php
foreach ($_POST as $key => $value)
{
    if (empty($value))
    {
        echo '<h2>The form field ' . $key . ' was left blank. Please correct it.</h2>';
    }
}
?>
Or something along these lines.
Post Reply