HTML form --> JavaScript validation --> PHP processing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
josefv
Forum Newbie
Posts: 23
Joined: Wed Jan 17, 2007 11:17 am

HTML form --> JavaScript validation --> PHP processing

Post by josefv »

Just a simple question. I have an html form, which calls a JavaScript function

Code: Select all

validateData()
via

Code: Select all

action=javascript:validateData()
tag.

Then

Code: Select all

validateData()
basically
- validates the data, which I'm okay with.

After javascript validation is complete, I would like javascript to sort of redirect to the same original html form, which is a php file. Then the php script must sort of get use

Code: Select all

$_POST
or

Code: Select all

$_GET
(dunno how exactly) variables to perform the actual processing, i.e. submitting the data to my database.

It's similar to using action with PHP where the action redirects to the PHP file to itself. I've seen this being done somewhere before, but since not having 60 years PHP experience, I'm not entirely sure how to achieve this.

Thanks for the help, in advance, as usual! :oops:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Use the onsubmit <form> event instead. Leave the "action" the destination script.

You will have to perform all the same validations in the destination script.
josefv
Forum Newbie
Posts: 23
Joined: Wed Jan 17, 2007 11:17 am

Post by josefv »

Making sense feyd. Thanks for the prompt response.

Just had a brilliant idea however. I just need to get my brains around it.

How about this
Program the Submit buttons onclick event to behave as follows:
- perform JavaScript validation
- and if it returns true
- do the PHP bit,
but the idea is quite vague. Know the theory but my practical ability sucks.

Just searching the web for calling PHP from within JavaScript but it doesn't seem possible.

I understand the alternative of calling JavaScript from PHP, but its the wrong way around for my scenario.
Last edited by josefv on Mon Jan 29, 2007 9:50 am, edited 1 time in total.
User avatar
Kadanis
Forum Contributor
Posts: 180
Joined: Tue Jun 20, 2006 8:55 am
Location: Dorset, UK
Contact:

Post by Kadanis »

thats the way i tend to do it if i need to

Code: Select all

<input type="image" src="images/delete.gif" name="submit" value="delete" onclick="return confirmMsg('deleteTopnav');" />
this example would only submit the form if the user clicks OK on a popup alert.

in your case you can return true or false from your validation JS then just put

Code: Select all

<input type="image" src="images/delete.gif" name="submit" value="delete" onclick="return validate();" />
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

...And what if the user doesn't click the submit button to submit the form?
josefv
Forum Newbie
Posts: 23
Joined: Wed Jan 17, 2007 11:17 am

Post by josefv »

Okay, the bit you explain here Kadanis, is similar to what I tried. So once validate() has returned true, my .php must redirect to itself so it can access the $_POST variables to post data to the database.

Hope I am making sense :?:
User avatar
Kadanis
Forum Contributor
Posts: 180
Joined: Tue Jun 20, 2006 8:55 am
Location: Dorset, UK
Contact:

Post by Kadanis »

feyd wrote:...And what if the user doesn't click the submit button to submit the form?
interesting, never thought about it that way before? how else would you submit a form?


josefv wrote:Okay, the bit you explain here Kadanis, is similar to what I tried. So once validate() has returned true, my .php must redirect to itself so it can access the $_POST variables to post data to the database.

Hope I am making sense Question
well, if you were to do it this way you would put the destination php file in the action property of the form.

html

Code: Select all

<form name="myForm" method="post" action="myScript.php">
<input type="text" name="box1" value="" />
<input type="submit" name="submit" value="submit" onclick="return validate();" />
</form>
php in destination script "myScript.php"

Code: Select all

<?
if (isset($_POST['box1'])){$box1 = $_POST['box1'];} else {$box1 = '';}

//use $box1 in script / database etc

?>
basically the above php line will get the data held in the form variable box1 (or what ever you have named an object in your form). it will then assign it to the variable $box1 which can be used in the php script. if the post variable box1 is not set then it initialises the php variable to and empty string. its not perfect but its better than just pulling it straight from global vars.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Some browsers will not process a submit button unless explicitly clicked/selected. Pressing the enter key in several types of fields will submit the form in many browsers.
User avatar
Kadanis
Forum Contributor
Posts: 180
Joined: Tue Jun 20, 2006 8:55 am
Location: Dorset, UK
Contact:

Post by Kadanis »

oh. well, learn something new every day. i'd not come across that before feyd. or at least not so i've noticed. thanks for the heads up.

in which case, josefv

taking feyds earlier comment and putting it into my form code, replace the html with this and it should still work exactly the same

Code: Select all

<form name="myForm" method="post" action="myScript.php" onsubmit="return validate();">
<input type="text" name="box1" value="" />
<input type="submit" name="submit" value="submit" />
</form>
User avatar
jwalsh
Forum Contributor
Posts: 202
Joined: Sat Jan 03, 2004 4:55 pm
Location: Cleveland, OH

Post by jwalsh »

Make sure your validation also runs on the server php code, not just javascript. Very important.
josefv
Forum Newbie
Posts: 23
Joined: Wed Jan 17, 2007 11:17 am

Post by josefv »

Thanks for the help guys. The solution was then to drop the validation javascript into the onsubmit, have it return true. I also used a hidden variable which javascript set to true which php would check to see if it can proceed with adding the advertisment. I used

Code: Select all

<?php echo($_SERVER['PHP_SELF']); ?>
in the action tag of the form as well.

Thanks for the help guys!!!
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

jwalsh wrote:Make sure your validation also runs on the server php code, not just javascript. Very important.
I second this. With the Firefox Web Developer Tools, people can easily hack information bypassing any javascript validation (or they can simply switch the javascript off). Especially if you are interacting with a database.. run validation checks on the $_POST variables in PHP as well prior to saving in the database.

Personally I prefer to code a site with no javascript at all. Then once this has finished, go through and enhance the site with additional javascript features.
User avatar
Kadanis
Forum Contributor
Posts: 180
Joined: Tue Jun 20, 2006 8:55 am
Location: Dorset, UK
Contact:

Post by Kadanis »

yeah, I agree. I should have mentioned it myself. Always re-validate and clean the form data in the PHP as well. Don't just rely on the JS validation. That way you can ensure that the data has come from your form and not been passed in some other way.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I mentioned it in the first response. ;)

Here's another nugget: don't use PHP_SELF anywhere, unless you know exactly what you're doing. Why? It contains user input without any protections or filtering, thereby allowing someone to perform XSS on your pages.
Post Reply