Page 1 of 1
HTML form --> JavaScript validation --> PHP processing
Posted: Mon Jan 29, 2007 9:15 am
by josefv
Just a simple question. I have an html form, which calls a JavaScript function
via
tag.
Then
basically
- validates the data, which I'm okay with.
After javascript validation is complete, I would like javascript to sort of redirect to the same original html form, which is a php file. Then the php script must sort of get use
or
(dunno how exactly) variables to perform the actual processing, i.e. submitting the data to my database.
It's similar to using action with PHP where the action redirects to the PHP file to itself. I've seen this being done somewhere before, but since not having 60 years PHP experience, I'm not entirely sure how to achieve this.
Thanks for the help, in advance, as usual!

Posted: Mon Jan 29, 2007 9:27 am
by feyd
Use the onsubmit <form> event instead. Leave the "action" the destination script.
You will have to perform all the same validations in the destination script.
Posted: Mon Jan 29, 2007 9:41 am
by josefv
Making sense feyd. Thanks for the prompt response.
Just had a brilliant idea however. I just need to get my brains around it.
How about this
Program the Submit buttons onclick event to behave as follows:
- perform JavaScript validation
- and if it returns true
- do the PHP bit,
but the idea is quite vague. Know the theory but my practical ability sucks.
Just searching the web for calling PHP from within JavaScript but it doesn't seem possible.
I understand the alternative of calling JavaScript from PHP, but its the wrong way around for my scenario.
Posted: Mon Jan 29, 2007 9:48 am
by Kadanis
thats the way i tend to do it if i need to
Code: Select all
<input type="image" src="images/delete.gif" name="submit" value="delete" onclick="return confirmMsg('deleteTopnav');" />
this example would only submit the form if the user clicks OK on a popup alert.
in your case you can return true or false from your validation JS then just put
Code: Select all
<input type="image" src="images/delete.gif" name="submit" value="delete" onclick="return validate();" />
Posted: Mon Jan 29, 2007 9:54 am
by feyd
...And what if the user doesn't click the submit button to submit the form?
Posted: Mon Jan 29, 2007 9:55 am
by josefv
Okay, the bit you explain here Kadanis, is similar to what I tried. So once validate() has returned true, my .php must redirect to itself so it can access the $_POST variables to post data to the database.
Hope I am making sense

Posted: Mon Jan 29, 2007 10:06 am
by Kadanis
feyd wrote:...And what if the user doesn't click the submit button to submit the form?
interesting, never thought about it that way before? how else would you submit a form?
josefv wrote:Okay, the bit you explain here Kadanis, is similar to what I tried. So once validate() has returned true, my .php must redirect to itself so it can access the $_POST variables to post data to the database.
Hope I am making sense Question
well, if you were to do it this way you would put the destination php file in the action property of the form.
html
Code: Select all
<form name="myForm" method="post" action="myScript.php">
<input type="text" name="box1" value="" />
<input type="submit" name="submit" value="submit" onclick="return validate();" />
</form>
php in destination script "myScript.php"
Code: Select all
<?
if (isset($_POST['box1'])){$box1 = $_POST['box1'];} else {$box1 = '';}
//use $box1 in script / database etc
?>
basically the above php line will get the data held in the form variable box1 (or what ever you have named an object in your form). it will then assign it to the variable $box1 which can be used in the php script. if the post variable box1 is not set then it initialises the php variable to and empty string. its not perfect but its better than just pulling it straight from global vars.
Posted: Mon Jan 29, 2007 10:17 am
by feyd
Some browsers will not process a submit button unless explicitly clicked/selected. Pressing the enter key in several types of fields will submit the form in many browsers.
Posted: Mon Jan 29, 2007 10:25 am
by Kadanis
oh. well, learn something new every day. i'd not come across that before feyd. or at least not so i've noticed. thanks for the heads up.
in which case, josefv
taking feyds earlier comment and putting it into my form code, replace the html with this and it should still work exactly the same
Code: Select all
<form name="myForm" method="post" action="myScript.php" onsubmit="return validate();">
<input type="text" name="box1" value="" />
<input type="submit" name="submit" value="submit" />
</form>
Posted: Mon Jan 29, 2007 11:14 am
by jwalsh
Make sure your validation also runs on the server php code, not just javascript. Very important.
Posted: Tue Jan 30, 2007 2:22 am
by josefv
Thanks for the help guys. The solution was then to drop the validation javascript into the onsubmit, have it return true. I also used a hidden variable which javascript set to true which php would check to see if it can proceed with adding the advertisment. I used
Code: Select all
<?php echo($_SERVER['PHP_SELF']); ?>
in the action tag of the form as well.
Thanks for the help guys!!!
Posted: Tue Jan 30, 2007 2:57 am
by CoderGoblin
jwalsh wrote:Make sure your validation also runs on the server php code, not just javascript. Very important.
I second this. With the Firefox Web Developer Tools, people can easily hack information bypassing any javascript validation (or they can simply switch the javascript off). Especially if you are interacting with a database.. run validation checks on the $_POST variables in PHP as well prior to saving in the database.
Personally I prefer to code a site with no javascript at all. Then once this has finished, go through and enhance the site with additional javascript features.
Posted: Tue Jan 30, 2007 2:58 am
by Kadanis
yeah, I agree. I should have mentioned it myself. Always re-validate and clean the form data in the PHP as well. Don't just rely on the JS validation. That way you can ensure that the data has come from your form and not been passed in some other way.
Posted: Tue Jan 30, 2007 8:07 am
by feyd
I mentioned it in the first response.
Here's another nugget: don't use PHP_SELF anywhere, unless you know exactly what you're doing. Why? It contains user input without any protections or filtering, thereby allowing someone to perform XSS on your pages.