form validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Daron
Forum Newbie
Posts: 11
Joined: Tue Oct 09, 2007 4:50 pm

form validation

Post by Daron »

I'm trying to figure out how to validate this form, but I'd also like to know it the way I've gone about this is good. I pulled down this class from this site and can't figure out what to do to get it working. Please help.

Code: Select all

<?php function form_array($arr, $iType, $size)
			{reset($arr);
			foreach($arr as $key => $value)
					echo "<div><span class=\"left\">$value</span><input type=\"$iType\" name=\"$key\" size=\"$size\" /></div>";
}
?>
<html code stripped out as it is not necessary>
		 <form action="upload_user.php" method="post">
<?php form_array(array("tax_id" => "Resale certificate #:", "business_name" => "Business Name:",
			"username" => "User Name:", "real_name" => "Name (Last, First)",
			"store_address" => "Store Address:", "city" => "City:",
			"state_country" => "State, Country:", "zip" => "Zip:",
			"phone" => "Phone Number:", "fax" => "Fax",
			"email" => "Email Address:"),"text","40");
?>
<More html code...>
<?php form_array(array("password" => "Password:", "confirm" => "Confirm Password:"),"password","40");?>
			<span>
						<input class="right" type="submit" name="submit" value="Submit" />
		 				<input class="right" type="reset" value="Clear" />
			</span>
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

I take a little responsibility for the code you downloaded. It had errors in it. I fixed them, but I can't vouch that the code all works. Those classes are just rules -- you would need a Validator class to use them and probably a Request class to pass to the Validator. But you are getting ahead of yourself with that code.

You are displaying the form. Now you want to process it. Here are some basics from another recent thread that I added to,
- Post the form page to itself, not a separate page.
- Get the form values from the $_POST superglobal variable.
- Determine if the form has been submitted by checking a hidden field
- Check submitted form values against predefined rules and get error messages for failures
- Filter and validate the values before using them (learn preg functions)
- Escape values before outputting them (htmlentities() for HTML, database specific escape() )
- Redirect to a "done" page if all values are acceptable
You should know that form processing is a difficult thing to do and that even the best programmers around here cannot agree on the best way to do it.
(#10850)
bob_the _builder
Forum Contributor
Posts: 131
Joined: Sat Aug 28, 2004 12:25 am

Post by bob_the _builder »

Hi,

Why not something like:

submit the form to $_SERVER['PHP_SELF']

Code: Select all

if((!$_POST['name']) || (!$_POST['email'])) {
$error_msg = 'Fields marked * are required to continue';
}

//maybe validate email etc here

if(!email_validate) {
$error_msg == 'Please submit valid email address';
}

if($error_msg = '') {

// Process form here

}else{

// Show form here

}
hth
Daron
Forum Newbie
Posts: 11
Joined: Tue Oct 09, 2007 4:50 pm

Post by Daron »

1 What's the significance of posting the form page to itself?
2 I do get them from $_POST. They're had on the upload_user.php page. I suppose keeping the page to itself, that would need to move or at least be required into it?
3 I have no hidden fields. What I need to do is get something that will check mySQL for likenesses and report as part of the validation process or some such. Should I set up hidden fields?
4 I need some help understanding this one. Yes, I'm quite a newbie.
5 Working on it. That stuff is easier to forget than it is to remember.
6 Will do.
7 I suppose this answers my first question, which is what I want.

As I respond and think about your comments, is the idea of posting to itself done because it would be easier to check the values against injections and the database, or am I off the mark?
arborint wrote:I take a little responsibility for the code you downloaded. It had errors in it. I fixed them, but I can't vouch that the code all works. Those classes are just rules -- you would need a Validator class to use them and probably a Request class to pass to the Validator. But you are getting ahead of yourself with that code.

You are displaying the form. Now you want to process it. Here are some basics from another recent thread that I added to,
1 Post the form page to itself, not a separate page.
2 Get the form values from the $_POST superglobal variable.
3 Determine if the form has been submitted by checking a hidden field
4 Check submitted form values against predefined rules and get error messages for failures
5 Filter and validate the values before using them (learn preg functions)
6 Escape values before outputting them (htmlentities() for HTML, database specific escape() )
7 Redirect to a "done" page if all values are acceptable
You should know that form processing is a difficult thing to do and that even the best programmers around here cannot agree on the best way to do it.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

The point of the script posting to itself is that it need to keep displaying the form until it is filled out properly. The reason you check a hidden field to see if the form is submitted is that IE does not pass the submit button field if you just press Enter.

Let's start with the basic logic, which is an expansion of where bob_the _builder was going:
HTML:

Code: Select all

 
<form action="toself.php" method="post">
<input type="hidden" name="submit" value="yes"/>
<input type="text" name="name" value="<?php echo $values['name']; ?>"/>
<input type="submit" name="save" value="save"/>
</form>
 
PHP:

Code: Select all

 
// initialization
 
$submit = $some->filter($_POST['submit']);   // hidden field
 
if ($submit) {
 
     // filter values of all fields in form
 
     // check all fields that have some rule associated with them
 
     if (! $errors) {
 
          // redirect to successful submission page
          return;
 
     }
 
} else {     // not submitted, so first time
 
     // initialize all form fields to default values
 
}
 
// display the form
 
(#10850)
bob_the _builder
Forum Contributor
Posts: 131
Joined: Sat Aug 28, 2004 12:25 am

Post by bob_the _builder »

For me the only point in posting to itself allows me to keep all my code on a single page. Using that and functions allows me to manage an entire script or scripts on a single page, then require it into my ie index page etc.
Post Reply