Page 1 of 1
form validation
Posted: Tue Oct 16, 2007 7:19 pm
by Daron
I'm trying to figure out how to validate this form, but I'd also like to know it the way I've gone about this is good. I pulled down
this class from this site and can't figure out what to do to get it working. Please help.
Code: Select all
<?php function form_array($arr, $iType, $size)
{reset($arr);
foreach($arr as $key => $value)
echo "<div><span class=\"left\">$value</span><input type=\"$iType\" name=\"$key\" size=\"$size\" /></div>";
}
?>
<html code stripped out as it is not necessary>
<form action="upload_user.php" method="post">
<?php form_array(array("tax_id" => "Resale certificate #:", "business_name" => "Business Name:",
"username" => "User Name:", "real_name" => "Name (Last, First)",
"store_address" => "Store Address:", "city" => "City:",
"state_country" => "State, Country:", "zip" => "Zip:",
"phone" => "Phone Number:", "fax" => "Fax",
"email" => "Email Address:"),"text","40");
?>
<More html code...>
<?php form_array(array("password" => "Password:", "confirm" => "Confirm Password:"),"password","40");?>
<span>
<input class="right" type="submit" name="submit" value="Submit" />
<input class="right" type="reset" value="Clear" />
</span>
Posted: Tue Oct 16, 2007 9:46 pm
by Christopher
I take a little responsibility for the code you downloaded. It had errors in it. I fixed them, but I can't vouch that the code all works. Those classes are just rules -- you would need a Validator class to use them and probably a Request class to pass to the Validator. But you are getting ahead of yourself with that code.
You are displaying the form. Now you want to process it. Here are some basics from another recent thread that I added to,
- Post the form page to itself, not a separate page.
- Get the form values from the $_POST superglobal variable.
- Determine if the form has been submitted by checking a hidden field
- Check submitted form values against predefined rules and get error messages for failures
- Filter and validate the values before using them (learn preg functions)
- Escape values before outputting them (htmlentities() for HTML, database specific escape() )
- Redirect to a "done" page if all values are acceptable
You should know that form processing is a difficult thing to do and that even the best programmers around here cannot agree on the best way to do it.
Posted: Tue Oct 16, 2007 11:41 pm
by bob_the _builder
Hi,
Why not something like:
submit the form to $_SERVER['PHP_SELF']
Code: Select all
if((!$_POST['name']) || (!$_POST['email'])) {
$error_msg = 'Fields marked * are required to continue';
}
//maybe validate email etc here
if(!email_validate) {
$error_msg == 'Please submit valid email address';
}
if($error_msg = '') {
// Process form here
}else{
// Show form here
}
hth
Posted: Tue Oct 16, 2007 11:45 pm
by Daron
1 What's the significance of posting the form page to itself?
2 I do get them from $_POST. They're had on the upload_user.php page. I suppose keeping the page to itself, that would need to move or at least be required into it?
3 I have no hidden fields. What I need to do is get something that will check mySQL for likenesses and report as part of the validation process or some such. Should I set up hidden fields?
4 I need some help understanding this one. Yes, I'm quite a newbie.
5 Working on it. That stuff is easier to forget than it is to remember.
6 Will do.
7 I suppose this answers my first question, which is what I want.
As I respond and think about your comments, is the idea of posting to itself done because it would be easier to check the values against injections and the database, or am I off the mark?
arborint wrote:I take a little responsibility for the code you downloaded. It had errors in it. I fixed them, but I can't vouch that the code all works. Those classes are just rules -- you would need a Validator class to use them and probably a Request class to pass to the Validator. But you are getting ahead of yourself with that code.
You are displaying the form. Now you want to process it. Here are some basics from another recent thread that I added to,
1 Post the form page to itself, not a separate page.
2 Get the form values from the $_POST superglobal variable.
3 Determine if the form has been submitted by checking a hidden field
4 Check submitted form values against predefined rules and get error messages for failures
5 Filter and validate the values before using them (learn preg functions)
6 Escape values before outputting them (htmlentities() for HTML, database specific escape() )
7 Redirect to a "done" page if all values are acceptable
You should know that form processing is a difficult thing to do and that even the best programmers around here cannot agree on the best way to do it.
Posted: Wed Oct 17, 2007 12:53 am
by Christopher
The point of the script posting to itself is that it need to keep displaying the form until it is filled out properly. The reason you check a hidden field to see if the form is submitted is that IE does not pass the submit button field if you just press Enter.
Let's start with the basic logic, which is an expansion of where bob_the _builder was going:
HTML:
Code: Select all
<form action="toself.php" method="post">
<input type="hidden" name="submit" value="yes"/>
<input type="text" name="name" value="<?php echo $values['name']; ?>"/>
<input type="submit" name="save" value="save"/>
</form>
PHP:
Code: Select all
// initialization
$submit = $some->filter($_POST['submit']); // hidden field
if ($submit) {
// filter values of all fields in form
// check all fields that have some rule associated with them
if (! $errors) {
// redirect to successful submission page
return;
}
} else { // not submitted, so first time
// initialize all form fields to default values
}
// display the form
Posted: Wed Oct 17, 2007 2:40 am
by bob_the _builder
For me the only point in posting to itself allows me to keep all my code on a single page. Using that and functions allows me to manage an entire script or scripts on a single page, then require it into my ie index page etc.