Page 1 of 1

issues with using form in php

Posted: Mon Feb 25, 2008 3:31 am
by sudhakararaog
i have 3 pages page1.php page2.php and page3.php

in page1.php user fills a registration form in page2.php the user can review what they have entered and make any changes and

page3.php displays a message that the registration has been completed.

i am having issues with javascript validation in page2.php

in page1.php the javascript validation file is file1.js and in page2.php it is file2.js in page1.php the javascript code i

have written works fine and does all the validation as the form elements in page1.php are written as
<input type="text" name=""> <input type="radio" name=""> ...

in page2.php i am displaying these form elements using php so that user can preview what they have entered and make changes

instead of going back to page1.php the code to display the form elements in page2.php is

<?php
echo "<input type ='hidden' name='username' value='".stripslashes($username)."'>";
echo "<input type =\"text\" name=\"username\" value=\"$username\">";
?>

in page2.php for checkboxes the code is <input type="checkbox" name="" value=""> which is normal html unlike the textfields

above using php

what i have noticed in page2.php is the checkboxes are being validated however the text fields in page2.php do not validate

properly and does not work as it works in page1.php

what i am thinking is because the textfields are being generated using the above php code the javascript is not reading and

validating however i am not sure what the exact reason is.

sample code of javascript for file1.js is

var username = document.registrationform.username
if ((username.value==null) || (username.value=="") || (username.length=="") )
{
alert("Please Enter a User Name")
username.value=""
username.focus()
return false
}

sample code of javascript for file2.js is

var fname=document.registrationform.fname
if ( (fname.value==null) || (fname.value=="") || (fname.length=="") )
{
alert("First Name is required")
return false
}
also sometime if i use fname.value in page2.php i get an error that value is not an object or is null so i have modified the

code in file2.js to some extent


can some one tell me how to go about validating textfields and other form elements in page2.php using php code to be

validated like the checkboxes in page2.php

any help will be greatly appreciated.


also in page2.php i have an insert statement which writes the information that a user has entered in the form into mysql

database. i have read about database injection recently. so i have used $username = addslashes($_POST["username"]);
due to this the value in the database is recorded as example first\name if a user typed first'name in the form should i use
mysql_real_escape_string() method to take extra precaution or is addslashes() method alright. if i adopt

mysql_real_escape_string() do i just read the values simply as $username = mysql_real_escape_string($_POST["username"]);
or do i need to write extra code because of using mysql_real_escape_string() method

thanks.

Re: issues with using form in php

Posted: Mon Feb 25, 2008 12:06 pm
by yacahuma
long post.

you dont need a page 2. submit the page to itself.

validate your data first with php and then add the javascript layer. remember javascript can be disabled by the user. do not depend on it.

Code: Select all

 
class mydata
{
  var $f1;
  var $f2;
 
   function isValid()
  {
  if ($this->f1 >10) //example of a validation
    return false;  
  return true;
  }
}
 
 
page1.php
<?php
$alert ='';
if (isset($_POST['submit_btn']))
{
   $obj = new mydata();
   $obj->f1 = $_POST['f1'];
   if (!$obj->isValid())
     $alert='Data is Invalid');
   else
   {
      header('Location: next_page_url');
     exit;
    } 
 
     
}
else
   $obj = new mydata();//empty object
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Page title</title>
</head>
<body>
<form action="#" method="post">
f1:<input type="text" name="f1" value="<?=$obj->f1?>" />
<input type="submit" name="submit_btn"/>
</form>
</body>
</html>