Page 1 of 1

Form post-back

Posted: Mon Mar 10, 2008 5:34 pm
by rickytenzer
Hi fellas,

I have a consultation form on my website that I've added a few verifications to. The problem is, now that I have these verifications, the client would lose the entire form if they submitted erroneous information into the three required fields.

I would like it so that if they happen to make a mistake that they do not lose all the information that they have already given.

Some people have given me some advice:

Code: Select all

<input name="name" type="text" value="<?=htmlspecialchars($_POST['name'])?>" size="27px">
However, this doesn't seem to be working. It seems as though the info stored in 'name' is gone by the time the browser gets to this point.

Here's a link to my zipped code: http://www.dermamode.com/appointment.zip

Any help would be appreciated!

Re: Form post-back

Posted: Mon Mar 10, 2008 5:43 pm
by alex.barylski
You need to use a self-posting form approach or use SESSION's

index.php

Code: Select all

<?php
  if($_GET['action'] == true){
    // TODO: Now when you access $_POST data it should work fine.
  }
?>
<html>
  <body>
    <form action="index.php?action=true">
     <input type="text" name="fname" value="<?php echo $_POST['fname']; ?>" />
     <button type="submit">Send Data</button>
    </form>
  </body>
</html>
Not the most elegant solution, but that is the simplest way to express the general idea behind postback.

Re: Form post-back

Posted: Mon Mar 10, 2008 5:44 pm
by Luke
Well this won't work if you don't have PHP short tags on (short tags are the devil). Try this instead:

Code: Select all

<form method="post" action="#"> <!-- make sure form is posting via post and its posting back to this page -->
<input name="name" type="text" value="<?php echo htmlspecialchars($_POST['name'], ENT_QUOTES); ?>" size="27">

Re: Form post-back

Posted: Mon Mar 10, 2008 5:55 pm
by rickytenzer
The Ninja Space Goat wrote:Well this won't work if you don't have PHP short tags on (short tags are the devil). Try this instead:

Code: Select all

<form method="post" action="#"> <!-- make sure form is posting via post and its posting back to this page -->
<input name="name" type="text" value="<?php echo htmlspecialchars($_POST['name'], ENT_QUOTES); ?>" size="27">
Not working! What exactly are PHP short tags? All I can tell you is that within my HTML code (my main PHP code is outside of the HTML code) I have a small piece of PHP code that echos a confirmation message:

Code: Select all

<?php
if(isset($_GET['msg']))
{
$msg=$_GET['msg'];
echo $msg;
}
?>
This code works.

Did you take a look at my code?

Thanks

Re: Form post-back

Posted: Mon Mar 10, 2008 6:01 pm
by Luke
No I did not take a look at your code. I rarely download zip files that people post on forums. If you want me to look at your code, post it here. I can tell that you didn't try my code though because if $_GET is working, obviously you didn't ensure that you are posting via the POST method instead of GET. make sure your form tag opens like this:

Code: Select all

<form method="POST" action="#">

Re: Form post-back

Posted: Mon Mar 10, 2008 6:32 pm
by rickytenzer

Code: Select all

<form action="appointment.php" method="post">
That's how it is right now. I'm going post bits of my code.

...

Code: Select all

<?php
    $name="";
            $email="";
            $phone="";
            $choice="";
            $treatment="";
            $address="";
            $message="";
            $latex="";
            $medication="";
            $medication1="";
            $accutane="";
            $accutane1="";
            $accutane2="";
            $pregnant="";
            $breast="";
            $tanning="";
            $tanning1="";
            $particular="";
            $herpes="";
            $color_area="";
            $hair_color="";
            $eye_color="";
            $shade="";
            $tanned="";
            $sun="";
            $methods="";
            $strerr ="";
    if(isset($_POST['name']))
        {
            $name=$_POST['name'];
            $email=$_POST['email'];
            $phone=$_POST['phone'];
            $choice=$_POST['choice'];
            foreach($_POST['treatment'] as $value) { 
$treatment .= "$value<br>"; 
}
            $address=$_POST['address'];
            $message = $_POST['message'];
            $latex=$_POST['latex'];
            $medication=$_POST['medication'];
            $medication1=$_POST['medication1'];
            $accutane=$_POST['accutane'];
            $accutane1=$_POST['accutane1'];
            $accutane2=$_POST['accutane2'];
            $pregnant=$_POST['pregnant'];
            $breast=$_POST['breast'];
            $tanning=$_POST['tanning'];
            $tanning1=$_POST['tanning1'];
            foreach($_POST['particular'] as $value) { 
$particular .= "$value<br>"; 
}
            $herpes=$_POST['herpes'];
            $color_area=$_POST['color_area'];
            $hair_color=$_POST['hair_color'];
            $eye_color=$_POST['eye_color'];
            $shade=$_POST['shade'];
            $tanned=$_POST['tanned'];
            $sun=$_POST['sun'];
            foreach($_POST['methods'] as $value) { 
$methods .= "$value<br>"; 
}
if(strlen($name) < 1)
{
$strerr= "You must fill in all the required fields!";
header('location:appointment.php?msg='.$strerr);
}
else if(strlen($email) < 1)
{
$strerr= "You must fill in all the required fields!";
header('location:appointment.php?msg='.$strerr);
}
else if(strlen($phone) < 1)
{
$strerr= "You must fill in all the required fields!";
header('location:appointment.php?msg='.$strerr);
}
else if(strlen(preg_replace("/\D/",'',$phone)) != 10)
{
$strerr= "Your phone number must be 10 digits.";
header('location:appointment.php?msg='.$strerr);
}
else if(checkEmail($email) == FALSE) 
{
$strerr= "Invalid e-mail address. Please try again!";
header('location:appointment.php?msg='.$strerr);
} 
else
{
$address = nl2br($address);
$message = nl2br($message);
$medication1 = nl2br($medication1);
$from = $email;
$to = "info@dermamode.com";
$subject = "Appointment Request";           
$strMsg = "<table cellspacing=20 width=100%>
...

Code: Select all

$html_en=1; 
                            
function sendMail($to,$subject,$strMsg,$from,$html_en)
        {
//echo $strMsg,$from,$html_en;
if($html_en==1)
{
$headers = "From: $from \nContent-type: text/html; charset=utf-8\n";
}
else
{
$headers = "From: $from \n";
}
if(mail($to,$subject,$strMsg,$headers))
{
//$strerr= "Mail sent to ". $adm;
$strerr= "Appointment request successful!";
header('location:appointment.php?msg='.$strerr);
}
else
{
$strerr= "Sorry, unable to deliver request.";
header('location:appointment.php?msg='.$strerr);
}
}
 
sendMail($to,$subject,$strMsg,$from,$html_en);
}
}
print_r($_POST);

Code: Select all

<form action="appointment.php" method="post">
<table width="20%" border="0" align="center">
                                                    <TR>
                                                      <TD width="139" align="left" valign="middle"bgColor="#ffffff"><div align="left"><br>
                                                              <img src="../images/Name.png" alt="Name" width="52" height="15"><br>
                                                              <br>
                                                      </div></TD>
                                                      <TD width="482" valign="middle" bgColor="#ffffff"><div align="left">
                                                          <input name="name" type="text" value="<?=htmlspecialchars($_POST['name'])?>" size="27px">
                                                      </div></TD>
                                                  </TR>
...

Code: Select all

<TR valign="middle" bgcolor="#FFFFFF" height="70">
                                                      <TD colspan="2" align="center"><div align="center" class="style53">
                                                          <input type="image" value="submit" src="appointment.jpg">
                                                      </div></TD>
                                                    </TR>
                                                </TABLE></form></TD>

Re: Form post-back

Posted: Mon Mar 10, 2008 6:41 pm
by Luke
Why are you redirecting to the page instead of simply posting to itself? Do you understand the code you are using? If you don't, then try something a little less complicated until you understand it.

Code: Select all

<?php
if ($_POST['action'] == "send") {
    // pseudo-code - do not copy and paste this - you'll have to ACTUALLY do what I'm emulating
    if (!empty($_POST['name'] && strlen($_POST['name']) > 3) {
        $msg = "You have successfully sent your email.";
    } else {
        $msg = "There were errors in your submission";
    }
}
 
if (isset($msg)) echo "<p>" . $msg . "</p>";
?>
 
<form method="post" action="#">
  <input type="hidden" name="action" value="send">
  <div>Name: <input type="text" name="name" value="<?php if (isset($_POST['name'])) echo htmlentities($_POST['name'], ENT_QUOTES); ?>">
</form>

Re: Form post-back

Posted: Mon Mar 10, 2008 6:45 pm
by rickytenzer
To be completely honest, I'm a complete newbie here. I'm working on my dad's website that was created for us. I'm quite good at computers and I learn quickly, but I'm definitely not a pro so far.

Could you explain what you just showed me?

Re: Form post-back

Posted: Mon Mar 10, 2008 6:54 pm
by Luke
Sure can... you see, your script actually redirects back to the script you are rendering, and by doing so it loses all the $_POST variables on the way. My script posts directly back to itself, and so the $_POST variables are there. So take a look below I have added comments to describe what is happening...

Code: Select all

<?php
if ($_POST['action'] == "send") { // if there is an index called "action" in the POST array with a value of "send" this means the form has been posted. We know this because we put that in a hidden field in the form below(see the hidden field down there?)
    // this is where you'd perform your validation... if all of the $_POST variables didnt pass your tests, you'd assign an error message to $msg for display
    if (!empty($_POST['name'] && strlen($_POST['name']) > 3) {
        $msg = "You have successfully sent your email.";
    } else {
        // if the POST vars pass your validation, then assign a confirmation message to $msg
        $msg = "There were errors in your submission";
    }
}
// if we have a $msg to display, display it.
if (isset($msg)) echo "<p>" . $msg . "</p>";
?>
<!-- this uses # as the action because that will make it post back to THIS page -->
<form method="post" action="#">
  <!-- this is so we know whether or not the form has been submitted -->
  <input type="hidden" name="action" value="send">
  <!-- You will notice that I checked that $_POST['name'] was set before trying to output it. This is because PHP will issue a NOTICE (or is it a warning?) if you try to use a variable that hasnt been assigned. If this form has not been posted, than $_POST['name'] wont exist and PHP will issue the NOTICE. You have to use htmlentities to avoid XSS attacks -->
  <div>Name: <input type="text" name="name" value="<?php if (isset($_POST['name'])) echo htmlentities($_POST['name'], ENT_QUOTES); ?>">
</form>
 
Try copying and pasting this code into a file called test.php and play around with it a bit.

Re: Form post-back

Posted: Mon Mar 10, 2008 7:04 pm
by rickytenzer
I got most of what you were saying. I replaced the "action="appointment.php"" with "appointment="#"" in my code to keep the values stored. I'm having difficulty seeing why it shouldn't work now?

Is there a way we could communicate via MSN?

Re: Form post-back

Posted: Mon Mar 10, 2008 7:12 pm
by Luke
Your problem is that you are redirecting. Don't redirect...

Code: Select all

if(strlen($name) < 1)
{
$strerr= "You must fill in all the required fields!";
header('location:appointment.php?msg='.$strerr); // this is redirecting... not necessary
}
else if(strlen($email) < 1)
{
$strerr= "You must fill in all the required fields!";
header('location:appointment.php?msg='.$strerr); // this is redirecting... not necessary
}
else if(strlen($phone) < 1)
{
$strerr= "You must fill in all the required fields!";
header('location:appointment.php?msg='.$strerr); // this is redirecting... not necessary
}
else if(strlen(preg_replace("/\D/",'',$phone)) != 10)
{
$strerr= "Your phone number must be 10 digits.";
header('location:appointment.php?msg='.$strerr); // this is redirecting... not necessary
}
else if(checkEmail($email) == FALSE)
{
$strerr= "Invalid e-mail address. Please try again!";
header('location:appointment.php?msg='.$strerr); // this is redirecting... not necessary
}
Remove those lines and see what happens

Re: Form post-back

Posted: Mon Mar 10, 2008 7:20 pm
by rickytenzer
Wow! WORKS! I removed all the "headers" commands, and it works!

However, my problem now is that I need to allow it to send the email. For now it isn't working.

You can try it at http://www.dermamode.com/en/appointment.php

Thanks so much!

Re: Form post-back

Posted: Mon Mar 10, 2008 7:26 pm
by rickytenzer
I FIXED IT! All I did was remove all the headers completely and just echoed "$strerr", and it's fine now! Thanks SO much man. Really appreciate it.

My latest problem is being able to store the textarea, checkbox, and radio information. Any help?

Re: Form post-back

Posted: Tue Mar 11, 2008 12:00 am
by rickytenzer
You REALLY helped a lot. I fixed everything. THANKS!