GIDForums  

Go Back   GIDForums > Computer Programming Forums > MySQL / PHP Forum
Reload this Page PHP form needs validation
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
Page 1 of 2 1 2 >
 
Thread Tools Search this Thread Rate Thread
  #1  
Old 24-Sep-2004, 03:54
jabesign jabesign is offline
New Member
  
Join Date: Sep 2004
Posts: 1
jabesign is on a distinguished road

PHP form needs validation

i am very new to php and am working on a form that is complete and working yet has no validation on the form....

the .php files all link to a template and get the content out of a excel spreadsheet, a .csv file. all the pages work fine.

the php code that is in the form page is this:

PHP Code:

if (isset($_POST['submit'])) {

    $page = "thankyou";

}

else {

    $page = "contact"; 

    }

include_once('config-files/include.php'); // all page includes

if (isset($_POST['submit'])) {

    sendEmail();

    }
?>

even if the form is blank it submits it i need some form of validation for it, how do i implement it??

it also links to another file emailtemplate.php in here are all the variables:
PHP Code:

<?php


$message  = "

<html>

<head>

<title>$companyName Contact Form</title>

</head>

<body>

<span style=\"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px;\">

".$_POST['name']."

<br/>

".$_POST['company']."

<br/>

".$_POST['email']."

<br/>

".$_POST['hear']."

<br/>

".$_POST['phone']."

<br/>

".$_POST['message']."

<br/>

".$_POST['date']."

<br/>

</span>

</body>

</html>

";

?>

help on this would be very grate full, just i don't even know where to start putting the validation code nevermind what it is!

thank you.
Last edited by JdS : 24-Sep-2004 at 06:26. Reason: Please insert your example PHP codes between [php] and [/php] tags
  #2  
Old 24-Sep-2004, 06:48
JdS's Avatar
JdS JdS is offline
Senior Member
  
Join Date: Aug 2001
Location: KUL, Malaysia
Posts: 3,371
JdS will become famous soon enough
If your concern is only that some data supplied by the user is not blank, then the 'screening/validation' snippet can look a bit like this:

PHP Code:

if( isset($_POST['submit']) )
{
  // say for example that $_POST['message'] must not be empty
    // remove whitespace from the data
    $_POST['message'] = trim( $_POST['message'] );
    // once that is done, see if there's anything left inside the string
    if( $_POST['message'] ) // there is something!
      $page = "thankyou";
    else // $_POST['message'] was blank
      trigger_error( "Blank message detected.<br />\n", E_USER_ERROR );
}
else
{
  $page = "contact";
}

// the rest of your code...
?>

That's just the general idea. You can create a custom PHP function that you can re-use for validating common data types. Just to whet your appetite, here's how my little custom function works:

PHP Code:

<?php

// if I expect data from 2 form fields named $username and $password
// $username must not contain tags, must not be blank and will be inserted into a database
// $password must not be blank, hashed with MD5, and inserted into a database

// this is how my custom function will handle the user input data

format_input( $_POST, array('username'=>GID_TRIM|GID_STRIP_TAGS|GID_PUT_IN_DB,
                            'password'=>GID_TRIM|GID_MD5|GID_PUT_IN_DB) );
?>

To accomplish creating a custom function like this for yourself, you'll need to learn about passing variables by reference, bitwise operators and constants.
  #3  
Old 01-Oct-2004, 18:53
JasonMichael's Avatar
JasonMichael JasonMichael is offline
Awaiting Email Confirmation
  
Join Date: Jul 2004
Posts: 135
JasonMichael has a spectacular aura about
J de Silva, I can just imagine what the internal code of that function looks like. I assume that you do a loop on the array, and nest a series of IF/THEN statments that check if a BIT is turned on (or set) which corresponds to your constants of GID_TRIM,GID_STRIP_TAGS, and GID_PUT_IN_DB, and then perform the associated operation, calling a function perhaps for each one.

That's pretty coooooool!
  #4  
Old 02-Oct-2004, 08:26
cs2 cs2 is offline
Member
  
Join Date: May 2003
Location: California
Posts: 107
cs2 will become famous soon enough
Quote:
Originally Posted by JdS
PHP Code:

if( isset($_POST['submit']) )
{
  // say for example that $_POST['message'] must not be empty

  // . . .
I don't think the snippet above will always work as expected. If the variable has been initialized somewhere previously, won't the isset condition be TRUE?

If you want to test whether a variable is empty, use PHP's built-in "empty()" construct.

Personally, I prefer the "belt and suspenders" method. Use Javascript validation for speed (avoids an extra trip to the server if the user left a required field blank), and server-side validation in the PHP script. If the user has Javascript enabled in their browser, then there is no penalty by performing the redundant PHP validation. If they don't have Javascript enabled, then the server-side checking will catch it.

Bullet-proof!
__________________
The Whole Internet, LLC
Visit our Homepage, -or-
use our online CSS Editor
  #5  
Old 02-Oct-2004, 09:37
WaltP's Avatar
WaltP WaltP is offline
Outstanding Member
  
Join Date: Feb 2004
Location: Midwest US
Posts: 3,234
WaltP is a name known to allWaltP is a name known to allWaltP is a name known to allWaltP is a name known to allWaltP is a name known to allWaltP is a name known to all
Quote:
Originally Posted by cs2
I don't think the snippet above will always work as expected. If the variable has been initialized somewhere previously, won't the isset condition be TRUE?
From where? My understanding is each page is processed independently, therefore all variables are reset and/or undefined. So the page being processed would have to have two definitions for this to occur.
__________________

Cow: You're a lawyer too?
Mooseblood (mosquito): Ma'am, I was already a bloodsucking parasite. All I needed was a briefcase!
  #6  
Old 02-Oct-2004, 10:24
cs2 cs2 is offline
Member
  
Join Date: May 2003
Location: California
Posts: 107
cs2 will become famous soon enough
Quote:
Originally Posted by WaltP
From where? My understanding is each page is processed independently, therefore all variables are reset and/or undefined. So the page being processed would have to have two definitions for this to occur.
All true, but the OP did not supply the level of detail necessary to answer the "from where" question. For example, we don't know what's in include.php, or if a database is involved.

There is nothing wrong with John's answer. It's just that I think empty() is more generally correct, given that the question was posed by a self-described newbie.
__________________
The Whole Internet, LLC
Visit our Homepage, -or-
use our online CSS Editor
  #7  
Old 02-Oct-2004, 11:53
JdS's Avatar
JdS JdS is offline
Senior Member
  
Join Date: Aug 2001
Location: KUL, Malaysia
Posts: 3,371
JdS will become famous soon enough
One does NOT usually set a $_POST variable/array in one's script.
  #8  
Old 02-Oct-2004, 19:53
JasonMichael's Avatar
JasonMichael JasonMichael is offline
Awaiting Email Confirmation
  
Join Date: Jul 2004
Posts: 135
JasonMichael has a spectacular aura about
I don't think its even possible to set a $_POST variable, with your own code - its set by the server. If it is possible, I think it would be bad programming style to set a $_POST variable.

Nonetheless, Javascript validation works too. Too bad we don't have an example handy of how to do this. I think I'll have to get one posted soon.
  #9  
Old 06-Oct-2004, 11:07
Garth Farley Garth Farley is offline
Invalid Email Address
  
Join Date: May 2002
Location: Ireland
Posts: 638
Garth Farley is a jewel in the roughGarth Farley is a jewel in the roughGarth Farley is a jewel in the rough
I think cs2 does have a point. If a form is left blank & submitted, the form values are set, but blank. Recall how a form submitted using the GET method will have a query string like
form.php?name=&id=

The variable $_GET['name'] is set, but it's blank. empty() is a better choice to make sure all is okay, I think. (Actually I'm lazier, I do a if isset() and if $var == '' check)

POST is similar, just the query string is send in the header request instead of the page URL.
GF
  #10  
Old 07-Oct-2004, 07:02
JdS's Avatar
JdS JdS is offline
Senior Member
  
Join Date: Aug 2001
Location: KUL, Malaysia
Posts: 3,371
JdS will become famous soon enough
How do you suggest empty() works with multiple SUBMIT buttons (on a form) and how will your script know which one was clicked on? The only way that would work is isset(), definitely.
 
Page 1 of 2 1 2 >
 
« Previous Thread | Next Thread »

Recent GIDBlogFirst week of IA training by crystalattice

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
uisng php to display php dopee MySQL / PHP Forum 6 14-May-2004 18:40
php software dopee MySQL / PHP Forum 0 04-May-2004 11:26
help with form orbitel MySQL / PHP Forum 11 21-Jan-2004 15:29
Automate a data change php form mjfmn MySQL / PHP Forum 4 20-Oct-2003 09:37
All the big PHP script collections that matter jrobbio MySQL / PHP Forum 5 06-Jun-2003 16:14

Network Sites: GIDNetwork · GIDWebHosts · GIDSearch · Learning Journal by J de Silva, The

All times are GMT -6. The time now is 00:31.

Contact Us - GIDForums™ - Archive - Top

vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.