You can try something like this:

<?
if ($_SERVER['REQUEST_METHOD'] == "POST"){
if (!$name){
print "Please fill in your name.";
} else {
//send to mail program
}
}
?>

<form action="<? print $PHP_SELF ?>" method="POST">
<font>Name:</font>
<input type="text" name="name" value="<? $name ?>">
<input type="submit">
</form>

Hope that helps.

Originally posted by nbagley
You can try something like this:

if ($_SERVER['REQUEST_METHOD'] == "POST"){
	if (!$name){

[/b]

Why the convolution? Why not just

if(empty($_POST['name'])){

or

if(!isset($_POST['name']) || $_POST['name']==''){

?

Try some JAVASCRIPT to validate your form.
here is a little example.
This script opens a popup, if one if the checked fields is emty.
The form will not be send, until both fields are filled.

<script language="javascript">
<!--
function check(theform) {
if (theform.user.value=="") {
alert("Bitte einen Usernamen eingeben!");
return false; }
if (theform.pwd.value=="") {
alert("Bitte Passwort eingeben!");
return false; }
else { return true; }
}
//-->
</script>

<form action="index.php" method="post" name='login' onsubmit="return check(this);">
Username:</br><input type="text" name="user" size="11"><br>
<br>
Passwort:</br><input type="password" name="pwd" size="11"><br>
<br>
</td></td>
<tr><td align=center>
<input type="hidden" name="login" value="LOGIN"><br>
<input type="submit" value="Anmelden">
</form>

The responses seemed to focus on the form processing rather than data validation. Is form processing what you were looking for? Or perhaps looking for how to do validation logic...

To validate, we do a few things:
Make sure the field does not have more characters than we're expecting. If it does, we know that they circumvented the form, which may mean they may be trying to do a stack overflow attack of some kind... (i'm paranoid) - so I immediately zero out the session variables and kill the session.

If it has data, I pass the data and type of validation desired to a function in the included file. That function uses regular expressions (ereg, etc.) to determine whether the data matches what is expected; email addy, currency, username & password (no spaces, limited special characters, etc.). If it passes, then a flag is set for the field indicating that it is validated. Once all fields are validated, then the database stuff is allowed to proceed.

I have turned off magic_quotes_gpc, because I mirror input of all field back, if any field needs correcting. "On" causes special characters, like single quote to come back 'escaped' with a backslash. So with magic_quotes off, I have to add the quotes using the string function addslashes prior to setting the variable in the database.

Beware of serious validating using javascript because it can be circumvented.

Originally posted by Tom Persing
The responses seemed to focus on the form processing rather than data validation. Is form processing what you were looking for? Or perhaps looking for how to do validation logic...

Looks like validation logic to me - checking form fields, seeing they contain appropriate information, complaining if they don't.

Beware of serious validating using javascript because it can be circumvented.

True; it's best if you check everything twice - once in Javascript, once in PHP. In Javascript, 'cos it's faster for the user and the server doesn't need to be hit, and in PHP in case Javascript isn't running and/or there are checks that are needed that can't be done in Javascript.

When the PHP validation code judges the submission invalid, you'll need to write the form values back into the form fields. This is easily enough done. Here's a simple example:

<input type="text" name="email" value="<?php echo $_POST['email']?>">

Basically you get PHP to write out the form with all the fields set to whatever values had been submitted. There is no problem with the initial display of the form (before any submission attempts have been made), because the relevant $_POST[] entries would all be empty anyway.