Form validation in php

Cyndi_Newbie

hello all,

i'm very new to php.

i have a php page wherin i have a form with quite a few variables.

Basically the user is asked to fill in the form and once he fills it, i take him to a thank you page and he can download a file by clicking at the specified url. Below are the variables which use textbox:

Name: textbox
<input type="text" name="name_var">

Organization: textbox
<input type="text" name="organization_var">

Address: textbox
<input type="text" name="address_var">

City: textbox
<input type="text" name="city_var">

State: textbox
<input type="text" name="state_var">

Zipcode: textbox
<input type="text" name="zipcode_var">

Phone: textbox
<input type="text" name="phone_var">

Email address: textbox
<input type="text" name="email_var">

I also have 2 drop-down menus with some values. For example, under the district category, i have many values

<select size="1" name="district_var">
<option>districtname1</option>
<option>districtname2</option>
<option>districtname3</option>
</select>

how can i validate the form and check that he has entered some valid input in each of the above variables in the form? Please help me out. I'll be grateful to you if you cud provide me code for the above.

bike5

//'text' you replace with the name for each input
$error=false;
if($_POST['text']==''){echo'Text required';$error==true;}

if($error==false)
{
everything is filled in
} else
{
reload the form
}

thats very basic, you should strip harmful code from each input and when you reload the form, you might want to reload the form with the input they put before so they don't need to retype by using value = $_POST[the name of the text feild]

ex:
<input type="text" name="email_var" value="<? echo $_POST['email_var']; ?>">

Cyndi_Newbie

Thanx a ton!!

another thing.. if u don't mind

after the form has been filled properly, i take them to another page which has the url for downloading a ppt file. Now the thing is: On the page the url is very clearly specified i.e it is standard something like:

http://www.something.com/sth.ppt

I don't want the user to know the exact location of the ppt file. A user who hasn't filled the form may still be able to access the powerpoint file. I want to hide the exact location of the file. How do i do this? Thanks a lot. I appreciate your help.

Originally posted by bike5
//'text' you replace with the name for each input
$error=false;
if($_POST['text']==''){echo'Text required';$error==true;}

if($error==false)
{
everything is filled in
} else
{
reload the form
}
thats very basic, you should strip harmful code from each input and when you reload the form, you might want to reload the form with the input they put before so they don't need to retype by using value = $_POST[the name of the text feild]

ex:
<input type="text" name="email_var" value="<? echo $_POST['email_var']; ?>"> [/B]

tuf-web_co_uk

on the thank you page, make sure that this is at the very top of the page, or you use output buffering, place a 'header', like the ones for html

<?
$url = "http://www.something.com/sth.ppt";
Header('Location: ' . $url); // using location inside the header function tells php that you want to load an address, this is much like using a include function
?>

with that the user will automatically be asked to download the ppt file, much like when you click on the address from a link in your broswer, but this way he/she doesnt see the status bar and therefore doesnt see the address of the file

Cyndi_Newbie

Thanks!

But this way, the url of the file is visible in the address bar. The user could easily make a note of it and possibly tell others where the file is located, so that other visitors need not fill out the registration form. Hope you get what i'm trying to say. Also, if i do it in the way u mentioned, the file is opening up rather than asking the user whether to save the file to disk or open in the browser.

pls, this is very urgent

thanks 🙂

Cyndi_Newbie

I have 3 php pages
1) userpage.php
2) validate.php
3) downloadpage.php

In userpage.php the user fills various text fields. I have written javascript function checkform(form) to validate the form. The function alerts the user if any of the text fields have not been filled. This is client-side validation of the form.

In the <form> tag i have the action="validate.php" and ofcourse method="POST" and <input type="submit" onclick="javascript:checkform()">

am i doing the correct thing? The javascript is alerting the user if some text field is missing. but after i click okay on the alert, i'm being directed to validate.php(which too is not working!!)

In validate.php, i take the $_POST['var'] and use the ereg() function to check whether the given input is valid or not. if everything is correct..i redirect the page using
header('Location: ' . $url); where $url= downloadpage.php

I know i'm missing something. i'm not checking the conditions properly. In validate page, what if the input is not valid. how do i take him back to userpage.php.

Someone kindly give me clearcut directions as to what i should be doing. Thanks in advance.

dartcol

I'm wondering why you're using both JavaScript and PHP to validate your form. Why not just use PHP? The user may have turned off JavaScript in their browser.

The form continues to the page validate.php as this is the action of the from. It doesn't matter that you have a JavaScript alert box getting in the way. It will still go to validate.php as that's what the previous script told it to do.

If I were you. I'd have the following at the top of userpage.php

if (isset($_POST['submit']))
{
include ("validate.php")
}

Then, in the form do this:

<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">

This makes the form redirect the user to userpage.php, the same page that has the form. It then recognises that $_POST['submit'] is set. Then it includes validate.php which validates the selected variables. Include error messages in the validate.php script.

If all the variables are okay, then redirect the user with your header function. This also goes in your validate.php. If there is an error then an error message can be printed to the browser on the same page and the header function is not called as this follows in the else part of the conditional in validate.php. If there are no errors then the script moves to the header function and directs the user to the download page.

This way you keep your code separate from your HTML and you have the form's action instruction inside the same script as the form for your easy reference.

[EDIT]You could, to make it even cleaner code, incldue a functions page at the top of all pages that require form validation. Then in your functions.php page include the functions for error handling. Then simple replace include("validate.php"); with the name of the function in function.php.[/EDIT]

Cyndi_Newbie

My code isn't working. I'm doing something terribly wrong.

Here is the code for the userpage.php

#!/usr/local/bin/php
<?php
if (isset($_POST['submit']))
{
include ("validate.php");
}
?>
<head>
<title>Register</title>
<script type="text/javascript">

function checkform(form)
{
if(document.form.name_var.value == '')
{
alert("Fill the Name field!");
form.name_var.focus();
return false;
}

if(document.form.address_var.value == '')
{
alert("Fill the Address field!");
form.name_var.focus();
}
else
{
return true;
}
}
</script>

</head>
<html>
<body>

<form method="POST" action="="<?php echo $_SERVER['PHP_SELF']; ?>" name="form1">
<p> </p>
<p>Name:      <input type="text" name="T1" size="20"></p>
<p>Address:  <input type="text" name="T2" size="20"></p>
<p><input type="submit" onSubmit="return checkform(this);" value="Submit" name="B1">    
<input type="reset" value="Reset" name="B2"></p>
</form>

</body>

</html>

Code for validate.php:

#!/usr/local/bin/php
<html>
<head>
<title>Validating Page</title>
</head>
<body>
<?php
$name = $POST['name_var'];
$address = $POST['address_var'];
$redirecturl = "downloadpage.php";

if(!ereg("^[a-zA-Z]+$",$name)) 
{
	echo "Please input the name again!";
}
if(!ereg("^[a-zA-Z0-9#,]+$",$address))
{
	//error
	echo "Please input the address again!";
}
else //form filled
{
	header('Location: ' . $redirecturl);
}

?>
</body>
</html>

Cyndi_Newbie

anyone there???
i'm tryin to figure the problem since yesterday
please 🙁

dartcol

Try this.

Userpage.html (or .php whichever you choose to use)

<?php
	if (isset($_POST['submit']))
		{
		include ("validate.php");
		}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Userpage.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

</head>

<body>

<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="email" />
<input type="submit" name="submit">

</body>
</html>

validate.php

<?php
if (!empty($_POST['email']))
	{
	if(!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$_POST['email']))
		{
		echo "The email address you gave is not in the correct format. Please try again.";
		}
	else
		{
		header("Location: somelocation.html");
		}
	}
else
	{
	echo "Please give your email address.";
	}

?>

I've used the regular expression as suggested by zend.com. You can read more at: http://www.zend.com/zend/spotlight/ev12apr.php#Heading3

As you can see, I've taken out all the JavaScript. I don't tend to use it much and honestly cannot see the point in using it to check a form when PHP will do it for you 100% effectively. My advice is ditch the JavaScript for validating a form. It isn't worth the effort. JavaScript can be used for much better things but always keep in mind that the user may have turned it off in their browser. Therefore, there should always be an alternative for them to use.

With this script though, it is so small and the difference in speed negligible that there is no need for the JavaScript (there, said it again 🙂).

I've tested it on my server. I have error_all set in my php.ini file and it works fine. Let me know if you have problems.