PHP Form Validation...Please Help!!!

Brind9562

Hi I have set up a sign up form for my website and have done the client side validation using javascript. But I now want to set up server-side validation and I'm not sure how it all works. (I will be using PHP for the server-side validation).

I know how to check the submitted fields etc but I am unsure about the following.

How do you return the user to the form stating the errors.

So if someone didn't enter their first name how would I make the user return to the form without making them fill out the whole form again. Also when they return I would like to state the errors for example in this case the page would show "Please enter your first name".

Sorry if this is hard to understand, any help would be really appreciated.

Thanks
Ben

Drakla

Refilling the form is easy - this is a nice and easy way to do it. I'm using a global placeholder array (yes yes, all I should use a registry class, but I'm doing this on the cheap) to hold data to fill in the form. You have your form like so:

<form id="form1" name="form1" method="post" action="">
  <table border="0" cellspacing="0" cellpadding="1">
    <tr>
      <td>name</td>
      <td><input class="newsltb" type="text" name="name" id="name" value="<?php echo $content['name']; ?>" /></td>
    </tr>
    <tr>
      <td>surname</td>
      <td><input class="newsltb" type="text" name="surname" value="<?php echo $content['surname']; ?>" /></td>
    </tr>
    <tr>
      <td>email</td>
      <td><input class="newsltb" type="text" name="email" value="<?php echo $content['email']; ?>" />
      <input type="submit" name="Submit" value="Subscribe" onclick="this.disabled=true; submit();" /></td>
    </tr>
  </table>
  <input type="hidden" name="add-to-newsletter" value="true" />
</form>

And then you have somewhere your controller for the submit:

/**
*	Placeholder for page content
*	@global array $GLOBALS['content']
*	@name $content
*/

$content = array(
	'messages'	=> '',

'name'		=> '',
'surname'	=> '',
'email'		=> '',	// form refiller for user's email on error
);


/**
*	Main() controller for newsletter joinup page
*/

function newsletter_controller()
{
	if (isset($_REQUEST['add-to-newsletter']))
	{
		newsletter_join_handler();  // here's where you do your validation and all that
	}


	// refill the form fields
init_form_fields('name,surname,email');
}

And here's a nice function to auto fill the placeholder array.

	/**
	*	Poplulates the global $content placeholder array with any submitted data matching
	*	the field names supplied, or creates blanks
	*	@param mixed array or csv of fields or * if you want to put everything submitted back into the wild (Danger, Danger!)
	*	@param bool whether to special char content
	*/

function init_form_fields($fields = array(), $specialchar = true)
{
	global $content;

$rh = new RequestHandler();
$rh->trim();
$in =& $rh->data;

if (!is_array($fields))
{
	$fields = array_map('trim', explode(',', $fields));
}

	// if * was passed for fields then repopulate with everything that was submitted

if ($fields[0] == '*')
{
	$fields = array_keys($_REQUEST);
}

foreach ($fields as $field)
{
	if (isset($in[$field]) && is_scalar($in[$field]))
	{
		$content[$field] = $specialchar ? htmlspecialchars($in[$field]) : $in[$field];
	}
	elseif (isset($content[$field]))
	{
		// leave the default value
	}
	else
	{
		$content[$field] = '';
	}
}
}

You'll see there's a RequestHandler class I'm using. That's something I've written that automatically strips $_REQUEST by default if magic quotes are on, and allows the trimming of the whole array in one go - you can just do that yourself and replace those three lines.

As for the validation just check the values are set (isset) then use whatever functions to check lengths and formats (empty, strlen, preg_match) and any bounds checking you need for numbers. Put any errors into a message and pump it out. If everything went well then redirect to a "You am done" page.