PHP Form Validation

saltious

Hi.

I have a form (index.php) passing to logfault.php 2 values entered by the user which i can successfully get via $_POST['details']; method. this works fine.

however. i then run some validation on laugfault.php and if one of these values isn't fuilled in then i need it to redirect to index.php for completion.

again. this bit works fine.

what i am having trouble with is when i pass back to index.php i need to take which ebver value was filled in and display it back in the text area the user previously filled.

does anyone know how i do this? i have tried url variables but this just displays in the address bar and does not appear in the text area.

the text area cos is ok because if i create a static variable and display it such as $text = "please complete this field"; it works.

does nayone a: have any idea what im talking about (ive just read that back to myself and it sounds terribly worded).

and b: able to offer any kind of solution ideas? if you need to see code just ask.

thanks all.

NogDog

You might consider saving the values in session variables and then access them for your form fields. You could also try searching for "sticky form fields" and see some of the other techniques that are used. (I generally go for the form display and form processing in the same file technique.)

saltious

thanks for the reply.

i tried the session variable thing.

i registered and set it (via the _POST variable) on the second page (logfault.php) but when i try to display it back on index.php in the text area i get an error saying the variable is undefined?

ill have a scout at the other options you recomended.

cheers!

NogDog

Did you do a session_start() on each page before any output is generated (and before the $_SESSION array is referenced)?

saltious

Hi. yea, i did that.

thanks again.

saltious

Hi Failing what im trying to do being possible. would anyone know how to use php to make sure the form Or at least one field (radio buttons) is correctly filled in before the form is processed to the next page?

cheers.

aps

Hi. I have also had an issue with this in forms. I seem to recall having to set:

register_globals = On

In your php.ini, followed by apache restart.

NogDog

aps;10889623 wrote:
Hi. I have also had an issue with this in forms. I seem to recall having to set:

register_globals = On

In your php.ini, followed by apache restart.

[man]register_globals[/man] has nothing to do with form validation. Also, as it is considered deprecated and will not even be available in PHP6, I would suggest not turning it on and instead ensuring that your code does not depend on it.

aps

NogDog;10889628 wrote:
[man]register_globals[/man] has nothing to do with form validation. Also, as it is considered deprecated and will not even be available in PHP6, I would suggest not turning it on and instead ensuring that your code does not depend on it.

You are welcome to your concerns about register_globals and I know about the security issues (http://devzone.zend.com/manual/security.globals.html), but this seemed to critically allow $SESSION for sticky forms (in a not overly sensitive application), which $REQUEST* would not provide. Neither would manipulation of the php header() cacheing, etc. directives.

Notably, though my session variables would work in other areas with the directive set to off, this was the only way they seemed to work in the sticky forms role.

Again, you are free to your views, but I am willing to do this to over come such a (*) "death quirk".

*Going "Back" using the browser button would cause all the form fields to be unpopulated (only in IE 6, not in Firefox). Most of what I encoutered seemed to suggest $REQUEST would serve this role. However, as best as I could determine, going "Back" to the form would effectively trigger a resubmission of the request to generate the form (confirmed using a BODY onload JS event), resulting in a restoral of the original $REQUEST array (ie. empty).

BillKat

Saltious, there's different ways of skinning this cat but mine is generally:

Javascript validation in the form, as a quickie pre-check that e.g. req'd fields are there. If all OK, the JS calls a form handler php. (The handler is called anyway, if JS is turned off).

The handler does validation (don't rely on the JS) - checks not only that the fields are supplied but whether they have malicious content, e.g. attempts to use as a spam relay, etc etc.

If there are errors, the handler displays a page saying so and showing what's wrong/missing, with a form with the user's input as hidden fields. The form button takes them back to the original form, and so posting these hidden fields.
The orig form checks for posted fields, and if present, echoes them to the fields.

The validation stuff lives in a separate file(s), for re-use, and one form handler can process all forms, if there's not too many.