Form Validation Process

gwerner

Ok, first post and I have a noob to intermediate skill level. So, bear with me.

I'm going back through old code and cleaning things up. One of the things I'm cleaning up is how I handle form validation. Currently I'm using if elseif statements to run the posted data through. I'm using the regexp function which is deprecated as of 5.3.

The process I'm thinking about is once the form is submitted it calls addCompany() function. This function should check that the form passed the validation functions and then insert the data into the database.

The way I have it written below the validation functions get called when the form is posted due to them being called inside the form. Seems like they should be called after the initial addCompany function is called, but maybe not.

After the form is submitted, I also want to be able to highlight the fields that were missed or incorrect data is posted. I've read and read on this subject and it seems like there are many ways to accomplish.

The way I'm thinking about this is the form is as follows (Keep in mind this is just a rough start):

<?php
function valName() {
	return preg_match("/^[A-Za-z0-9-_\s]{4,30}$/", $_POST['coname']) ? TRUE : FALSE;
}

function valAddress() {
	return preg_match("/^[A-Za-z0-9-_.#\s]{4,80}$/", $_POST['address']) ? TRUE : FALSE;
}

$action = $_POST['action'];
switch ($action) {

case 'addCompany' :
	addCompany();
	break;

case 'modifyCompany' :
	modifyCompany();
	break;

case 'deleteCompany' :
	deleteCompany();
	break;

}

function addCompany() {
	if (valName() != FALSE) {
	echo "No errors";
	}
	INSERT into table if all is well.
	Plan to do the mysql_real_escape_string thing here as well.
}
?>

/*** The form components with error checking to highlight bad or missing data ***/
<form enctype="multipart/form-data" method="POST" action="<?php echo filter_var($_SERVER['PHP_SELF']. "?" . $_SERVER['QUERY_STRING'], FILTER_SANITIZE_STRING); ?>">
<input type="hidden" name="action" value="addCompany">
<ol>
<li>
<label for="coname" <?php if (valName($_POST['coname']) != TRUE) { echo "class=\"error\""; } ?>>COMPANY NAME</label><input id="coname" name="coname" type="text" value="<?php if (isset($_POST['coname'])) { echo $_POST['coname']; } ?>" />
</li>
</ol>
</form>

gwerner

On further investigation the call to the functions within the form produce a fatal error. I updated the code and then just hit submit on the form without ever refreshing the page first. So, I didn't know this would create an error before my last post.

Now I really need some help to make sense out of this mess.

anakadote

Pass your $_POST values as function parameters:

function valName($name) {
return preg_match("/^{[A-Za-z0-9-_\s]{4,30}$/",} $name) ? TRUE : FALSE;
}