473,386 Members | 1,602 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > best approach for server side form validation ?

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Best approach for server side Form Validation ?

I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.

I first tried making the form submit action= field point to the same
file. When the form was correct, I tried loading the next page by using
<META http-equiv refresh>. But that doesn't post the data, so the next
page didn't have access to it.

Then I tried changing the action= field of the form to an a PHP echo. I
would echo a variable that was set to either "ThisSamePage.PHP" or
"TheNextPage.PHP", depending on whether the validation was correct. The
problem is that the user has to press Submit an extra time once the
form is correct, since the form was still displayed with the action
equal to "TheNextPage.PHP"

I have looked for some way to submit the form directly from PHP code,
but I don't know enough about PHP yet.

I think I need some way to cause a Post action from PHP code, so I can
get to the next page without redisplaying the form and having the user
click submit again.

Or is there a better way to structure this type of validation that
avoids this issue?

Jun 24 '06 #1
7 6962
Rik
h7*********@sneakemail.com wrote:
I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.
I assume the redisplaying & highlighting errors is not the problem?
I first tried making the form submit action= field point to the same
file. When the form was correct, I tried loading the next page by
using <META http-equiv refresh>. But that doesn't post the data, so
the next page didn't have access to it.


In rederecting POST data is indeed lost.
There are several solution:
1. Use the same file for processing the data. (if it's a light application
it's the easiest one).
2. Use a temporary table in which you store the valid post data, preferably
with some auto_incremented key, which you can use as a GET variable on the
redirect (major security leak: other visitors can see what the rest is
doing).
3. Use sessions, and store the valid posted data into the $_SESSION, use
those values in the processing on the other page.

Grtz,
--
Rik Wasmus
Jun 24 '06 #2
>I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.
That would seem to make the validation trivial to bypass, unless,
of course, you validate it AGAIN in the page that uses the form data.
What is the purpose of this validation again?
I first tried making the form submit action= field point to the same
file. When the form was correct, I tried loading the next page by using
<META http-equiv refresh>. But that doesn't post the data, so the next
page didn't have access to it.
You can't redirect a POST. And if the data goes through the user's
browser, you can't trust it without validating it again.
Then I tried changing the action= field of the form to an a PHP echo. I
would echo a variable that was set to either "ThisSamePage.PHP" or
"TheNextPage.PHP", depending on whether the validation was correct. The
problem is that the user has to press Submit an extra time once the
form is correct, since the form was still displayed with the action
equal to "TheNextPage.PHP"

I have looked for some way to submit the form directly from PHP code,
but I don't know enough about PHP yet.
PHP can't control the user's browser like that, which is a good
thing. This issue is one reason why Javascript is often Turned Off(tm).
I think I need some way to cause a Post action from PHP code, so I can
get to the next page without redisplaying the form and having the user
click submit again.
It's possible to hit a page directly from the server with CURL, but
I'd advise against this. Do the validation and processing in ONE
hit.
Or is there a better way to structure this type of validation that
avoids this issue?


Validate the input, then process it in the SAME hit. Perhaps use
include(), but make sure the include()d file cannot be hit directly.

Gordon L. Burditt
Jun 24 '06 #3
h7qvnk7q001 wrote:
I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.


My solution for the recently started project was the following:

Create three .php files

1.php - (to initialize form variables) with a call to an A(2) function
in 2.php with default parameters (0 for error variable, and an array of
form elements)
- 1.php is called when the user enters the form page

2.php - (to print out and control the form) with the A(2) function that
takes those two arguments
- echo "<form action=3.php method=post>";
- for each required field use:
if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
1,2,4,8,16,32 and so on.
else { echo "..."; }
- for all fields use interpolated array[x] value to , e.g., echo
"<input type=text value=\"{$array["value"]}\">; - to return any
previously entered data after page reload

3.php - with a B() form validation function (checker) that is first
called in 3.php
- create, initialize and fill out the $array of form variables with
user input
- $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
if an error is found
- if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
- in 1.php and 3.php first do
include '2.php';
PS Go to http://www.planotravel.net, request a quote (yellow image),
randomly fill out the form with errors, submit and see how it works.

Good luck and Regards,

planotravel.net

Jun 25 '06 #4
Carved in mystic runes upon the very living rock, the last words of
<h7*********@sneakemail.com> of comp.lang.php make plain:
I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.


If you're interested in a pre-packaged solution rather than DIY, check out
Phorm.

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/
Jun 25 '06 #5
"planotravel.net" <pl*********@gmail.com> wrote in message
news:11**********************@r2g2000cwb.googlegro ups.com...
h7qvnk7q001 wrote:
I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.


My solution for the recently started project was the following:

Create three .php files

1.php - (to initialize form variables) with a call to an A(2) function
in 2.php with default parameters (0 for error variable, and an array of
form elements)
- 1.php is called when the user enters the form page

2.php - (to print out and control the form) with the A(2) function that
takes those two arguments
- echo "<form action=3.php method=post>";
- for each required field use:
if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
1,2,4,8,16,32 and so on.
else { echo "..."; }
- for all fields use interpolated array[x] value to , e.g., echo
"<input type=text value=\"{$array["value"]}\">; - to return any
previously entered data after page reload

3.php - with a B() form validation function (checker) that is first
called in 3.php
- create, initialize and fill out the $array of form variables with
user input
- $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
if an error is found
- if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
- in 1.php and 3.php first do
include '2.php';
PS Go to http://www.planotravel.net, request a quote (yellow image),
randomly fill out the form with errors, submit and see how it works.

Good luck and Regards,

planotravel.net


What people are trying to say is that all three scripts can be combined
into one. First an explanation. This snippet is incomplete in the sense that
I am doing alot more behind the scenes. I am:

1) using a template class to pre-populate the form fields and display the
form which helps in providing clues to the user when fields are wrong
2) requesting that the users click a check box that indicated they have read
and agree to a waiver
3) when the form is completed successfully I write the data to a database
and place the user in an 'unregistered' state
4) sending the user an email with a payment link should they not complete
the payment process immediately
5) updating the user to 'registered' upon completing the payment process.

note-- the payment process (5) is a separate script (paypal)

logfile('Start of request');
$valid = 0; $not_required = 0;
if (isset($_POST) && !empty($_POST))
{
// validate form field here - repeat code as neccessary for your form
fields
// ok - if we're here then the form has been submitted, lets check things
out
if (isset($_POST['pgfirstname']) && !empty($_POST['pgfirstname']))
{
// first name - allow letters only (case insensitive, 2 chars min - 25
chars max)
$pattern = "^[A-Za-z ]{2,25}$";
if (ereg($pattern,$_POST['pgfirstname']))
{
// required field - update $valid by 1
$valid++;
// logfile() is a custom function
logfile("Parent first name OK: $_POST[pgfirstname]");
}
else
{
// bad characters in field
$pgfirstname_error = ' Sorry, you have invalid characters in your
First name.';
$pgfirstname_color = 'orange';
logfile("Parent first name has invalid characters");
}
}
else
{
// field was left empty
$pgfirstname_error = ' We really need your First name (between 2 and
25 letters only)';
$pgfirstname_color = 'orange';
logfile("Parent first name not submitted");
}
// variables are assigned correct or not as the form is repopulated so
the user can correct typos
$pgfirstname = $_POST['pgfirstname'];

if (isset($_POST['address_em']) && !empty($_POST['address_em']))
{ // validate e-mail address as best we can...
//$pattern =
"^([A-Za-z0-9]+[._]?){1,}\+[A-Za-z0-9]+\@(([A-Za-z0-9]+[-]?){1,}[A-Za-z0-9]+
\.){1,}[A-Za-z]{2,6}$";
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
//$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
//$pattern .= "([aero|biz|coop|com|net]";
//$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";

// stop unwanted email hosts here - add as many as needed
$unwanted = array(0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // create regex with $value... ex: spamhole{1}
$value .= '{1}';
if (eregi($value,$_POST['address_em']))
{
logfile("WARN: email address is one of the unwanted email hosts
$_POST[address_em]");
$address_em_error = "Temporary email addresses are not permitted!";
$address_color = "orange";
}
}
if (eregi($pattern,$_POST['address_em']))
{
logfile("INFO: useremail passed email test -> $_POST[address_em]");
$valid++;
}
else
{
logfile("INFO: Invalid email (useremail) address ->
$_POST[address_em]");
$address_em_error = 'Invalid e-mail address! Please re-enter.';
$address_em_color = "orange";
}
}
else
{
logfile("INFO: email address not submitted.");
$address_em_error = " We really need your email address.";
$address_em_color = "orange";
}
$address_em = $_POST['address_em'];
}

// validate cell phone - field NOT required for valid form
if (isset($_POST['address_cph']) && !empty($_POST['address_cph']))
{
// cell phone - allow numbers only (case insensitive)
$pattern = "^[0-9\-]{7,12}$";
if (ereg($pattern,$_POST['address_cph']))
{
// if required, change this variable to $valid++
// if not required change this variable to $not_required++
$not_required++;
}
else
{
// we want valid input whether this field is required or not
$address_cph_error = ' Sorry, you have improper characters in your
Cell phone number.';
$address_cph_color = 'orange';
}
}
else
{
// if required, uncomment lines below
//$address_cph_error = ' We really need your Cell phone number
(xxx-xxx-xxxx format)';
//$address_cph_color = 'orange';
}
$address_cph = $_POST['address_cph'];

if (isset($_POST['waiveragree']) && !empty($_POST['waiveragree']) &&
$_POST['waiveragree'] == 'agree')
{
// client has agreed to the waiver
$waiveragree = 'checked';
logfile("Client has agreed to waiver");
}
else
{
$waiveragree = '';
$waiveragree_error = "You must agree to the waiver to complete the
registration process.";
$waiveragree_color = "orange";
}
// ok we've checked all the fields - count our required and not required
fields to make sure everything is cool
if ($valid == 2 && $not_required == 1 && @$_POST['waiveragree'] == 'agree')
{
// do something with user info
logfile("INFO: Form completed correctly and client agreed to waiver");
logfile("End of request");
// you can redirect here...
//header("Location: hxxp://path.to.another.page?var1=$var1&var2=$var2");
}

---

--logfile()-- place at top of script
define('LOGFILE',true); // set to false to turn off logging.
function logfile($txt)
{ // daily logging function - creates/appends a logfile by date
if (LOGFILE)
{
$txt = date("G:i:s - ").$txt.chr(13);
$lf = 'drive:\\path\to\your\logfile_name_'.date('D M j -
Y').'.logfile';
$fp = fopen($lf,'a');
fwrite($fp,$txt,1024);
fclose($fp);
} // assign the extension .logfile to WORDPAD or some other text reader
that will format it correcly - just a quick and dirty function
}

....some good examples of logfile usage are:

logfile('MySQL: '.mysql_errno($dbc).' - '.mysql_error($dbc));
logfile("INFO: some info here from a $variable");
logfile("$script_name: info here");
etc.

Norm
Jun 25 '06 #6
"Norman Peelman" <np******@cfl.rr.com> wrote in message
news:HF******************@tornado.tampabay.rr.com. ..
"planotravel.net" <pl*********@gmail.com> wrote in message
news:11**********************@r2g2000cwb.googlegro ups.com...
h7qvnk7q001 wrote:
I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.


My solution for the recently started project was the following:

Create three .php files

1.php - (to initialize form variables) with a call to an A(2) function
in 2.php with default parameters (0 for error variable, and an array of
form elements)
- 1.php is called when the user enters the form page

2.php - (to print out and control the form) with the A(2) function that
takes those two arguments
- echo "<form action=3.php method=post>";
- for each required field use:
if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
1,2,4,8,16,32 and so on.
else { echo "..."; }
- for all fields use interpolated array[x] value to , e.g., echo
"<input type=text value=\"{$array["value"]}\">; - to return any
previously entered data after page reload

3.php - with a B() form validation function (checker) that is first
called in 3.php
- create, initialize and fill out the $array of form variables with
user input
- $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
if an error is found
- if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
- in 1.php and 3.php first do
include '2.php';
PS Go to http://www.planotravel.net, request a quote (yellow image),
randomly fill out the form with errors, submit and see how it works.

Good luck and Regards,

planotravel.net

What people are trying to say is that all three scripts can be combined
into one. First an explanation. This snippet is incomplete in the sense that
I am doing alot more behind the scenes. I am:

1) using a template class to pre-populate the form fields and display the
form which helps in providing clues to the user when fields are wrong
2) requesting that the users click a check box that indicated they have read
and agree to a waiver
3) when the form is completed successfully I write the data to a database
and place the user in an 'unregistered' state
4) sending the user an email with a payment link should they not complete
the payment process immediately
5) updating the user to 'registered' upon completing the payment process.

note-- the payment process (5) is a separate script (paypal)

logfile('Start of request');
$valid = 0; $not_required = 0;
if (isset($_POST) && !empty($_POST))
{
// validate form field here - repeat code as neccessary for your form
fields
// ok - if we're here then the form has been submitted, lets check things
out
if (isset($_POST['pgfirstname']) && !empty($_POST['pgfirstname']))
{
// first name - allow letters only (case insensitive, 2 chars min - 25
chars max)
$pattern = "^[A-Za-z ]{2,25}$";
if (ereg($pattern,$_POST['pgfirstname']))
{
// required field - update $valid by 1
$valid++;
// logfile() is a custom function
logfile("Parent first name OK: $_POST[pgfirstname]");
}
else
{
// bad characters in field
$pgfirstname_error = ' Sorry, you have invalid characters in your
First name.';
$pgfirstname_color = 'orange';
logfile("Parent first name has invalid characters");
}
}
else
{
// field was left empty
$pgfirstname_error = ' We really need your First name (between 2 and
25 letters only)';
$pgfirstname_color = 'orange';
logfile("Parent first name not submitted");
}
// variables are assigned correct or not as the form is repopulated so
the user can correct typos
$pgfirstname = $_POST['pgfirstname'];

if (isset($_POST['address_em']) && !empty($_POST['address_em']))
{ // validate e-mail address as best we can...
//$pattern =
"^([A-Za-z0-9]+[._]?){1,}\+[A-Za-z0-9]+\@(([A-Za-z0-9]+[-]?){1,}[A-Za-z0-9]+
\.){1,}[A-Za-z]{2,6}$";
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
//$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
//$pattern .= "([aero|biz|coop|com|net]";
//$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";

// stop unwanted email hosts here - add as many as needed
$unwanted = array(0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // create regex with $value... ex: spamhole{1}
$value .= '{1}';
if (eregi($value,$_POST['address_em']))
{
logfile("WARN: email address is one of the unwanted email hosts
$_POST[address_em]");
$address_em_error = "Temporary email addresses are not permitted!";
$address_color = "orange";
}
}
if (eregi($pattern,$_POST['address_em']))
{
logfile("INFO: useremail passed email test -> $_POST[address_em]");
$valid++;
}
else
{
logfile("INFO: Invalid email (useremail) address ->
$_POST[address_em]");
$address_em_error = 'Invalid e-mail address! Please re-enter.';
$address_em_color = "orange";
}
}
else
{
logfile("INFO: email address not submitted.");
$address_em_error = " We really need your email address.";
$address_em_color = "orange";
}
$address_em = $_POST['address_em'];
}

// validate cell phone - field NOT required for valid form
if (isset($_POST['address_cph']) && !empty($_POST['address_cph']))
{
// cell phone - allow numbers only (case insensitive)
$pattern = "^[0-9\-]{7,12}$";
if (ereg($pattern,$_POST['address_cph']))
{
// if required, change this variable to $valid++
// if not required change this variable to $not_required++
$not_required++;
}
else
{
// we want valid input whether this field is required or not
$address_cph_error = ' Sorry, you have improper characters in your
Cell phone number.';
$address_cph_color = 'orange';
}
}
else
{
// if required, uncomment lines below
//$address_cph_error = ' We really need your Cell phone number
(xxx-xxx-xxxx format)';
//$address_cph_color = 'orange';
$not_required++;
}
$address_cph = $_POST['address_cph'];

if (isset($_POST['waiveragree']) && !empty($_POST['waiveragree']) &&
$_POST['waiveragree'] == 'agree')
{
// client has agreed to the waiver
$waiveragree = 'checked';
logfile("Client has agreed to waiver");
}
else
{
$waiveragree = '';
$waiveragree_error = "You must agree to the waiver to complete the
registration process.";
$waiveragree_color = "orange";
}
// ok we've checked all the fields - count our required and not required
fields to make sure everything is cool
if ($valid == 2 && $not_required == 1 && @$_POST['waiveragree'] == 'agree')
{
// do something with user info
logfile("INFO: Form completed correctly and client agreed to waiver");
logfile("End of request");
// you can redirect here...
//header("Location: hxxp://path.to.another.page?var1=$var1&var2=$var2");
}

---

--logfile()-- place at top of script
define('LOGFILE',true); // set to false to turn off logging.
function logfile($txt)
{ // daily logging function - creates/appends a logfile by date
if (LOGFILE)
{
$txt = date("G:i:s - ").$txt.chr(13);
$lf = 'drive:\\path\to\your\logfile_name_'.date('D M j -
Y').'.logfile';
$fp = fopen($lf,'a');
fwrite($fp,$txt,1024);
fclose($fp);
} // assign the extension .logfile to WORDPAD or some other text reader
that will format it correcly - just a quick and dirty function
}

....some good examples of logfile usage are:

logfile('MySQL: '.mysql_errno($dbc).' - '.mysql_error($dbc));
logfile("INFO: some info here from a $variable");
logfile("$script_name: info here");
etc.

The *_color variables are used by the CSS/STYLE to colorize the form fields
on error, the *_error variables are self explanatory. And as you can see you
can customize the errors to reflect the true problems.
Norm

Jun 25 '06 #7
edit near bottom...

--
FREE Avatar hosting at www.easyavatar.com
"Norman Peelman" <np******@cfl.rr.com> wrote in message
news:ad*******************@tornado.tampabay.rr.com ...
"Norman Peelman" <np******@cfl.rr.com> wrote in message
news:HF******************@tornado.tampabay.rr.com. ..
"planotravel.net" <pl*********@gmail.com> wrote in message
news:11**********************@r2g2000cwb.googlegro ups.com...
h7qvnk7q001 wrote:
> I'm trying to implement a simple server-side form validation (No
> Javascript). If the user submits a form with errors, I want to
> redisplay the same form with the errors highlighted. Once the form is > correct I need to submit to another page that uses the form data.

My solution for the recently started project was the following:

Create three .php files

1.php - (to initialize form variables) with a call to an A(2) function
in 2.php with default parameters (0 for error variable, and an array of form elements)
- 1.php is called when the user enters the form page

2.php - (to print out and control the form) with the A(2) function that takes those two arguments
- echo "<form action=3.php method=post>";
- for each required field use:
if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
1,2,4,8,16,32 and so on.
else { echo "..."; }
- for all fields use interpolated array[x] value to , e.g., echo
"<input type=text value=\"{$array["value"]}\">; - to return any
previously entered data after page reload

3.php - with a B() form validation function (checker) that is first
called in 3.php
- create, initialize and fill out the $array of form variables with
user input
- $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
if an error is found
- if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
- in 1.php and 3.php first do
include '2.php';
PS Go to http://www.planotravel.net, request a quote (yellow image),
randomly fill out the form with errors, submit and see how it works.

Good luck and Regards,

planotravel.net

What people are trying to say is that all three scripts can be combined
into one. First an explanation. This snippet is incomplete in the sense that
I am doing alot more behind the scenes. I am:

1) using a template class to pre-populate the form fields and display the
form which helps in providing clues to the user when fields are wrong
2) requesting that the users click a check box that indicated they have read
and agree to a waiver
3) when the form is completed successfully I write the data to a database
and place the user in an 'unregistered' state
4) sending the user an email with a payment link should they not complete
the payment process immediately
5) updating the user to 'registered' upon completing the payment process.

note-- the payment process (5) is a separate script (paypal)

logfile('Start of request');
$valid = 0; $not_required = 0;
if (isset($_POST) && !empty($_POST))
{
// validate form field here - repeat code as neccessary for your form
fields
// ok - if we're here then the form has been submitted, lets check things
out
if (isset($_POST['pgfirstname']) && !empty($_POST['pgfirstname']))
{
// first name - allow letters only (case insensitive, 2 chars min - 25
chars max)
$pattern = "^[A-Za-z ]{2,25}$";
if (ereg($pattern,$_POST['pgfirstname']))
{
// required field - update $valid by 1
$valid++;
// logfile() is a custom function
logfile("Parent first name OK: $_POST[pgfirstname]");
}
else
{
// bad characters in field
$pgfirstname_error = ' Sorry, you have invalid characters in your
First name.';
$pgfirstname_color = 'orange';
logfile("Parent first name has invalid characters");
}
}
else
{
// field was left empty
$pgfirstname_error = ' We really need your First name (between 2 and
25 letters only)';
$pgfirstname_color = 'orange';
logfile("Parent first name not submitted");
}
// variables are assigned correct or not as the form is repopulated so
the user can correct typos
$pgfirstname = $_POST['pgfirstname'];

if (isset($_POST['address_em']) && !empty($_POST['address_em']))
{ // validate e-mail address as best we can...
//$pattern =
"^([A-Za-z0-9]+[._]?){1,}\+[A-Za-z0-9]+\@(([A-Za-z0-9]+[-]?){1,}[A-Za-z0-9]+
\.){1,}[A-Za-z]{2,6}$";
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
//$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
//$pattern .= "([aero|biz|coop|com|net]";
//$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";

// stop unwanted email hosts here - add as many as needed
$unwanted = array(0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // create regex with $value... ex: spamhole{1}
$value .= '{1}';
if (eregi($value,$_POST['address_em']))
{
logfile("WARN: email address is one of the unwanted email hosts
$_POST[address_em]");
$address_em_error = "Temporary email addresses are not permitted!";
$address_color = "orange";
}
}
if (eregi($pattern,$_POST['address_em']))
{
logfile("INFO: useremail passed email test -> $_POST[address_em]");
$valid++;
}
else
{
logfile("INFO: Invalid email (useremail) address ->
$_POST[address_em]");
$address_em_error = 'Invalid e-mail address! Please re-enter.';
$address_em_color = "orange";
}
}
else
{
logfile("INFO: email address not submitted.");
$address_em_error = " We really need your email address.";
$address_em_color = "orange";
}
$address_em = $_POST['address_em'];
}

// validate cell phone - field NOT required for valid form
if (isset($_POST['address_cph']) && !empty($_POST['address_cph']))
{
// cell phone - allow numbers only (case insensitive)
$pattern = "^[0-9\-]{7,12}$";
if (ereg($pattern,$_POST['address_cph']))
{
// if required, change this variable to $valid++
// if not required change this variable to $not_required++
$not_required++;
}
else
{
// we want valid input whether this field is required or not
$address_cph_error = ' Sorry, you have improper characters in your
Cell phone number.';
$address_cph_color = 'orange';
}
}
else
{
// if required, uncomment lines below
//$address_cph_error = ' We really need your Cell phone number
(xxx-xxx-xxxx format)';
//$address_cph_color = 'orange';
$not_required++;
}
$address_cph = $_POST['address_cph'];

if (isset($_POST['waiveragree']) && !empty($_POST['waiveragree']) &&
$_POST['waiveragree'] == 'agree')
{
// client has agreed to the waiver
$waiveragree = 'checked';
logfile("Client has agreed to waiver");
}
else
{
$waiveragree = '';
$waiveragree_error = "You must agree to the waiver to complete the
registration process.";
$waiveragree_color = "orange";
}
// ok we've checked all the fields - count our required and not required
fields to make sure everything is cool
if ($valid == 2 && $not_required == 1 && @$_POST['waiveragree'] == 'agree')
{
// do something with user info
logfile("INFO: Form completed correctly and client agreed to waiver");
logfile("End of request");
// you can redirect here...
//header("Location: hxxp://path.to.another.page?var1=$var1&var2=$var2");
}
}
else
{
display the form
}

---

--logfile()-- place at top of script
define('LOGFILE',true); // set to false to turn off logging.
function logfile($txt)
{ // daily logging function - creates/appends a logfile by date
if (LOGFILE)
{
$txt = date("G:i:s - ").$txt.chr(13);
$lf = 'drive:\\path\to\your\logfile_name_'.date('D M j -
Y').'.logfile';
$fp = fopen($lf,'a');
fwrite($fp,$txt,1024);
fclose($fp);
} // assign the extension .logfile to WORDPAD or some other text reader
that will format it correcly - just a quick and dirty function
}

....some good examples of logfile usage are:

logfile('MySQL: '.mysql_errno($dbc).' - '.mysql_error($dbc));
logfile("INFO: some info here from a $variable");
logfile("$script_name: info here");
etc.

The *_color variables are used by the CSS/STYLE to colorize the form fields
on error, the *_error variables are self explanatory. And as you can see you
can customize the errors to reflect the true problems.
Norm


Jun 25 '06 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
server side validation
by: Hernán Castelo | last post by:
should i to validate all the "Request"s calls like Request.FORM("...") and Request.Cookies("...") ???? if it is so, i have to see inside every "Input" elements like "Text" and even "Hidden"...
ASP / Active Server Pages
136
Javascript Best Practices Document v1.0
by: Matt Kruse | last post by:
http://www.JavascriptToolbox.com/bestpractices/ I started writing this up as a guide for some people who were looking for general tips on how to do things the 'right way' with Javascript. Their...
Javascript
4
validation controls not working on production server
by: earwicker | last post by:
I recently deployed a web application which contains a user registration form with the usual fields: name, address, email, password, etc. Each of the TextBoxes uses a validation control to verify...
ASP.NET
14
ASP.NET Web Forms Validation Controls are Server-Side or Client-Side Validation?
by: Matt | last post by:
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can select either 1) JavaScript based error dialog or 2)...
ASP.NET
4
need to have onsubmit event fire after server-side validation.
by: usl2222 | last post by:
Hi folks, I appreciate any assistance in the following problem: I have a form with a bunch of dynamic controls on it. All the controls are dynamically generated on a server, including all...
ASP.NET
1
Using both server side validation and client side validation
by: vidya | last post by:
Hi, I have a button which is a web control. I have some validation in javascript for the button in .aspx file and some in the button onclick event in code behind(C#). I need to get through both...
ASP.NET
9
Best form validation tutorial?
by: julie.siebel | last post by:
Hello all! As embarrassing as it is to admit this, I've been designing db driven websites using javascript and vbscript for about 6-7 years now, and I am *horrible* at form validation. To be...
Javascript
1
Ajax Server Validation Question
by: John Chan | last post by:
Hi, Im doing a maintenance application in ajax and coldfusion at work on IE6 exclusively. I have a save button on each form and i have to do various validations server side and on client side...
Javascript
8
Thoughts on the best way of highlighting form input errors?
by: Phil Latio | last post by:
I've been creating an application over the last few weeks and generally pleased with what I have produced but one area is irritating me, form validation. At the moment the forms are simply...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!