"Norman Peelman" <np******@cfl.rr.com> wrote in message
news:HF******************@tornado.tampabay.rr.com. ..
"planotravel.net" <pl*********@gmail.com> wrote in message
news:11**********************@r2g2000cwb.googlegro ups.com... h7qvnk7q001 wrote: I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form is
correct I need to submit to another page that uses the form data.
My solution for the recently started project was the following:
Create three .php files
1.php - (to initialize form variables) with a call to an A(2) function
in 2.php with default parameters (0 for error variable, and an array of
form elements)
- 1.php is called when the user enters the form page
2.php - (to print out and control the form) with the A(2) function that
takes those two arguments
- echo "<form action=3.php method=post>";
- for each required field use:
if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
1,2,4,8,16,32 and so on.
else { echo "..."; }
- for all fields use interpolated array[x] value to , e.g., echo
"<input type=text value=\"{$array["value"]}\">; - to return any
previously entered data after page reload
3.php - with a B() form validation function (checker) that is first
called in 3.php
- create, initialize and fill out the $array of form variables with
user input
- $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
if an error is found
- if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
- in 1.php and 3.php first do
include '2.php';
PS Go to http://www.planotravel.net, request a quote (yellow image),
randomly fill out the form with errors, submit and see how it works.
Good luck and Regards,
planotravel.net
What people are trying to say is that all three scripts can be combined
into one. First an explanation. This snippet is incomplete in the sense that
I am doing alot more behind the scenes. I am:
1) using a template class to pre-populate the form fields and display the
form which helps in providing clues to the user when fields are wrong
2) requesting that the users click a check box that indicated they have read
and agree to a waiver
3) when the form is completed successfully I write the data to a database
and place the user in an 'unregistered' state
4) sending the user an email with a payment link should they not complete
the payment process immediately
5) updating the user to 'registered' upon completing the payment process.
note-- the payment process (5) is a separate script (paypal)
logfile('Start of request');
$valid = 0; $not_required = 0;
if (isset($_POST) && !empty($_POST))
{
// validate form field here - repeat code as neccessary for your form
fields
// ok - if we're here then the form has been submitted, lets check things
out
if (isset($_POST['pgfirstname']) && !empty($_POST['pgfirstname']))
{
// first name - allow letters only (case insensitive, 2 chars min - 25
chars max)
$pattern = "^[A-Za-z ]{2,25}$";
if (ereg($pattern,$_POST['pgfirstname']))
{
// required field - update $valid by 1
$valid++;
// logfile() is a custom function
logfile("Parent first name OK: $_POST[pgfirstname]");
}
else
{
// bad characters in field
$pgfirstname_error = ' Sorry, you have invalid characters in your
First name.';
$pgfirstname_color = 'orange';
logfile("Parent first name has invalid characters");
}
}
else
{
// field was left empty
$pgfirstname_error = ' We really need your First name (between 2 and
25 letters only)';
$pgfirstname_color = 'orange';
logfile("Parent first name not submitted");
}
// variables are assigned correct or not as the form is repopulated so
the user can correct typos
$pgfirstname = $_POST['pgfirstname'];
if (isset($_POST['address_em']) && !empty($_POST['address_em']))
{ // validate e-mail address as best we can...
//$pattern =
"^([A-Za-z0-9]+[._]?){1,}\+[A-Za-z0-9]+\@(([A-Za-z0-9]+[-]?){1,}[A-Za-z0-9]+
\.){1,}[A-Za-z]{2,6}$";
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
//$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
//$pattern .= "([aero|biz|coop|com|net]";
//$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";
// stop unwanted email hosts here - add as many as needed
$unwanted = array(0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // create regex with $value... ex: spamhole{1}
$value .= '{1}';
if (eregi($value,$_POST['address_em']))
{
logfile("WARN: email address is one of the unwanted email hosts
$_POST[address_em]");
$address_em_error = "Temporary email addresses are not permitted!";
$address_color = "orange";
}
}
if (eregi($pattern,$_POST['address_em']))
{
logfile("INFO: useremail passed email test -> $_POST[address_em]");
$valid++;
}
else
{
logfile("INFO: Invalid email (useremail) address ->
$_POST[address_em]");
$address_em_error = 'Invalid e-mail address! Please re-enter.';
$address_em_color = "orange";
}
}
else
{
logfile("INFO: email address not submitted.");
$address_em_error = " We really need your email address.";
$address_em_color = "orange";
}
$address_em = $_POST['address_em'];
}
// validate cell phone - field NOT required for valid form
if (isset($_POST['address_cph']) && !empty($_POST['address_cph']))
{
// cell phone - allow numbers only (case insensitive)
$pattern = "^[0-9\-]{7,12}$";
if (ereg($pattern,$_POST['address_cph']))
{
// if required, change this variable to $valid++
// if not required change this variable to $not_required++
$not_required++;
}
else
{
// we want valid input whether this field is required or not
$address_cph_error = ' Sorry, you have improper characters in your
Cell phone number.';
$address_cph_color = 'orange';
}
}
else
{
// if required, uncomment lines below
//$address_cph_error = ' We really need your Cell phone number
(xxx-xxx-xxxx format)';
//$address_cph_color = 'orange';
$not_required++;
}
$address_cph = $_POST['address_cph'];
if (isset($_POST['waiveragree']) && !empty($_POST['waiveragree']) &&
$_POST['waiveragree'] == 'agree')
{
// client has agreed to the waiver
$waiveragree = 'checked';
logfile("Client has agreed to waiver");
}
else
{
$waiveragree = '';
$waiveragree_error = "You must agree to the waiver to complete the
registration process.";
$waiveragree_color = "orange";
}
// ok we've checked all the fields - count our required and not required
fields to make sure everything is cool
if ($valid == 2 && $not_required == 1 && @$_POST['waiveragree'] == 'agree')
{
// do something with user info
logfile("INFO: Form completed correctly and client agreed to waiver");
logfile("End of request");
// you can redirect here...
//header("Location: hxxp://path.to.another.page?var1=$var1&var2=$var2");
}
---
--logfile()-- place at top of script
define('LOGFILE',true); // set to false to turn off logging.
function logfile($txt)
{ // daily logging function - creates/appends a logfile by date
if (LOGFILE)
{
$txt = date("G:i:s - ").$txt.chr(13);
$lf = 'drive:\\path\to\your\logfile_name_'.date('D M j -
Y').'.logfile';
$fp = fopen($lf,'a');
fwrite($fp,$txt,1024);
fclose($fp);
} // assign the extension .logfile to WORDPAD or some other text reader
that will format it correcly - just a quick and dirty function
}
....some good examples of logfile usage are:
logfile('MySQL: '.mysql_errno($dbc).' - '.mysql_error($dbc));
logfile("INFO: some info here from a $variable");
logfile("$script_name: info here");
etc.
The *_color variables are used by the CSS/STYLE to colorize the form fields
on error, the *_error variables are self explanatory. And as you can see you
can customize the errors to reflect the true problems.
Norm