Todding01,
Thanks but I was referring to server-side php. However I have found a solution to my problem, which I post in case it can help anyone else.
I post this solution to a form validation and redirect, as an addition to a comment page written with dreamweaver. Unfortunately Dreamweaver does not provide server-side validation for php. You're expected to purchase an extension.
My problem
I have a comments page with a comment form. I wanted the comment input to a database if ok but if a user tried to input code or a link, I wanted to redirect them back to the form page without their comment input to the database. I also needed to work out where in the Dreamweaver written code to place my validation and redirect.
The code below shows the part of the page which dreamweaver writes to input form data into the database, with the associated validation.
It works.
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "comments"))
{
$comment = htmlentities($_POST['comment']);
function check_field1($comment)
{
if (preg_match("/</", $comment))
{
return TRUE;
}
}
$error=0;
if(check_field1($comment))
{
$error++;
$insertGoTo = "comments.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo)); // $error=$error+1;
}
if($error == 0)
$insertSQL = sprintf("INSERT INTO comments (comment, `day`, `month`, `year`) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['comment'], "text"),
GetSQLValueString($_POST['day'], "int"),
GetSQLValueString($_POST['month'], "text"),
GetSQLValueString($_POST['year'], "int"));
mysql_select_db($database_connection, $connection);
$Result1 = mysql_query($insertSQL, $connection) or die(mysql_error());
$insertGoTo = "comments.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}