rv20 Posted May 30, 2009 Share Posted May 30, 2009 So if you post a form you can do it the regular way or can use AJAX, i would rather to it the regular way but this results in having to refresh(or redirect depending on how you call it) the page twice, twice because you firstly have to actually post the form, (btw i have php and html on the same page) so posting the form, <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" > Then if there are validation errors like blank fields, invalid email etc..you have to refresh again to clear the $_POST[] variables so something like, if ($_POST['user'] == ""){ <?php echo htmlentities($_SERVER['PHP_SELF']); ?> } Ok this above exmaple might result in a permanemt loop but with a few tweaks .......... i think PHP_SELF clears the $_POST vars otherwise if you reload the page the $_POST vars are reposted which can result in a variety of problems. Big deal you might say, reposting twice, but, the more you get involved in your own project the more you want it to be as user friendly as possible. I just sense that AJAX is OTT though. Quote Link to comment Share on other sites More sharing options...
elis Posted May 30, 2009 Share Posted May 30, 2009 If your code is resulting in everything you've described, then you haven't written the code correctly. If you post your entire code, I could be of more assistance. Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 30, 2009 Share Posted May 30, 2009 ??? .... You make no sense. Quote Link to comment Share on other sites More sharing options...
rv20 Posted May 30, 2009 Author Share Posted May 30, 2009 Ok here is some cut down code, it works ok the only three things are, 1) How can hide the ?login=invalidusername in the url 2) Is this secure 3) If the user doesn't enter a password and gets the ?login=invalidusername url and then refreshes the page how do i remove the ?login=invalidusername and go back to the http://login.php How else would you suggest returning the reponse form the php script if not appending the ?login=invalidusername <?php if (($_SERVER['REQUEST_METHOD'] == "POST") && (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) == "127.0.0.1")) { $username = $_POST['user']; if ($username == "") { $url_self = htmlentities($_SERVER['PHP_SELF']) . "?login=invalidusername"; header("location: $url_self"); } } ?> <html> <head> </head> <body> <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" > <input type="text" name="user"/> <input type="submit"> <input type="button" value="button"> </form> <div id="val_errors" style="width:200px;height:200px;border:solid;"> <?php if ($_GET['login'] == "invalidusername") { echo "Please enter a username"; } ?> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 30, 2009 Share Posted May 30, 2009 1. Don't put it in the URL. 2. I guess. There isn't much. 3. Again, don't put that in the URL. But it shouldn't matter because your form would forward to the right place. :-\ Quote Link to comment Share on other sites More sharing options...
elis Posted May 30, 2009 Share Posted May 30, 2009 Try <?php if(isset($_POST['submit'])) { $username = $_POST['user']; if(!$username || $username == "") { echo 'invalid username'; } else { //whatever else your script does } } else {?> <html> <head> </head> <body> <form action="" method="post" > <input type="text" name="user"/> <input type="submit" name="submit" id="submit"> <input type="button" value="button"> </form> <?php } ?> Don't forget to sanitize your posts. As of now, no, it's not secure. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.