Form validation

[karimali831]

I don't want my form to allow certain characters such as quotes. Simple way of doing this?

[karimali831]

someone please?

[alpine]

You can start with this

<?php

function Check($data){
  // this example allowing: A to Z a to z 0 to 9 . , space(s) - @ _
  if(preg_match("/^[-A-Za-z0-9.,\s@_]+$/", $data))
  return true;
  else
  return false;
}

if(!Check($_POST['text'])){
echo "Illegal input found";
}

?>

[Alias]

I would use Javascript to do this as you don't have to refresh the page to validate the form. Of course keep the PHP validation as well however if you do it with Javascript then as soon as the user enters an illegal character you can display a cross or alert or something else. And when the user enters input that passes validation then display a tick etc.

[nilansanjaya]

better if u can use javascript... since its bit stylish and thats a old way...

if not use alpine's way

[alpine]

I would never rely on javascript alone as this is easily manipulated if someone want to do so, you should always validate with php.  AJAX is my preferred method if validating along the form since i can ask the same php functions both times.

[karimali831]

Well with the php validation, it outputs the error and when you hit back, you must re-enter all fields again. I've seen in a few forms where you type in field and when you go to the next field, it outputs the error with a red outline straight away. Is this AJAX? anyone know a  website where I can see this?

[alpine]

It is no problem to show the form again after it is submitted if an error exists, post form to the same file as you have the form and fill the form with the posted variables.

 

Example:

<?php

$complete = false;
$empty_arr = array();

foreach($_POST as $fieldname => $fieldvalue)
{
  if(empty($fieldvalue))
  {
    $empty_arr[] = $fieldname." was left empty";
  }
  ${$fieldname} = $_POST[$fieldname];
}

if(!empty($empty_arr))
{
  echo "<ul><li>";
  echo implode($empty_arr, '</li><li>');
  echo "</li><ul>";
}
else
{
  // no empty fields, prosess posted values already defined as $fielnames
  $complete = true;
}

if($complete == false)
{
echo <<<_HTML

<form method="post" action="{$_SERVER['PHP_SELF']}">
<p>Name:<br /><input type="text" name="name" value="$name" /></p>
<p>Email:<br /><input type="text" name="email" value="$email" /></p>
<p><input type="submit" name="submit" value="Send" /></p>
</form>

_HTML;
}

?>

 

When you mention instant red border on error fields that is mainly pure javascript validation, one example is http://www.formassembly.com/wForms/

[karimali831]

ah thanks

[fantomel]

I would use Javascript to do this as you don't have to refresh the page to validate the form. Of course keep the PHP validation as well however if you do it with Javascript then as soon as the user enters an illegal character you can display a cross or alert or something else. And when the user enters input that passes validation then display a tick etc.

 

What if user disables javascript? it looks good to show the user an error after he input  the data in form but if he disables he will be allowed to run any code he wants i've seen you told him to keep the php validation but i`m not sure he understood why ..(i remember when i was at the beginning i wanted to show the user the error but at the end i chosen the php validation and after that the validation using javascript) never really on javascript for such things always do a server side validation on everything that comes from other sources than you. you mustn't trust data from user.