Basic Form Validation Structure

[Doctor Sup]

G'day All,

 

Firstly i appologise if this a simple question but I am new to PHP (litterally 2 days), I just have a basic structure question.

 

I have implemented a php script to solve a problem (irrelevant) and have made a form to enter the required data and written validation code and then processing code to produce the results. Currently my validation and processing code is in a seperate file 'process.php' which at this point just echos the results, the form is in 'form.php' and posts the data to 'process.php'. What I want to do is direct the user to a results page after processing (maybe this will be the page with the processing code? dont know if i can post results to another page) and back to form.php if it fails validation with the correct entries still entered and an appropraite error message. I have searched extensively and cant seem to find a standard or really even any relavant way of doing this. All I am considering is combing it all into one file and having a 'display form' function and a 'display results' function but this doesnt seem like very good or modulated coding.

 

Any help would be grealy appreciated.

[.josh]

make user of the header() function. 

 

Example:

 

process.php

 

// code that validates etc...

// if everything is shiny...
if ($valid) {
  // redirect to results page
  header('Location: results.php'); exit();
// otherwise...
} else {
  // redirect user back to form
  header('Location: form.php'); exit();
}

[Doctor Sup]

Thanks Crayon Violent for the prompt reply,

 

I have read alittle on the header function but forgive me if i misunderstood its usage but wouldnt that mean that the user would then have to re-enter the entire form in form.php and any information entered would be lost in the redirection to results.php?

[.josh]

why yes, yes it would.  What you can do is

 

a) combine the form page with the processing script, and use the posted values as default values in your form, so if the validation fails, it outputs the form with the values the user posted.

 

b) use session variables to have the data persist from page to page, so that if the user is kicked back to form page, you can auto-pop the form values with session variables made from their posted vars

[Doctor Sup]

Understood, thanks Crayon Violent, was hoping it could be achieved without using Sessions but oh well. Thank you for your help.

[.josh]

well that's just the way it is with the internets.  It's a stateless protocol.  Sessions are needed to keep track of things.  I mean there are alternatives, involving cookies and/or using temporary db tables or flatfiles and/or passing stuff in query strings, etc.. but they aren't really efficient and/or necessary.  Example: you could alternatively pass the info  as part of the query string of the target page in the header() call but...that's not very efficient for popping form info...  anyways, what's wrong with using session variables? It's pretty easy and straight forward...quick example:

 

form.php

<?php
session_start(); // goes at the top of every script that utilizes session vars, must be before any output!

// echo out message if there was a problem
if ($_SESSION['error_message']) echo $_SESSION['error_message'] . "<br/>";

// make default value for form element(s).  Session value if exists, or blank
$name = ($_SESSION['name']) ? $_SESSION['name'] : ''; 
?>

<form name='someForm' action='process.php' method='post'>
  Name: <input type='text' name='name' value='<?php echo $name; ?>' /><br/>
  <input type='submit' value='submit' />
</form>

 

process.php

<?php
session_start(); // goes at the top of every script that utilizes session vars, must be before any output!
$_SESSION = $_POST; // assign posted variables (if any) to session array

if ($_POST['name']) {
  header('Location: complete.php'); exit();
} else {
  $_SESSION['error_message'] = 'please fill out the form!';
  header('Location: form.php'); exit();
}

 

complete.php

<?php
session_start();
$name = $_SESSION['name'];

echo "hello $name";
?>

[Doctor Sup]

Wow thanks, thats much easier than what I was thinking. Cheers again for the help.

[Doctor Sup]

Worked a treat except the equivalent of this line

$name = ($_SESSION['name']) ? $_SESSION['name'] : ''; 

Which gives an Undefined index error, which I fixed by doing this

$name = (@$_SESSION['name']) ? $_SESSION['name'] : ''; 

(i used the isset function for the error_message variable)

 

I dont believe this is good coding practice but is this the best way around such errors in this case (defining variables)?

 

Thanks in advance.

[.josh]

For this example/error you posted, it is a "Notice", which 99.99% of the time means that you did something in your code that isn't "right", but it doesn't really break anything.  Sort of the equivalent of getting scolded for cussing. 

 

The error means that you are attempting to use (in this case, in a condition) an array element that doesn't exist.  Since php evaluates that as false, it doesn't break anything, because conditions are supposed to evaluate to true or false. Defining the variable first would make this notice go away, yes.  But since the specific purpose here is to do something based on whether or not it exists, if we define it, we ruin the condition.

 

Adding @ in front of the operation will suppress errors generated.  You are right, this is not good coding practice.  The "best practice" way to do it would be to make use of isset(), which you said you already made use for the error_message variable, and you should also make use of it here.