Jump to content

transfer of form data


phppup

Recommended Posts

I may just be having a mental block from reading the same reproduced examples online, but...

As a concept: A form has several fields that are validated with PHP.  They cannot be analyzed until the form is submitted, right? [assuming basic coding]

So here's where my problem is:

<form action="validation.php" method="post">

will continually bring a user to the validation.php page.  If there is ONLY acceptable data, they can then be redirected to another page [mynextpage.htm], right?

And if there is bad data, they will get a group of error messages and need to go back to the form.

But I don't want a user to advance until all fields are acceptable, so I tried

<form action= <? echo $validate; ?> method="post">

And then added a condition

if($errors == 0) { 
  $validate = "validation.php";
}

It seems to work EXCEPT that the submit button needs to be clicked twice.

My assumption is that the first click fills-in the variable, and the second click initiates the action.

How can I make this work with one click, or better resolve this issue?

 

 

Edited by phppup
Link to comment
Share on other sites

Do the validation with JavaScript and if OK then submit the form. Keep in mind that PHP is stateless and server side only. Once PHP outputs the page, it forgets everything and the next submit is new as far as PHP is concerned. You should re-validate with PHP in case hackers are trying to penetrate your server, in which case simply output an error page. It is more user friendly to validate with JavaScript so the user does not have to wait on the server.

Link to comment
Share on other sites

Why not continue the way that you first started telling us.  Let your form be directed to the validate.php script where you grab all of the values from the form and validate them.  If you then have errors, you re-send the form with all of the user's inputs again and let them correct them.  No JS needed.

When your validate script finds no fault, you can proceed with whatever is next.

Link to comment
Share on other sites

I've generally stayed away from that methodology (not exactly sure of why) and used SELF-evaluating pages that retain the field data.

///I wonder if I can redirect my page to itself to recover from the "second click" issue that I'm having, although that might create new issues and more scripting (especially if I want the page to appear "user friendly")

////NOPE, that did not work very well

Edited by phppup
Link to comment
Share on other sites

My page DOES 'self-evaluate', it I get what your definition of that is.  What don't you see in my description?  

What second click?  I have no second click in mind.   User gets screen.  User enters data.  User clicks on type='submit'.  The validate form checks everything out and sends out the same form and waits for the next attempt.

BTW - my validate script is the original script that sent the form out the first time.  With no data.  So when it reads back the form with the data it is very easy to re-send it by making sure your input tags have a value clause using a php var that gets set when the validating logic pulls in the POST data and assigns each input to those php vars.  Problem solved.

Link to comment
Share on other sites

This is how I do pretty much all of my input forms. Sometimes I have a JS function that edits one value to suppress the post but mostly my click takes me back to the originating script, validates and either rejects the input or proceeds to the next phase of the app.

Link to comment
Share on other sites

When there is an error I just send the screen back with all of the user's input still there.  He corrects and re-submits.

As for a successful entry, the rest of the process could go somewhere else or could be processed right there and output.  For simple things I create a div that I only display when the results are made available.  The screen still shows the input form (div) and then the results (div) when present.  The user can change the input and click on the Process button to see some new results.  Or hit a Return button to exit gracefully to the caller.   For more complex apps calling a new page is certainly the way to go.  Just save all the user's input into a SESSION array that the next script can look for.

Link to comment
Share on other sites

3 hours ago, phppup said:

And if there is bad data, they will get a group of error messages and need to go back to the form.

the form processing code and the form should be on the same page, so, there's no 'going back' to the form, because if you need to redisplay it upon validation errors, you are already on the page where the form is. to cause the form to submit to the same page it is on, simply leave the entire action="..." attribute out of the form tag.

the form processing code should -

  1. detect if a post method form was submitted.
  2. keep the form data as an array variable, then operate on elements in this array variable throughout the rest of the code.
  3. trim all the input data at once. by keeping the data in an array variable, you can do this with one single line of code.
  4. validate all the inputs, storing validation errors in an array, using the field name as the array index.
  5. after the end of all the validation code, if the array holding the errors is empty, use the submitted form data.
  6. after using the submitted form date (which could cause user/validation errors in itself), if there are no errors, execute a redirect to the exact same url of the current page to cause a get request for that page.
  7. if you want to display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document.
  8. to allow the user to go to a different page, provide navigation links.
  9. if there are errors at step #6, the code would continue on to display the html document, where you would test and display the contents of the array holding the errors, then display the form, populating the form field values with any existing data.
  10. apply htmlentities to any values you output on a web page to help prevent cross site scripting.

 

Edited by mac_gyver
Link to comment
Share on other sites

15 hours ago, phppup said:

If there is ONLY acceptable data, they can then be redirected to another page [mynextpage.htm], right?

But if you validate and then redirect, then the page at the end of that redirection must repeat the validation, otherwise someone could send data to it directly, bypassing the validation. 

The basic pattern for my pages is something like this: 

if ( form data submitted ) 
{
   Validate form data - populate variables and error messages ; 
   if ( form data valid )
      perform any required Action ; 
}

Display Form, with values and/or error messages and/or results from the Action. 

Any "validation" that you do in Javascript on the client is for the Users' convenience only - you must not rely upon it because nothing that comes from the client can be trusted. 

(For example, do you validate the form value submitted from the HTML "select" list that you sent?  You probably should ...)

Regards, 
   Phill  W.

 

  • Like 1
Link to comment
Share on other sites

@Phi11W 

Quote

But if you validate and then redirect, then the page at the end of that redirection must repeat the validation, otherwise someone could send data to it directly, bypassing the validation. 

A n EXTREMELY valid point.

Quote

do you validate the form value submitted from the HTML "select" list that you sent?  You probably should ...

ABSOLUTELY!!!... but it's always a fair reminder to see.

I believe this is why I ran into trouble initially, as I was not so keen on re-directing my data.

It's been a few days since I had a chance to work on my code, but I think I'm going to try a hybrid that tests the code on the current page (so that PHP error messages could be visible on the same paged form) and passing the values for usage through $_SESSION.

To your point,  Phi11W, then someone sending data directly would hit a dead end because $email=$_SESSION['email'] and NOT the value of $_POST['email']

 

Any comments are welcome.

Link to comment
Share on other sites

13 minutes ago, phppup said:

someone sending data directly would hit a dead end

they would anyway, because there would be no post method form processing code present on that page to even test for post data.

also, by copying values to session variables, you are not adding any security, just complexity, because the value that was submitted to the form processing page, just got copied to a session variable, then is being finally used the same as if it had been used on the form processing page.

you are over complicating this.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.