stop form submission if errors

[horseatingweeds]

I'm confused about how to stop a form from continuing to submit if the user does not properly fill inputs.

 

This is what I'm experimenting with:

 

<?php

// Verify something has been inputed

function _input_filled($input)

{

if (strlen(trim($input)) <= 5) return 1;

else return 0;

}

 

print "<form name='form1' id='form1' enctype='multipart/form-data'

action = 'breeder-list-2.php' method = 'post' />";

print "<input type='text' name='name' size='20' value='' />";

print "<input type='submit' name='submit' value='submit' />";

print "<input type='hidden' name='_submit_check' value='1' />";

print "</form>";

 

if (array_key_exists('_submit_check',$_POST))

{

if (_input_filled($_POST['name']))

{

print "Input Nam";

return false;

}

}

?>

 

It catches the error but continues to the next page before writing the error. How do I keep it from continuing?

[yarnold]

Remember that PHP is server-side scripting and can only execute when a new HTTP request is made to the server.

 

You should look into the implementation of "AJAX" (Asynchronous javascript and XML) - plenty of tutorials on the Internet regarding how to do form validation with it, or even just basic javascript form validation.

 

Achieving the result you want with PHP alone is, as far as I know, nigh on impossible. Unless I've misunderstood, of course!

[horseatingweeds]

Let me clear my question up. I did have this working, but I made changes and lost them and am not sure how it was working.

 

I simple want to check the form, if a problem is found, I want a message to appear explaining it and for the page not to continue to the next page (submission page).

[Psycho]

Simple, you need to have your form page also be your vallidation page. here is a VERY basic example:

 

<?php

if (isset($_POST[submit])) { //Form was submitted

  //Validate the first name
  if ($_POST[firstname] =='') { $error = "You must enter a first name."; }

  //Validate the last name
  if  ($_POST[lastname] =='') {
    if ($error) { $error = $error . "<br>"; }
    $error = $error . "You must enter a last name.";
  }

  if (!$error) { //No errors, redirect to processing page
    header ("Location: process.php");
  }

}

?>
<html>

<body>

<br><br>
<span style="color:red;"><?php echo $error; ?></span>
<br><br>

<form name="test" method="POST" action="<?php echo $_ERVER[php_SELF]; ?>">
First name: <input type="text" name="firstname" value="<?php echo $_POST[firstname]; ?>"><br>
Last name: <input type="text" name="lastname" value="<?php echo $_POST[lastname]; ?>"><br>
<input type="submit" name="submit" value="Test">
</form>

</body></html>

[horseatingweeds]

I've tried the header("Location: next_page") but it has two problems. It produces an error referring to other includes and it doesn't post the inputs to the next page.

[Psycho]

Sorry, I grabbed that from a sample login page which does the processing in line.

 

All you need to do is that instead of using header is to use an include to call the processing page (followed by an exit;). Since, no code has been output to the page nothing should affect that page, and it would be as if you posted to that page.

 

  if (!$error) { //No errors, redirect to processing page
    include ("process.php");
    exit;
  }

[horseatingweeds]

I don't understand.

 

My intention is this:

 

page_1.php has a form that needs to be checked. If errors are found they will be flagged. If no errors are found the input data will be posted and continue onto page_2.php which is also a form. This for will be checked for error. If errors are found they will be flagged; if not the additional data will be posted and will continue on into a page that will use the data, like use_data.php.

 

My problem is that when I use action='page_2.php' the page posts and goes on to page_2.php regardless of errors.

[horseatingweeds]

Is there no way to stop a form from posting in the event of an error? Am I thinking about this in the wrong way?

[Psycho]

Is there no way to stop a form from posting in the event of an error? Am I thinking about this in the wrong way?

 

The answer to both qquestions is yes and no!

 

Can you prevent a form from posting if there are errors? Yes, you can do that with JavaScript. But, there are drawbacks to that. 1) If you need to do a db query, then you can't do that with JS. 2) People can have JS turned off and it is possible to submit data to a page without a form (this can be done for malicious intent). So, you should ALWAYS validate user input on the server side. However, I will typically also use JS on the client-side as it is more user friendly - but I do it in addition to the validation server-side.

 

Are you going about this the wrong way? Not necessarily, it's a matter of user preference. You can do what you are asking in several ways:

 

1) Follow my example above. Have the form post to itself and do the validation for that page. If the validation fails then you can reshow the page with the entered values and the errors. If the validation passes then include the next page in the process. The key is that you should not output anything to the page until you have done the validation.

 

2) Have the form post to the 2nd page. That page would then do the validation. If the validation fails then include the form page. If the validation passes then continue normally. Again, you should not output anything to the page until validation has been completed.

 

3) Put all your forms into one page. Just use a different "switch" to determine what page and validations you should do, such as the submit value. Or use a master page that accepts all posts and then includes the appropriate forms and validation (see attached sample).

 

4) Go with a process similar to either 1 or 2, but instead save the validated values as session variables.

 

Attached you will find a zip file with 4 sample files. There is a start.php, form1.php, form2.php, and a confirmation.php. Just navigate to start.php to try it out. That page determines what form to show and the validation to be run. Hope this helps.

 

 

[attachment deleted by admin]

[soycharliente]

Change your action to PHP_SELF (or whatever it is), then if there are no errors, before you output anything, redirect to the page with ?page=whatever in the URL.

 

Or, make separate pages for each step.

[horseatingweeds]

Thanks mjdamato,

 

I think I have my php set up wrong. I tried your examples on my local server and got errors (picture) :

http://www.efficientpresence/temp/error1.gif

 

When I try running it I get this page. (picture) :

http://www.efficientpresence/temp/error2.gif

 

Trusting your script more than my own php program, I loaded it onto my shared server. It works fine there, just dandy. Does this mean I have bad server settings? It's php 5. I don't have access to my shared server's php.ini file.

 

Also, what is $_ERVER[]; ? I've tried looking it up and couldn't find it. I've seen it before but thought it was a type-o for $_SERVER[]; . It works on the shared server though. Is it a php 3 or 4 maybe?

 

 

[redarrow]

yes it echo $_SERVER['PHP_SELF'];

[Psycho]

1. Your URLs for the error images were missing the .com! But I finally figured it out.

 

2. The errors you are receiving is due to lazy code. When referencing an array value you should use $ArryyName['KeyName'] - with KeyName within quotes. Otherwise it *could* think the KeyName was a constant. Many servers will handle that code fine. It appears your server is a littl emore strict - which is actuall a good thing in my opinion. So, in my scripts you should just need to put all the key names within single quotes.

 

3. Did you mean $_SERVER[]? That is a super global variable which has all sorts of predefined server variables such as the current page ($_SERVER['PHP_SELF']) so you can have code which you can use on multiple pages - i.e. have forms submit to themselves. It will work in PHP5, just add the quote marks.

 

More info here: http://us3.php.net/reserved.variables

[horseatingweeds]

Your right mjdamato, I changed the Key Names to have quotes and my server seems to like it better. I'm still getting Notice: errors but I think these are just letting me know this or that is undefined, like when no errors are produced from filling out the form.

 

The $_ERVER[] I spoke of I changed to $_SERVER[].

 

Thanks for the example. This should help me understand things better.