Form Validation

[jassikundi]

Hi people, I've just created my form and would like to know what methods can be applied for data validation before the user submits it. Its currently setup so it validates over the server and returns a message "please enter your email" for example. What would I need to do in order to have it validated before hand, use loops? If so can someone give me an example? As I'm new to PHP coding.

 

Here the basic code I have used for now.

 

if (eregi('http:', $question)) {
die ("Please enter question");
}
if(!$email == "" && (!strstr($email,"@") || !strstr($email,".")))
{
echo "<h2>Please enter valid email</h2>\n";
$badinput = "<h2>Feedback was NOT submitted</h2>\n";
echo $badinput;
die ("Go back! ! ");
}
if(empty($firstname) || empty($email) || empty($question )) {
echo "<h2>Please fill in all fields</h2>\n";
die ("Use back! ! ");
}

 

Thanks in advance.

[corillo181]

the only way to validate with out using the server is javascript.

[jassikundi]

Would it not be possible for the form to be submitted and checked on the server side, and represented to the user if data is incorrect, asking them to fill in the fields?

[jassikundi]

bump someone help me out  :-\

[corbin]

You could do something like this:

 

<?php

$errors = array();

$success = false;

if($_POST) {
$user = (isset($_POST['user'])) ? $_POST['user'] : '';
$password = (isset($_POST['password'])) ? $_POST['password'] : '';
$email = (isset($_POST['email'])) ? $_POST['email'] : '';
if(!preg_match('/^[a-zA-Z0-9_]{1,16}$/', $user)) {
	$errors[] = 'Please enter an alphanumeric (_ allowed) username 1-16 characters long.';
}
if(!preg_match('/^[a-zA-Z0-9]$/', $password)) {
	$errors[] = 'Please enter a 1-16 character alphanumeric password.';
}
if(!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $email)) { //taken from http://www.regular-expressions.info/email.html  This doens't seem to be the best email regexp ever, but I didn't feel like googling or making one
	$errors[] = 'Please enter a valid email address.';
}
if(count($errors) === 0) {
	//success!
	$success = true;
	echo 'All input fields validated!';
}
//to use later in the form
$user = htmlentities($user);
$password = htmlentities($password);
$email = htmlentities($email);
}
else {
$user = $password = $email = '';
}

if($success != true) {
if(count($errors) !== 0) {
	//this is gonna be ugly....  Oh well.
	echo '<div style="color: red;">One or more errors occured.';
	echo '<ul>';
	foreach($errors as $error) {
		echo '<li>' . htmlentities($error) . '</li>';
	}
	echo '</ul>';
}

echo <<<HERE
<form action="" method="POST">
<table>

	<tr>
		<td>Username:</td>
		<td><input type="text" name="user" value="{$user}" maxlength="16" size="12"	/></td>
	</tr>

	<tr>
		<td>Password:</td>
		<td><input type="password" name="password" value="{$password}" maxlength="16" size="12"	/></td>
	</tr>

	<tr>
		<td>Username:</td>
		<td><input type="text" name="email" value="{$email}" maxlength="50" size="12"	/></td>
	</tr>

	<tr>
		<td colspan="2" style="text-align: center;"><input type="submit" name="submit" value="Submit!" /></td>
	</tr>

</table>
</form>
HERE;

}

?>

 

Or... to use your processing:

 

if($_POST) {
//pretend $question, $email and $firstname are defined
if(eregi('http:', $question)) {
	$error = 'Please enter question';
}
elseif(empty($email) || empty($firstname) || empty($question)) {
	$error = 'Please fill in all fields.';
}
elseif(!strstr($email, '@') || !strstr($email, '.')) {
	$error = 'Please enter a valid email.';
}
else {
	//success!!!!
	$showform = false;
}
}
else {
$question = $email = $firstname = '';
}

if($showform != false) {
if(!empty($error)) {
	echo $error;
}
echo <<<HERE
<!-- form stuff here -->
HERE;
}