Forum Moderators: coopster
The scripts I have constructed submits the form data to a database script for insertion. It's all working and I am using javascript to validate the form but, I wanted to ensure the form data is secure in case users disable jscript.
Since I have split the form, I am at a loss as to the best way to validate the form and inform the user of errors they need to correct. I have tried inserting the validation on each script but, I can't get that to work. I have recombined both scripts into one, which kind of works but, it just looks large and sloppy.
What is the most effective way to process and validate the form while keeping the scripts seperate? Is it possible to use the receiving Db insertion script to validate and return any input errors in the form script (without lossing all valid user data)?
Thanks!
if (!$valid)
{
header("Location: form_page.php);
}
The trick with separate pages is getting the valid post data back to the original form. One option with the way you're doing it would be to put all valid post data in a session variable
$_SESSION['post']['lastname'] = $_POST['lastname'];
and to unset any session vars for which the data is not valid.
if (isset($_SESSION['post']['age']) &&!$valid)
{
unset($_SESSION['post']['age']);
}
Then when you come back around to the form, you test whether a given session var is set and, if so, fill in the value. If not, leave it blank and bold it and turn it red so they know that's a problem field. Once you've filled in the form with the given values, unset $_SESSION['post'] to keep things from getting crazy confusing.
Tom
Everything is displaying OK but, I don't submit to the Db. It just kicks me back to the original form (the user input that was to be submitted is still displayed in the fields). >>My actual script is much larger but, here's the gist:
NOTE: MY HOST DOES NOT HAVE REGISTER GLOBALS ENABLED BUT, THEY DO HAVE MAGIC QUOTES ENABLED.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?
include_once ("config.php");
if (isset($HTTP_POST_VARS[Submit])) {
if (strlen($HTTP_POST_VARS['first_name']) > 0) {
$query = "INSERT INTO $table_name VALUES (0,'$first_name' ,'$birth_date')";
// Execute the query:
$query_result = mysql_query ($query);
if ($query_result) {
echo 'The profile has been added succesfully!';
} else {
echo 'The profile could not be added!';
}
mysql_close();
} else {
echo 'You forgot to enter a profile!';
}
} else {
echo <<<END
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0">
<tr>
<TD ALIGN="CENTER" colspan="2">
<form action="manager.php" method="post" enctype="multipart/form-data" name="managerform">
<table class="input" border "1">
<tr>
<td align="right" class="static"><img src="/images/question.gif" alt="YOUR LEGAL, FULL FIRST NAME" title="YOUR LEGAL, FULL FIRST NAME"> <b>Full First Name: </b>
<input type="text" name="first_name" value="$first_name" size="20" maxlength="30" ></td>
<td align="right" class="static">
END;
echo '<select name="birth_month" value="$birth_month"><option value=""></option>';
for ($n = 1; $n <= 12; $n++) {echo "<option value=\"$n\">$n</option>\n";
}echo '</select> - <select name="birth_day" value="$birth_day"><option value=""></option>';
for ($n = 1; $n <= 31; $n++) {echo "<option value=\"$n\">$n</option>\n";
}echo '</select> - <select name="birth_year" value="$birth_year"><option value=""></option>';
for ($n = 1950; $n <= 2001; $n++) {echo "<option value=\"$n\">$n</option>\n";
}
echo <<<END
</select></td></tr>
</table>
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0">
<tr><td><input name="submit" type="submit" value="submit"></form>
</TD>
</TR>
</TABLE>
</body>
</html>
END;
}
?>
Hope this wasn't too code heavy but, I am stuck in the process.
If they all validate, you need to show another page. Though you could have all of this in one file, I think that you would be better off not doing so. As your script grows, it's going to get very difficult to make heads or tails of if it's all in one file.
One thing to ask yourself - is your time worth nothing? Would switching to a better host for, say, another $0 to $10/month make your scripts easier to write and maintain? I haven't found that price alone is a good indicator of quality in shared hosting, but a bad host is simply never a cost-effective solution. Even if the site brings in no money, it's not worth the aggravation.
