|
|
Posted by Norman Peelman on 06/25/06 13:29
"Norman Peelman" <npeelman@cfl.rr.com> wrote in message
news:HFvng.18233$LT2.9955@tornado.tampabay.rr.com...
> "planotravel.net" <planotravel@gmail.com> wrote in message
> news:1151208141.299446.221630@r2g2000cwb.googlegroups.com...
> > h7qvnk7q001 wrote:
> > > I'm trying to implement a simple server-side form validation (No
> > > Javascript). If the user submits a form with errors, I want to
> > > redisplay the same form with the errors highlighted. Once the form is
> > > correct I need to submit to another page that uses the form data.
> >
> > My solution for the recently started project was the following:
> >
> > Create three .php files
> >
> > 1.php - (to initialize form variables) with a call to an A(2) function
> > in 2.php with default parameters (0 for error variable, and an array of
> > form elements)
> > - 1.php is called when the user enters the form page
> >
> > 2.php - (to print out and control the form) with the A(2) function that
> > takes those two arguments
> > - echo "<form action=3.php method=post>";
> > - for each required field use:
> > if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
> > 1,2,4,8,16,32 and so on.
> > else { echo "..."; }
> > - for all fields use interpolated array[x] value to , e.g., echo
> > "<input type=text value=\"{$array["value"]}\">; - to return any
> > previously entered data after page reload
> >
> > 3.php - with a B() form validation function (checker) that is first
> > called in 3.php
> > - create, initialize and fill out the $array of form variables with
> > user input
> > - $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
> > if an error is found
> > - if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
> >
> >
> > - in 1.php and 3.php first do
> > include '2.php';
> >
> >
> > PS Go to http://www.planotravel.net, request a quote (yellow image),
> > randomly fill out the form with errors, submit and see how it works.
> >
> > Good luck and Regards,
> >
> > planotravel.net
> >
>
What people are trying to say is that all three scripts can be combined
into one. First an explanation. This snippet is incomplete in the sense that
I am doing alot more behind the scenes. I am:
1) using a template class to pre-populate the form fields and display the
form which helps in providing clues to the user when fields are wrong
2) requesting that the users click a check box that indicated they have read
and agree to a waiver
3) when the form is completed successfully I write the data to a database
and place the user in an 'unregistered' state
4) sending the user an email with a payment link should they not complete
the payment process immediately
5) updating the user to 'registered' upon completing the payment process.
note-- the payment process (5) is a separate script (paypal)
logfile('Start of request');
$valid = 0; $not_required = 0;
if (isset($_POST) && !empty($_POST))
{
// validate form field here - repeat code as neccessary for your form
fields
// ok - if we're here then the form has been submitted, lets check things
out
if (isset($_POST['pgfirstname']) && !empty($_POST['pgfirstname']))
{
// first name - allow letters only (case insensitive, 2 chars min - 25
chars max)
$pattern = "^[A-Za-z ]{2,25}$";
if (ereg($pattern,$_POST['pgfirstname']))
{
// required field - update $valid by 1
$valid++;
// logfile() is a custom function
logfile("Parent first name OK: $_POST[pgfirstname]");
}
else
{
// bad characters in field
$pgfirstname_error = ' Sorry, you have invalid characters in your
First name.';
$pgfirstname_color = 'orange';
logfile("Parent first name has invalid characters");
}
}
else
{
// field was left empty
$pgfirstname_error = ' We really need your First name (between 2 and
25 letters only)';
$pgfirstname_color = 'orange';
logfile("Parent first name not submitted");
}
// variables are assigned correct or not as the form is repopulated so
the user can correct typos
$pgfirstname = $_POST['pgfirstname'];
if (isset($_POST['address_em']) && !empty($_POST['address_em']))
{ // validate e-mail address as best we can...
//$pattern =
"^([A-Za-z0-9]+[._]?){1,}\+[A-Za-z0-9]+\@(([A-Za-z0-9]+[-]?){1,}[A-Za-z0-9]+
\.){1,}[A-Za-z]{2,6}$";
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
//$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
//$pattern .= "([aero|biz|coop|com|net]";
//$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";
// stop unwanted email hosts here - add as many as needed
$unwanted = array(0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // create regex with $value... ex: spamhole{1}
$value .= '{1}';
if (eregi($value,$_POST['address_em']))
{
logfile("WARN: email address is one of the unwanted email hosts
$_POST[address_em]");
$address_em_error = "Temporary email addresses are not permitted!";
$address_color = "orange";
}
}
if (eregi($pattern,$_POST['address_em']))
{
logfile("INFO: useremail passed email test -> $_POST[address_em]");
$valid++;
}
else
{
logfile("INFO: Invalid email (useremail) address ->
$_POST[address_em]");
$address_em_error = 'Invalid e-mail address! Please re-enter.';
$address_em_color = "orange";
}
}
else
{
logfile("INFO: email address not submitted.");
$address_em_error = " We really need your email address.";
$address_em_color = "orange";
}
$address_em = $_POST['address_em'];
}
// validate cell phone - field NOT required for valid form
if (isset($_POST['address_cph']) && !empty($_POST['address_cph']))
{
// cell phone - allow numbers only (case insensitive)
$pattern = "^[0-9\-]{7,12}$";
if (ereg($pattern,$_POST['address_cph']))
{
// if required, change this variable to $valid++
// if not required change this variable to $not_required++
$not_required++;
}
else
{
// we want valid input whether this field is required or not
$address_cph_error = ' Sorry, you have improper characters in your
Cell phone number.';
$address_cph_color = 'orange';
}
}
else
{
// if required, uncomment lines below
//$address_cph_error = ' We really need your Cell phone number
(xxx-xxx-xxxx format)';
//$address_cph_color = 'orange';
$not_required++;
}
$address_cph = $_POST['address_cph'];
if (isset($_POST['waiveragree']) && !empty($_POST['waiveragree']) &&
$_POST['waiveragree'] == 'agree')
{
// client has agreed to the waiver
$waiveragree = 'checked';
logfile("Client has agreed to waiver");
}
else
{
$waiveragree = '';
$waiveragree_error = "You must agree to the waiver to complete the
registration process.";
$waiveragree_color = "orange";
}
// ok we've checked all the fields - count our required and not required
fields to make sure everything is cool
if ($valid == 2 && $not_required == 1 && @$_POST['waiveragree'] == 'agree')
{
// do something with user info
logfile("INFO: Form completed correctly and client agreed to waiver");
logfile("End of request");
// you can redirect here...
//header("Location: hxxp://path.to.another.page?var1=$var1&var2=$var2");
}
---
--logfile()-- place at top of script
define('LOGFILE',true); // set to false to turn off logging.
function logfile($txt)
{ // daily logging function - creates/appends a logfile by date
if (LOGFILE)
{
$txt = date("G:i:s - ").$txt.chr(13);
$lf = 'drive:\\path\to\your\logfile_name_'.date('D M j -
Y').'.logfile';
$fp = fopen($lf,'a');
fwrite($fp,$txt,1024);
fclose($fp);
} // assign the extension .logfile to WORDPAD or some other text reader
that will format it correcly - just a quick and dirty function
}
....some good examples of logfile usage are:
logfile('MySQL: '.mysql_errno($dbc).' - '.mysql_error($dbc));
logfile("INFO: some info here from a $variable");
logfile("$script_name: info here");
etc.
The *_color variables are used by the CSS/STYLE to colorize the form fields
on error, the *_error variables are self explanatory. And as you can see you
can customize the errors to reflect the true problems.
Norm
Navigation:
[Reply to this message]
|