Reply to Re: Best approach for server side Form Validation ?

Your name:

Reply:


Posted by Norman Peelman on 06/25/06 12:51

"planotravel.net" <planotravel@gmail.com> wrote in message
news:1151208141.299446.221630@r2g2000cwb.googlegroups.com...
> h7qvnk7q001 wrote:
> > I'm trying to implement a simple server-side form validation (No
> > Javascript). If the user submits a form with errors, I want to
> > redisplay the same form with the errors highlighted. Once the form is
> > correct I need to submit to another page that uses the form data.
>
> My solution for the recently started project was the following:
>
> Create three .php files
>
> 1.php - (to initialize form variables) with a call to an A(2) function
> in 2.php with default parameters (0 for error variable, and an array of
> form elements)
> - 1.php is called when the user enters the form page
>
> 2.php - (to print out and control the form) with the A(2) function that
> takes those two arguments
> - echo "<form action=3.php method=post>";
> - for each required field use:
> if ($error & n).{ echo "..."; } //where n is an error bit, e.g.,
> 1,2,4,8,16,32 and so on.
> else { echo "..."; }
> - for all fields use interpolated array[x] value to , e.g., echo
> "<input type=text value=\"{$array["value"]}\">; - to return any
> previously entered data after page reload
>
> 3.php - with a B() form validation function (checker) that is first
> called in 3.php
> - create, initialize and fill out the $array of form variables with
> user input
> - $error = 0; check the form data, assign $error a bit (1,2,4,8 etc.)
> if an error is found
> - if ($error != 0) { A(2); } else { do smth.,e,g, C(a,b,c); }
>
>
> - in 1.php and 3.php first do
> include '2.php';
>
>
> PS Go to http://www.planotravel.net, request a quote (yellow image),
> randomly fill out the form with errors, submit and see how it works.
>
> Good luck and Regards,
>
> planotravel.net
>

What people are trying to say is that all three scripts can be combined
into one. First an explanation. This snippet is incomplete in the sense that
I am doing alot more behind the scenes. I am:

1) using a template class to pre-populate the form fields and display the
form which helps in providing clues to the user when fields are wrong
2) requesting that the users click a check box that indicated they have read
and agree to a waiver
3) when the form is completed successfully I write the data to a database
and place the user in an 'unregistered' state
4) sending the user an email with a payment link should they not complete
the payment process immediately
5) updating the user to 'registered' upon completing the payment process.

note-- the payment process (5) is a separate script (paypal)

logfile('Start of request');
$valid = 0; $not_required = 0;
if (isset($_POST) && !empty($_POST))
{
// validate form field here - repeat code as neccessary for your form
fields
// ok - if we're here then the form has been submitted, lets check things
out
if (isset($_POST['pgfirstname']) && !empty($_POST['pgfirstname']))
{
// first name - allow letters only (case insensitive, 2 chars min - 25
chars max)
$pattern = "^[A-Za-z ]{2,25}$";
if (ereg($pattern,$_POST['pgfirstname']))
{
// required field - update $valid by 1
$valid++;
// logfile() is a custom function
logfile("Parent first name OK: $_POST[pgfirstname]");
}
else
{
// bad characters in field
$pgfirstname_error = ' Sorry, you have invalid characters in your
First name.';
$pgfirstname_color = 'orange';
logfile("Parent first name has invalid characters");
}
}
else
{
// field was left empty
$pgfirstname_error = ' We really need your First name (between 2 and
25 letters only)';
$pgfirstname_color = 'orange';
logfile("Parent first name not submitted");
}
// variables are assigned correct or not as the form is repopulated so
the user can correct typos
$pgfirstname = $_POST['pgfirstname'];

if (isset($_POST['address_em']) && !empty($_POST['address_em']))
{ // validate e-mail address as best we can...
//$pattern =
"^([A-Za-z0-9]+[._]?){1,}\+[A-Za-z0-9]+\@(([A-Za-z0-9]+[-]?){1,}[A-Za-z0-9]+
\.){1,}[A-Za-z]{2,6}$";
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
//$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
//$pattern .= "([aero|biz|coop|com|net]";
//$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";

// stop unwanted email hosts here - add as many as needed
$unwanted = array(0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // create regex with $value... ex: spamhole{1}
$value .= '{1}';
if (eregi($value,$_POST['address_em']))
{
logfile("WARN: email address is one of the unwanted email hosts
$_POST[address_em]");
$address_em_error = "Temporary email addresses are not permitted!";
$address_color = "orange";
}
}
if (eregi($pattern,$_POST['address_em']))
{
logfile("INFO: useremail passed email test -> $_POST[address_em]");
$valid++;
}
else
{
logfile("INFO: Invalid email (useremail) address ->
$_POST[address_em]");
$address_em_error = 'Invalid e-mail address! Please re-enter.';
$address_em_color = "orange";
}
}
else
{
logfile("INFO: email address not submitted.");
$address_em_error = " We really need your email address.";
$address_em_color = "orange";
}
$address_em = $_POST['address_em'];
}

// validate cell phone - field NOT required for valid form
if (isset($_POST['address_cph']) && !empty($_POST['address_cph']))
{
// cell phone - allow numbers only (case insensitive)
$pattern = "^[0-9\-]{7,12}$";
if (ereg($pattern,$_POST['address_cph']))
{
// if required, change this variable to $valid++
// if not required change this variable to $not_required++
$not_required++;
}
else
{
// we want valid input whether this field is required or not
$address_cph_error = ' Sorry, you have improper characters in your
Cell phone number.';
$address_cph_color = 'orange';
}
}
else
{
// if required, uncomment lines below
//$address_cph_error = ' We really need your Cell phone number
(xxx-xxx-xxxx format)';
//$address_cph_color = 'orange';
}
$address_cph = $_POST['address_cph'];

if (isset($_POST['waiveragree']) && !empty($_POST['waiveragree']) &&
$_POST['waiveragree'] == 'agree')
{
// client has agreed to the waiver
$waiveragree = 'checked';
logfile("Client has agreed to waiver");
}
else
{
$waiveragree = '';
$waiveragree_error = "You must agree to the waiver to complete the
registration process.";
$waiveragree_color = "orange";
}


// ok we've checked all the fields - count our required and not required
fields to make sure everything is cool
if ($valid == 2 && $not_required == 1 && @$_POST['waiveragree'] == 'agree')
{
// do something with user info
logfile("INFO: Form completed correctly and client agreed to waiver");
logfile("End of request");
// you can redirect here...
//header("Location: hxxp://path.to.another.page?var1=$var1&var2=$var2");
}

---



--logfile()-- place at top of script
define('LOGFILE',true); // set to false to turn off logging.
function logfile($txt)
{ // daily logging function - creates/appends a logfile by date
if (LOGFILE)
{
$txt = date("G:i:s - ").$txt.chr(13);
$lf = 'drive:\\path\to\your\logfile_name_'.date('D M j -
Y').'.logfile';
$fp = fopen($lf,'a');
fwrite($fp,$txt,1024);
fclose($fp);
} // assign the extension .logfile to WORDPAD or some other text reader
that will format it correcly - just a quick and dirty function
}

....some good examples of logfile usage are:

logfile('MySQL: '.mysql_errno($dbc).' - '.mysql_error($dbc));
logfile("INFO: some info here from a $variable");
logfile("$script_name: info here");
etc.

Norm

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация