CODEWITHSUNDEEP
phphtmlvalidationformshttp-post
Sabha
Sabha

Reputation: 619

Validate fields on html page with php

Please find code of index.html and submit.php file. With the help of loopo, both are working perfect. I am struggling where excatly to put the validation code (in index.html file or submit.php file). i am using html5 input types in html file and I dont know where exactly the validation has to happen in submit.php file. I have multiple forms and I made validations.php as suggested. I am also not understanding where will the error messages been shown?

Can you suggest a location in the submit.php file where I should add these validations by editing my submit.php file?
Regexp for email ('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/')
Regexp for phone (^(?:(?:\+|0{0,2})91(\s*[\-]\s*)?|[0]?)?[789]\d{9}$)

index.html file

<form method="post" action="submit.php">
    <div class="box">
        <div class="cl"><input type="text" name="name" placeholder="Name" /></div>
        <div class="cl"><input type="text" name="city" placeholder="City" /></div>
        <div class="cl"><input type="text" name="mobile" placeholder="Mobile" /></div>
        <div class="cl"><input type="email" name="email" placeholder="Email" /></div>
        <div class="cl"><input type="text" name="sub" placeholder="Want 3 m Free Subscription (Yes/No)?"></textarea></div>
        <div class="cl"><input type="text" name="slogan" placeholder="Suggest a slogan for 6 m subscription"></textarea></div>
    </div>
    <div class="srow">
        <div class="cl1">
            <ul class="action">
                <li><input type="submit" value="Submit" /></li>
            </ul>
        </div>
    </div>
</form>

submit.php file

<?php
include 'config.php'; // store your configuration in a seperate file so 
                      // you only need to update it once when your environment changes

$errors = false;
$output = '';
$nl = '<br>'.PHP_EOL;
$redirect_url = 'index.html';

if (!$con = new mysqli(DBHOST,DBUSER,DBPASS,DBNAME)){
    $errors = true;
    $output .= "ERROR Can't connect to DB".$nl;
};   


if (!$errors){
   //should validate/clean $_POST before using in query
   $name = $con->escape_string($_POST['name']);
   $city = $con->escape_string($_POST['city']);
   $email = $con->escape_string($_POST['email']);
   $mobile = $con->escape_string($_POST['mobile']);
   $sub = $con->escape_string($_POST['sub']);
   $slogan = $con->escape_string($_POST['slogan']);

   $sql="INSERT INTO members 
            (sName, sCity, sMobile, sEmail, sSub, sSlogan)
         VALUES ('$name', '$city', '$mobile', '$email',
                '$sub','$slogan')";

   if (!$con->query($sql)){ //forgot a parenthesis here earlier
      $output .= 'ERROR: DB said: ('.$con->errno.') '.$con->error.$nl;
      $output .= 'Query was:'.$sql.$nl;
      $errors = true;
   }else{
     $output .= "1 record added".$nl;
   }
}

if (!$errors){
   //if there are no errors redirect to index.html;
   header('refresh: 2; URL='.$redirect_url);
   $output .= '...Redirecting...'.$nl;
}else{
   //show the errors and allow display a link to go back/try again
   $output .= '<a href="'.$redirect_url.'">Try again</a>'.$nl;
}
echo $output;
?>

Validations suggested by loopo but dont know exact location to put it. I made a validations.php file and included in submit.php but may be my syntax is wrong because of which it is not working.

function validate_name($input){
    // fairly naive rule:
    // upper and lower case latin characters and space
    // at least three character long
    // you may want to look at allowing other characters such as é ö etc.
    $input = trim($input); //get rid of spaces at either end
    if (preg_match('/^[a-zA-Z ]{3,}$/',$input) == 1){
        return $input;
    }else{
        return false;
    }
}

  if (!empty($_POST['name']){
    if (!$name = $con->escape_string(validate_name($_POST['name'])){
        $error = true;
        $output .= 'ERROR: Invalid Name: '.$_POST['name'].$nl;
    }
  }else{
    $error = true;
    $output .= 'ERROR: No name specified'.$nl;
  }

Upvotes: 2

Views: 1156

Answers (1)

Abdallah Alsamman
Abdallah Alsamman

Reputation: 1672

html validations can be bypassed by sending a request directly to the php file, so validating info on server-side is a good choice you made.

i suggest you better use php's built-in function filter_var, for clean code and accurate/safe results, try this:

function validateEmail($email){
    if(filter_var($email,FILTER_VALIDATE_EMAIL)){
        return true;
    }
}

function validatePhonenb($nb){
    if(filter_var($nb,FILTER_VALIDATE_REGEXP,array("options"=>array("regexp"=>"/^(?:(?:\+|0{0,2})91(\s*[\-]\s*)?|[0]?)?[789]\d{9}$/"))){
        return true;
    }
}

and since there is no validating for phone numbers, i used your regex, btw you can sanitizethe phone number using var_filter before proceeding instead of validating it

I have multiple forms and I made validations.php as suggested. I am also not understanding where will the error messages been shown

error messages will be shown in the bottom of the page since they are being echoed in the end of the code 

echo $output;
?>

if they are not being displaced change the position of echoing the output containing errors and execute die() after it so the script will stop execution after it showed the errors

Upvotes: 2

Related Questions