I'm trying to track down one or more good examples that show a form being presented, validated and then handled, preferably all on the same page. I'm new to PHP but I've been coding in various other languages for many years so I'm definitely not new to programming. I googled on "php form handling" and found an article that seemed promising. Unfortunately, this forum doesn't allow me to post it, citing the FAQ. However, when I looked at the FAQ it said that new members like me could have two links and I've only got one so I'm not sure what the problem is. I'm simply omitting the link.... I've never validated a form in PHP but I like the idea of displaying, validating and then handling the validation of the form on the same page. But I'm open to arguments that this is not the best way to proceed. My big problem is that the article provides only snippets from an actual solution, not a full script. Since I'm new at PHP, I don't have the experience to imagine all the stuff that he has omitted. I've also discovered in subsequent searching that the author's approach is prone to injection attacks and I certainly want to avoid that. Therefore, I would love to find some COMPLETE examples that show all displaying, validating and handling of the data in the form. The example should use the techniques that best avoid injection attacks. For what it's worth, my form will prompt the user for some information about proposed meeting topics for a book discussion club, and validate to make sure the user has completed the form correctly. If the user has made errors, I'd like to display the errors to him on the same page as the form so that he can make the appropriate changes and then resubmit. Once the data checks out as vaild, I will insert a row to a table in a MySQL database. I'm fluent with HTML and database so displaying the form and inserting the row into the database table are well within my grasp. I don't need any major amount of instruction there. But the proper techniques to validate the data and display errors on the same page as the form is something I've never done in PHP. (I have done it in Java servlets running in Tomcat and in mainframe applications but the techniques seem rather different for PHP.)
Why don't you try yourself first and test your own logic... if there are errors/you need help, then post here with your code so we can help you. People aren't going to write a whole form with validation for you since that's very general. Some forms have little check box's that appear next to them if the input is good, some have x's if there not good, some make alert popups, etc etc... You need to decide what you want first and we can help along the way.
I'm trying to get this done in fairly quickly. If I have to start from scratch - otherwise known as re-inventing the wheel - and wait for feedback/assistance as I stumble over each of the inevitable beginner's mistakes, it's going to take much longer. I'd rather have one - or better yet, a few - examples where everything is done correctly by carefully-designed code than to use as a model. I may adapt the code and do things a bit differently if it seems preferable to do so but complete examples are going to be VERY helpful for me.
If you're looking for basic on-the-fly coding so that you don't have to rehash the same old stuff time and time again, I find Snipt is quite good. It has most languages built in and is public with no licence. You can find it over at snipt.net Alternatively, do it yourself and start creating a library of these scripts that you may need again.
Form validation is a two step process. First you validate what you can in Javascript. No blank required fields, no insane fields (6 digit phone numbers in the US, for example, or alpha in a zipcode). Then you send the data to the server and validate the entire form there. Some fields can't be verified from the client, like querying for an MX record for the domain of an email address, so that has to be done on the server. (And you reverify everything, because it's possible to submit a form without having it verified in the client.) As far as how you verify fields - that's normal programming. Names have to look like names, existing users have to exist in the database, etc. Exactly the same kind of verification you'd do in C in a desktop app that had a form that had to be filled in. What you do depends on the fields in your form and the environment. (British Empire postal codes aren't purely numeric, so you can't verify on a numeric-only basis.) You can use brute force - parsing the field character by character, or word by word, looking for what you need - or you can use a RegEx to check it. Some fields are easier to do one way, some the other way. (I never parse an email field either way - looking for the MX record, then asking the domain if the account exists, is absolute verification. Parsing for a "sane" email address can give false positives and false negatives.)
Thanks scottlpool2003! I had a look at snipt.net but there were very few examples of PHP form validation. Thanks anyway. I haven't found much of use with Google either which is why I was trying some PHP forums in the first place. Looks like I'm going to have to reinvent the wheel after all....
You misunderstand my question, Rukbat. You're mostly telling me what sort of validations I might have to do on my data; I already know that and have a pretty good idea how to do them. I'm mostly interested in seeing COMPLETE examples - they don't have to be intricate with dozens of complex fields, just a handful of simple fields - showing how the code is structured. Your point about having to check the forms twice, once on the client side and again on the server side, is well-taken. I certainly see the point of that now that you give a specific example. Can you possibly point me to some full examples of code that does that?
IT sounds like you need to move ahead with some basics. A "fancy" form like rukbat describes requires at least four chunks of code. You won't find a single file example because it would be a huge pain to cram all that code (both client and server side) into one file. Until you know what's going on you just skip the client side "pre-validation" that's done in AJAX. <?php if (isset($_REQUEST["name"])) { if ($_REQUEST["name"] == "") { echo "A Name Is Required."; exit; } echo "Your Name Is:". $_REQUEST["name"]; exit; } else { ?> <form method="post" action=""> <input type="text" name="name"> <input type="submit" name="addname" value="Say My Name"> </form> <?php } ?> Code (markup): Put that in a file on a server and watch it go. It has a form, a validation (check name exists) and a response. That's, pretty much, is bare minimum. Once you can handle a little ajax you're ready to pre-validate at client side, using the same code as server side if you like.