Validate with process.php

[dawn8]

Hi All,

I have a form that uses a separate php file (process.php) to send to my email which works fine. It reads all my fields and makes up the email so that it can be used with lots of different forms - I'm sure most of you are familiar with this script.

My problem is that I don't know where to start with validating with PHP so that I have required fields. I don't want to use JavaScript.

I think I have 3 options:

1. Do I do it directly in the HTML page?

Or
2. Add it to the process.php file?

Or
3. Create another php file specifically for validating which once has been verified it runs the process.php script?

As you've probably gathered, I am very new to PHP so I need as clear an explaination as possible!

Here is the code for the process.php page and the form is just the bog standard HTML page with a few drop down menus and some text fields - I can post if needed.

PHP Code:

<?php
   if ($_SERVER['REQUEST_METHOD']=="POST"){
      // In testing, if you get an Bad referer error
      // comment out or remove the next three lines
      if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 ||
         !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']))
         die("Bad referer");
      $msg="Values submitted by the user:\n";
      foreach($_POST as $key => $val){
         if (is_array($val)){
            $msg.="Item: $key\n";
            foreach($val as $v){
               $v = stripslashes($v);
               $msg.="   $v\n";
            }
         } else {
            $val = stripslashes($val);
            $msg.="$key: $val\n";
         }
      }
      $recipient="me@mydomain.com";
      $subject="PHP Test";
      error_reporting(0);
      if (mail($recipient, $subject, $msg)){
         echo "<h1>Thank you</h1><p>Message successfully sent:</p>\n";
         echo nl2br($input);
      } else
         echo "An error occurred and the message could not be sent.";
   } else
      echo "Bad request method";
?>

Thanks
Dawn

[cronsrcs]

I would suggest using a "dual mode" script for your forms....ie contact.php has a contact form on it and then the action of that form is $_SERVER['PHP_SELF'] (ie itself).

Then you can check whether the form has been submitted by checking for the existence of a $_POST variable.

You can then run your input variables through a variety of validation checks and only send the mail if there are no validation errors.

I hope that this gives you a start?

BTW- i have separate include files data_valid_functions.php and mail_functions.php to save a lot of the duplication.

[frankcow]

A very simple validation method is to just create an array of the required fields, and check each post variable for a valid input, as in != ""

[dawn8]

I would suggest using a "dual mode" script for your forms....ie contact.php has a contact form on it and then the action of that form is $_SERVER['PHP_SELF'] (ie itself).

Then you can check whether the form has been submitted by checking for the existence of a $_POST variable.

You can then run your input variables through a variety of validation checks and only send the mail if there are no validation errors.

I hope that this gives you a start?

BTW- i have separate include files data_valid_functions.php and mail_functions.php to save a lot of the duplication.

Thanks for the reply cronsrcs

Unfortunately, when I said I was new to PHP, I really did mean just that!! I really don't know where to start as regards to your solution. I did search on Google and found this which I am trying to get to work with my form. Is this similar to your solution to my problem and does it look like the most simple way to go about it to you?

If I can just get something to work with my form, then I can trawl through the various scripts to learn how it all works - I've just found this the most easiest way of learning.

Again thanks for your help.

[Jake Arkinstall]

then I would recomend a tutorial....

w3schools is my favorite.

It's ok to go through peoples code to learn, but you need to atleast know the basics.

Every php programmer has their own style of coding and their own way of attacking problems, and you can't use other peoples.

[cronsrcs]

dawn8 - I will illustrate my solution with some pseudo code:

contact.php

PHP Code:

//if the form has been submitted
if($_POST['form_submitted'])
{
    //check for errors
    if(no_errors)
   {
      //send the email
   }
   //
   else
   {
       //display the errors
       //and display the form again
   }

}
else
{
      //the form has not been submitted
      // display the form
} 


the html for the form

PHP Code:

echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">";
echo "<input type=\"hidden\" name=\"form_submitted\" value=\"true\" />";
echo "</form>"; 


Does this make sense? I can step you through some basic validation if you can understand this......

[cronsrcs]

Yes that link that arkinstall provided is a good starting point if you need to learn the "basics"....

[dawn8]

Does this make sense? I can step you through some basic validation if you can understand this......

Thanks cronsrcs - Yes that does make sense to me so if you could step me through basic validation, that would be great.

arkinstall

w3schools is my favorite.

Yes, I've found this very helpful before myself. Thanks

[cronsrcs]

which fields have you got on your form? ie Name, email, phone number etc etc.....

[dawn8]

The fields I have are:
value, type, location, age - all of which are dropdowns;
then:
name, email, tel

[cronsrcs]

and what type of value are you expecting each of them to be?
ie numeric, text only, in a certain format (ie email address)..

[dawn8]

name - will be text only
email - check that it is in the correct format ie - me@mydomain.co.uk
tel - numeric with check that it's the right length? Is this the norm or should it be more complicated ie check that the area code is inserted (0151) correctly, etc.

Thanks

[cronsrcs]

nup - that sounds about right.....ok........So this is the skeleton that we had from before...

PHP Code:

if($_POST['form_submitted'])
{
    //check for errors
    if(no_errors)
   {
      //send the email
   }
   //
   else
   {
       //display the errors
       //and display the form again
   }

}
else
{
      //the form has not been submitted
      // display the form
} 


After the 1st line where we check if the form has been submitted, we need to get the values that the user has entered, in order to validate them (and later use them to send in the email).

PHP Code:

//get the vars from the form
$name= strip_tags(trim($_POST['name']));
$email = strip_tags(trim($_POST['email']));
$phone= strip_tags(trim($_POST['phone'])); 


We have used trim() and strip_tags() to just tidy up the input a little.

Ok, as we go through each of the fields validating them, we will store any errors in an array (just makes it easier to output the errors later).

PHP Code:

//inititialise an error array
$errors = array(); 


Now we are ready to validate our input:

PHP Code:

if(!is_numeric($phone))
{
   $errors[] = 'Phone number must be a number';
} 


Ok, so I suggest that you now go off and do some reading on regular_expressions and php form validation to have a crack at the other fields......

[dawn8]

Thanks so much cronsrcs

All that has helped enormously - I'll implement it with my form tomorrow and then hopefully get the others to work too!

Dawn

[cronsrcs]

Glad I could help - let me know if you have any further troubles....

[dawn8]

Hi cronsrcs,

Just letting you know that I decided to use a small program that creates the PHP for me that also validates everything and more. I won't name the program, not sure if its against the rules or not. I know a lot of people will think this is a cop-out but at the end of the day if it does what I needed without all the problems of trying to create code myself from scratch that may not be as good as it could be then I'm happy.

But I just want to say thanks again for helping me as much as possible. I'm still going to continue learning PHP but I think I'll start with something a bit more simple!

[cronsrcs]

Thanks for the update - not a problem re the help - as you can guess I am going to recommend/encourage learning some PHP so that you can code these things instead of having a program code it for you!

Hang around these forums, read about other issues and you will soon learn....

[Jake Arkinstall]

Well, if you only need PHP for this one job then i suppose its alright....

However, i seriously recommend moving to PHP coding some time, its a brilliant way to weigh down your CV, and in the long run your wallet.