Difference between revisions of "PHP more forms"
(→Validation) |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 63: | Line 63: | ||
<input type="submit" name="submit" value="Submit"> | <input type="submit" name="submit" value="Submit"> | ||
</form> | </form> | ||
+ | </syntaxhighlight> | ||
This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the <nowiki>*</nowiki>). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values: | This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the <nowiki>*</nowiki>). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values: | ||
+ | <syntaxhighlight lang=php> | ||
<?php | <?php | ||
$nameErr = ""; | $nameErr = ""; | ||
Line 71: | Line 73: | ||
if (empty($_POST["name"])) { | if (empty($_POST["name"])) { | ||
$nameErr = "Name is required"; | $nameErr = "Name is required"; | ||
− | + | } | |
− | |||
− | |||
− | + | if (empty($_POST["email"])) { | |
$emailErr = "Email is required"; | $emailErr = "Email is required"; | ||
− | + | } | |
− | |||
− | |||
?> | ?> | ||
<form method="post"> | <form method="post"> | ||
Line 90: | Line 88: | ||
<input type="submit" name="submit" value="Submit"> | <input type="submit" name="submit" value="Submit"> | ||
</form> | </form> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | ==Validation== | ||
+ | PHP doesn't contain any easy / simple built in validation functions, however you can write your own. The example below will be used: | ||
+ | |||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | $nameErr = ""; | ||
+ | $emailErr = ""; | ||
+ | |||
+ | ?> | ||
+ | <form method="post"> | ||
+ | Username: <input type="text" name="username"> | ||
+ | <span class="error">* <?php echo $usernameErr;?></span> | ||
+ | <br><br> | ||
+ | Quantity: | ||
+ | <input type="text" name="quantity"> | ||
+ | <span class="error">* <?php echo $quantityErr;?></span> | ||
+ | <input type="submit" name="submit" value="Submit"> | ||
+ | </form> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | A previous section has shown you how to check if something was entered, so I will test the length of the name inputted. I will create a function to do this: | ||
+ | |||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | function test_username($data) { | ||
+ | $test = false; | ||
+ | if(strlen($data)<=8) | ||
+ | { | ||
+ | $test = true; | ||
+ | } | ||
+ | return $test; | ||
+ | } | ||
+ | ?> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | This function takes the data and checks that the length is less than or equal to 8. This will prevent any usernames of more than 8 characters when used with the form input: | ||
+ | |||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | $nameErr = ""; | ||
+ | $emailErr = ""; | ||
+ | if(test_username($data)) | ||
+ | { | ||
+ | echo "data okay"; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "data invalid"; | ||
+ | } | ||
+ | ?> | ||
+ | <form method="post"> | ||
+ | Username: <input type="text" name="username"> | ||
+ | <span class="error">* <?php echo $usernameErr;?></span> | ||
+ | <br><br> | ||
+ | Quantity: | ||
+ | <input type="text" name="quantity"> | ||
+ | <span class="error">* <?php echo $quantityErr;?></span> | ||
+ | <input type="submit" name="submit" value="Submit"> | ||
+ | </form> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | For quantity i can obviously check the number entered is within a range, you could even check the stock in your database and test the quantity against the quantity available: | ||
+ | |||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | function test_quantity($data) { | ||
+ | $test = false; | ||
+ | if($data>0 && $data<=8) | ||
+ | { | ||
+ | $test = true; | ||
+ | } | ||
+ | return $test; | ||
+ | } | ||
+ | ?> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | This functions takes the data past to it and checks if it is greater than 0 and less than or equal to 8. It can be used as in the code below: | ||
+ | |||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | $nameErr = ""; | ||
+ | $emailErr = ""; | ||
+ | if(test_username($data)) | ||
+ | { | ||
+ | echo "username okay"; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "username invalid"; | ||
+ | } | ||
+ | |||
+ | if(test_quantity($data)) | ||
+ | { | ||
+ | echo "quantity okay"; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "quantity invalid"; | ||
+ | } | ||
+ | ?> | ||
+ | <form method="post"> | ||
+ | Username: <input type="text" name="username"> | ||
+ | <span class="error">* <?php echo $usernameErr;?></span> | ||
+ | <br><br> | ||
+ | Quantity: | ||
+ | <input type="text" name="quantity"> | ||
+ | <span class="error">* <?php echo $quantityErr;?></span> | ||
+ | <input type="submit" name="submit" value="Submit"> | ||
+ | </form> | ||
+ | </syntaxhighlight> |
Latest revision as of 13:03, 20 December 2017
Testing form inputs
Imagine the example below, it contains a form with two text input boxes. If this form is used correctly then very little can go wrong. However some users will try to add code into these boxes so when we echo the input the code might run:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
<form action="" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
We could create a function which will take the data inputted, clean it and remove any dangerous code, and then return it back:
<?php
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Now we can change the example to:
<html>
<body>
Welcome <?php echo test_input($_POST["name"]); ?><br>
Your email address is: <?php echo test_input($_POST["email"]); ?>
<form action="" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
Required Fields
Imagine the form below:
<?php
$nameErr = "";
$emailErr = "";
?>
<form method="post">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail:
<input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>
This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the *). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values:
<?php
$nameErr = "";
$emailErr = "";
if (empty($_POST["name"])) {
$nameErr = "Name is required";
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
}
?>
<form method="post">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail:
<input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>
Validation
PHP doesn't contain any easy / simple built in validation functions, however you can write your own. The example below will be used:
<?php
$nameErr = "";
$emailErr = "";
?>
<form method="post">
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Quantity:
<input type="text" name="quantity">
<span class="error">* <?php echo $quantityErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>
A previous section has shown you how to check if something was entered, so I will test the length of the name inputted. I will create a function to do this:
<?php
function test_username($data) {
$test = false;
if(strlen($data)<=8)
{
$test = true;
}
return $test;
}
?>
This function takes the data and checks that the length is less than or equal to 8. This will prevent any usernames of more than 8 characters when used with the form input:
<?php
$nameErr = "";
$emailErr = "";
if(test_username($data))
{
echo "data okay";
}
else
{
echo "data invalid";
}
?>
<form method="post">
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Quantity:
<input type="text" name="quantity">
<span class="error">* <?php echo $quantityErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>
For quantity i can obviously check the number entered is within a range, you could even check the stock in your database and test the quantity against the quantity available:
<?php
function test_quantity($data) {
$test = false;
if($data>0 && $data<=8)
{
$test = true;
}
return $test;
}
?>
This functions takes the data past to it and checks if it is greater than 0 and less than or equal to 8. It can be used as in the code below:
<?php
$nameErr = "";
$emailErr = "";
if(test_username($data))
{
echo "username okay";
}
else
{
echo "username invalid";
}
if(test_quantity($data))
{
echo "quantity okay";
}
else
{
echo "quantity invalid";
}
?>
<form method="post">
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Quantity:
<input type="text" name="quantity">
<span class="error">* <?php echo $quantityErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>