Difference between revisions of "PHP more forms"
(→Required Fields) |
|||
Line 66: | Line 66: | ||
This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the <nowiki>*</nowiki>). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values: | This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the <nowiki>*</nowiki>). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values: | ||
+ | |||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | $nameErr = ""; | ||
+ | $emailErr = ""; | ||
+ | if (empty($_POST["name"])) { | ||
+ | $nameErr = "Name is required"; | ||
+ | } else { | ||
+ | $name = test_input($_POST["name"]); | ||
+ | } | ||
+ | |||
+ | if (empty($_POST["email"])) { | ||
+ | $emailErr = "Email is required"; | ||
+ | } else { | ||
+ | $email = test_input($_POST["email"]); | ||
+ | } | ||
+ | ?> | ||
+ | <form method="post"> | ||
+ | Name: <input type="text" name="name"> | ||
+ | <span class="error">* <?php echo $nameErr;?></span> | ||
+ | <br><br> | ||
+ | E-mail: | ||
+ | <input type="text" name="email"> | ||
+ | <span class="error">* <?php echo $emailErr;?></span> | ||
+ | <input type="submit" name="submit" value="Submit"> | ||
+ | </form> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==Validation== | ||
<syntaxhighlight lang=php> | <syntaxhighlight lang=php> |
Revision as of 12:23, 20 December 2017
Testing form inputs
Imagine the example below, it contains a form with two text input boxes. If this form is used correctly then very little can go wrong. However some users will try to add code into these boxes so when we echo the input the code might run:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
<form action="" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
We could create a function which will take the data inputted, clean it and remove any dangerous code, and then return it back:
<?php
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Now we can change the example to:
<html>
<body>
Welcome <?php echo test_input($_POST["name"]); ?><br>
Your email address is: <?php echo test_input($_POST["email"]); ?>
<form action="" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
Required Fields
Imagine the form below:
<?php
$nameErr = "";
$emailErr = "";
?>
<form method="post">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail:
<input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>
This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the *). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values:
<?php
$nameErr = "";
$emailErr = "";
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
?>
<form method="post">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail:
<input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>
Validation
<?php
$nameErr = "";
$emailErr = "";
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
?>
<form method="post">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail:
<input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<input type="submit" name="submit" value="Submit">
</form>