I want to validate a form to make sure a user writes in a name and last name.
If a user writes in only his last name, the form should show again with an error message beside the last name field, but the name value should still be there.
I don't know how to do this, hehe. I'm just a newbie PHP programmer.
Here's what I have so far:
<html>
<head>
</head>
<body>
<form action="formprueba.php" method="get">
<dl>
<dt>Last Name:</dt>
<dd><input type="text" value="" name="name" />
<?php if((isset($_GET['name'])) && ($_GET['name'] == "")){
echo "Please write a correct name.";
}
?>
</dd>
<dt>Last Name:</dt>
<dd><input type="text" value="" name="lastname" />
<?php if((isset($_GET['lastname'])) && ($_GET['lastname'] == "")){
echo "Please write a correct last name.";
}
?>
</dd>
<br />
<dt>
<input type="submit" value="enviar" />
</dt>
<input type="hidden" name="enviado" value="j"/>
</dl>
</form>
</body>
Also, I'm sure this validation is horrible, if you have a couple of minutes, I'd be really grad if someone can show me a more efficient way to validate (without using third party addons).
Thanks SO.
Place the variable you need into the "value" field of your input-tag like this:
<input type="text" value="<?php echo htmlspecialchars($_GET['lastname']); ?>" name="lastname" />
AND it's important to quote at a minimum the HTML characters someone might put in (by htmlspecialchars).
If a user writes in only his last
name, the form should show again with
an error message beside the last name
field, but the name value should still
be there.
Just get their value from $_GET (the form method you are using)
<input type="text" value="" name="lastname" value="<?php echo $_GET['lastname'];?>" />
and so on....
You must also use htmlspecialchars function for security reasons.
More Information Here.
If you are doing something like
<input type="text" value="" name="lastname" value="<?php echo $_GET['lastname'];?>" />
never never ever forget to check/escape the value you display using e.g. htmlentities().
Otherwise you are open to completely trivial javascript injection attacks!
just a small note i had to learn the hard way: displaying an error message and urging the user pressing the back-button (or doing the same using javascript) does not in general preserve values in the input fields.
This seems to be completely browser-specific, e.g. for me it worked on Safari, but not on Firefox...
Its good to do validations on the server side. Your approach seems to be right. You can just maintain a flag which will tell you at the end of the page weather or not the validation was successful.
Example
$flag=ture;
<?php if((isset($_GET['lastname'])) && ($_GET['lastname'] == "")){
echo "Please write a correct last name.";
$flag="false";
}
?>
then at the bottom of the page
if($flag==true)
echo "form submit";
About persistence of value one of the person has correctly mention adding value to your input tag
value="<?php echo $_GET['lastname'];?>"
Hope this helps.
You could use client side javascript - you save a trip to the server this way.
The downside though : you can really only do basic checking as the user cannot be trusted (for security measures of course ). You can at least "flag" the invalid patterns before making an expensive trip to the server.
Add this to your form where you first declare it:
<form onsubmit="event.preventDefault(); validateMyForm();">
I think, Javascript is the best answer if you can rely on Javascript. But client side script can be over-ridden. So validate your input on the server later.
