SakhaliaNetHome PageMilitary HistoryVorKutaAcceptance of cookiesAcceptance of cookies

PHP Tutorial :: Forms (II)

PHP Example #63

Processing forms through functions

The basic form from the example #60 can be more flexible by separating the code that shows the form and the code that process it in separated functions. To increase flexibility even more, we will not use the parameter "my_name" for the logic of the form, but instead a hidden parameter called "_submit_check". This parameter will have only two values: true or false. Apart from separating from the logic of the form any element that could change, using a hidden parameter to check the sending ensures that the form is processed when the user hits the Intro key instead of clicking in the Submit button.

<?php
// Logic for doing what is correct based in the hidden parameter _submit_check
if (! array_key_exists('_submit_check', $_POST)) {
$_POST['_submit_check'] = 0;
}
if ($_POST['_submit_check']) {
process_form();
} else {
show_form();
}
// Do something when the form is sent
function process_form() {
if (array_key_exists('my_name', $_POST)) {
print "Hello, " . $_POST['my_name'];
}
}
// Show the form
function show_form() {
print '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
print 'Your name: <input type="text" name="my_name"/>';
print '<input type="submit" value="Say hello!"/>';
print '<input type="hidden" name="_submit_check" value="1"/>';
print '</form>';
}
?>
Your name:

PHP Example #64

Validating data in forms

Separating in functions the logic of the form benefits the inclusion of a level of data validation, which is an essential part for every web application that accepts data input from a form. Data should be validated after sending the form, but before processing it. This example adds a validating function to the previous example, that will send the input if it has at least 3 characters long.

Note that every form placed in the same document (webpage) needs its functions and variables to be individually named. That is why I had to rename them in this example, adding a 2 after every identifier name that would cause conflict.

<?php
// Logic for doing what is correct based in the hidden parameter _submit_check2
if (array_key_exists('_submit_check2', $_POST)) {
if (validate_form()) {
process_form2();
} else {
show_form2();
}
} else {
show_form2();
}
// Do something when the form is sent
function process_form2() {
print "Hello, " . $_POST['my_name2'];
}
// Show the form
function show_form2() {
print '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
print 'Your name: <input type="text" name="my_name2"/>';
print '<input type="submit" value="Say hello!"/>';
print '<input type="hidden" name="_submit_check2" value="1"/>';
print '</form>';
}
// Check the data of the form
function validate_form() {
// Has "my_name2" at least 3 characters long?
if (strlen($_POST['my_name2']) < 3) {
return false;
} else {
return true;
}
}
?>
Your name:

PHP Example #65

Validating data in forms

The previous example did not show any message if the input was not valid. In this example, we will add such functionality, which is essential in any well-rounded form. Ideally, when someone sends data that is invalid, it should be displayed an error message that explains the error and which format is allowed for input. Some validation techniques use regular expressions, which are powerful patterns used for the coincidence of text, written in a particular language. A proper configuration of validation should be enough to prevent SQL injection attacks from the input of the form.

<?php
// Logic for doing what is correct based in the hidden parameter _submit_check3
if (! array_key_exists('_submit_check3', $_POST)) {
$_POST['_submit_check3'] = 0;
}
if ($_POST['_submit_check3']) {
// If validate_form2() returns errors, pass them to show_form3()
if ($form_errors = validate_form2()) {
show_form3($form_errors);
} else {
process_form3();
}
} else {
show_form3();
}
// Do something when the form is sent
function process_form3() {
print "Hello, " . $_POST['my_name3'];
}
// Show the form
function show_form3($errors = '') {
// If errors were passed, print them
if ($errors) {
print 'Please correct these errors: <ul><li>';
print implode('</li><li>', $errors);
print '</li></ul>';
}
print '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
print 'Your name: <input type="text" name="my_name3"/>';
print '<input type="submit" value="Say hello!"/>';
print '<input type="hidden" name="_submit_check3" value="1"/>';
print '</form>';
}
// Check the data of the form
function validate_form2() {
// Start with an empty array of error messages
$errors = array();
// Add an error message if the name is too short
if (strlen($_POST['my_name3']) < 3) {
$errors[] = 'Your name must be at least 3 letters long';
}
// Return the array (possibly empty) of error messages
return $errors;
}
?>
Your name: