Difference between revisions of "PHP more forms"
(→Testing form inputs) |
|||
| Line 44: | Line 44: | ||
</html> | </html> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | ==Required Fields== | ||
| + | |||
| + | Imagine the form below: | ||
| + | <syntaxhighlight lang=php> | ||
| + | <?php | ||
| + | $nameErr = ""; | ||
| + | $emailErr = ""; | ||
| + | ?> | ||
| + | |||
| + | <form method="post"> | ||
| + | Name: <input type="text" name="name"> | ||
| + | <span class="error">* <?php echo $nameErr;?></span> | ||
| + | <br><br> | ||
| + | E-mail: | ||
| + | <input type="text" name="email"> | ||
| + | <span class="error">* <?php echo $emailErr;?></span> | ||
| + | <input type="submit" name="submit" value="Submit"> | ||
| + | </form> | ||
| + | |||
| + | This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the <nowiki>*</nowiki>). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values: | ||
| + | |||
| + | <?php | ||
| + | $nameErr = ""; | ||
| + | $emailErr = ""; | ||
| + | if (empty($_POST["name"])) { | ||
| + | $nameErr = "Name is required"; | ||
| + | } else { | ||
| + | $name = test_input($_POST["name"]); | ||
| + | } | ||
| + | |||
| + | if (empty($_POST["email"])) { | ||
| + | $emailErr = "Email is required"; | ||
| + | } else { | ||
| + | $email = test_input($_POST["email"]); | ||
| + | } | ||
| + | ?> | ||
| + | <form method="post"> | ||
| + | Name: <input type="text" name="name"> | ||
| + | <span class="error">* <?php echo $nameErr;?></span> | ||
| + | <br><br> | ||
| + | E-mail: | ||
| + | <input type="text" name="email"> | ||
| + | <span class="error">* <?php echo $emailErr;?></span> | ||
| + | <input type="submit" name="submit" value="Submit"> | ||
| + | </form> | ||
Revision as of 11:40, 20 December 2017
Testing form inputs
Imagine the example below, it contains a form with two text input boxes. If this form is used correctly then very little can go wrong. However some users will try to add code into these boxes so when we echo the input the code might run:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
<form action="" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
We could create a function which will take the data inputted, clean it and remove any dangerous code, and then return it back:
<?php
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Now we can change the example to:
<html>
<body>
Welcome <?php echo test_input($_POST["name"]); ?><br>
Your email address is: <?php echo test_input($_POST["email"]); ?>
<form action="" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
Required Fields
Imagine the form below: <syntaxhighlight lang=php> <?php
$nameErr = ""; $emailErr = "";
?>
<form method="post">
Name: <input type="text" name="name">
* <?php echo $nameErr;?>
E-mail:
<input type="text" name="email">
* <?php echo $emailErr;?>
<input type="submit" name="submit" value="Submit">
</form>
This contains two span tags to display error messages, when the form loads the error messages will be empty (accept the *). Therefore they wont be visible, however we can set an error message to appear if we haven't set these values:
<?php
$nameErr = "";
$emailErr = "";
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
?>
<form method="post">
Name: <input type="text" name="name">
* <?php echo $nameErr;?>
E-mail:
<input type="text" name="email">
* <?php echo $emailErr;?>
<input type="submit" name="submit" value="Submit">
</form>
