Lab 7: PHP Validation

Validate user input with PHP and regular expressions

Most often, web pages use HTML forms for user input. It is very important to validate user input before storing it in a database or other types of processing

Lab 7 Screen Snapshots

Note: All HTML elements are laid out using the default browser styling. Inline elements are enclosed inside paragraphs <p>

lab7input.php
lab7 input 

lab7validate.php
lab7 validate

 

Code all-in-one-page processing

A better approach to handling PHP user input validation is to do it all-in-one-page: user input, validation, and processing.

The overall logic to implement all-in-one-page processing is

if this page has just called itself with the user input data
   validate the user input data
   
   if the data is valid
      process the data (save in db, etc.)
      go to a confirmation page
     
   else (the input data has problems)
      show the error messages
     
Display the HTML form (re-display any previously entered user input data values so the user does not need to retype everything)

Modify lab7input.php to do all-in-one-page processing: prompt for input, validate, and process the data (minimally)

  1. Copy and paste your function validate_input() into the start of lab7input.php
  2. Change the action attribute of the PHP form to call itself (action="")
  3. Add the if else logic to take all-in-one-page approach to processing (Code given below)
<?php
  // if this page has just called itself with user input data
  //   (i.e. the user pressed the submit button)
  if (isset($_POST['submitButton'])) {

    // validate the user input data
    $error_messages = validate_input();

    // if user input is valid, process the data and go to confirmation page
    if ($error_messages == "") {
       $_SESSION['name'] = $_POST['name']; // simplified processing
       header('Location: thankyou.php');     // go to confirmation page
       exit();
    }
    else {
      echo "<p>$error_messages</p>"; // show the error messages
    }
  }
?>
<!-- Display the HTML form -->

Use Session Variables

The simplified processing of the data above is to save the user's name as a session variable to re-display on the confirmation page: thankyou.php

To use session variables on the lab machines, we need to reset the session save path to C:\wamp\www\labs\sessiondata (as well as creating the subfolder sessiondata)

  1. Add calls to the session_save_path and session_start php functions to the beginning of lab7input.php
<?php
session_save_path ($_SERVER['DOCUMENT_ROOT'] . "/sessiondata/");
session_start();
?>
  1. Create a short thankyou.php page that displays the welcome message: Thank you name, getting name from the SESSION variable set in lab7input.php

Make previously entered user data re-display in form elements

In order to re-show the form with user input still present, use the input element's value attribute set to the contents of the appropriate $_POST variable. For example,

<input id="name" name="name" type="text" value="<?php echo $_POST['name']; ?>" />;