#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2

    [Q]form validation php report missing fields next to actual field


    Hi:

    i have simple form.

    i use an external javascfipt file to validate required fields. it displays error messages next to appropriate field boxes and works fine if user has java turned on.

    i have an external php file to validate after js .. it has separate error page listing missing fields..and a thank you page that works if form passes validation. all works fine there

    BUT

    i really want the php to report missing fields next to the actual boxes like the js does.. AND keep the php a separate file

    this is my jsbin link showing the html , css and js + preview window and how it works.::

    Code:
     http://jsbin.com/osahah/1/edit
    this is my php file

    Code:
    https://gist.github.com/amkaos/5382868
    i hope i post this in correct board..
    and i appreciate any help here..

    thanx
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    since this is a PHP question, it belongs in the PHP forum. I've requested it to be moved.

    As to your question: Send the form to the same script and do the validations there. You can put all the logic into an external script to be included or in a function, but don't send the data to a completely separate script. This would force you to display the same form under a different URL (which is confusing for the user) or store the data. Both is ugly and unnecessary complicated.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2
    Originally Posted by Jacques1
    Hi,

    since this is a PHP question, it belongs in the PHP forum. I've requested it to be moved.

    As to your question: Send the form to the same script and do the validations there. You can put all the logic into an external script to be included or in a function, but don't send the data to a completely separate script. This would force you to display the same form under a different URL (which is confusing for the user) or store the data. Both is ugly and unnecessary complicated.
    this is now in java.. it needs to go in php or html.. i thought its doable to edit the html
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2
    Originally Posted by Jacques1
    Hi,

    since this is a PHP question, it belongs in the PHP forum. I've requested it to be moved.

    As to your question: Send the form to the same script and do the validations there. You can put all the logic into an external script to be included or in a function, but don't send the data to a completely separate script. This would force you to display the same form under a different URL (which is confusing for the user) or store the data. Both is ugly and unnecessary complicated.
    im not following..
    are you saying that i need a complete do-over?
    could you gimme some more details please? thanx
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2

    Mod inside please


    Hi;
    i posted this in html help since i believed that it is a html / php question... DEFINITELY not javascript question..

    Code:
    http://forums.devshed.com/javascript-development-115/q-form-validation-php-report-missing-fields-next-to-actual-943499.html#post2870699
    it got moved to java script section.. please move to php or appropriate board..

    thanx
  10. #6
  11. CSS & JS/DOM Adept
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2004
    Location
    USA (verifiably)
    Posts
    20,128
    Rep Power
    4304
    Welcome to DevShed Forums, Amkaos.

    Thread moved to PHP forum and merged. It's the weekend, so please be patient while waiting for a moderator.

    You seem to be using the term "Java" incorrectly. Java and JavaScript are two rather different languages. The latter was named after the former but they don't have very much in common. The appropriate abbreviation for JavaScript is "JS".

    are you saying that i need a complete do-over?
    No, I doubt he means that. Your code will need reorganizing/restructuring, but you should be able to reuse a lot of it.
    Spreading knowledge, one newbie at a time.

    Check out my blog. | Learn CSS. | PHP includes | X/HTML Validator | CSS validator | Common CSS Mistakes | Common JS Mistakes

    Remember people spend most of their time on other people's sites (so don't violate web design conventions).
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by Amkaos
    are you saying that i need a complete do-over?
    No, I'm saying that you need to change the overall structure of your scripts.

    With your current setup (a plain HTML file pointing to a PHP script), it's difficult and ugly to get the PHP error messages into the form. It's possible, but I really wouldn't recommend it.

    Instead, make a PHP script which both renders and processes the form. This allows you to simply add the error messages to the form before rendering it.

    PHP Code:
    <?php
        $input_errors 
    = array();        // an associative array holding the error message for each field
        // process input, add messages to $input_errors
    ?>
    ...
    <form action="thisfile.php" method="post">
        ...
        <input type="text" name="email" />
        <!-- if there's an error message for this field, display it: -->
        <span class="error"><?php if ( isset($input_errors['email']) ) echo htmlentities($input_errors['email'], ENT_COMPAT ENT_XHTML'UTF-8'?></span>
        ...
    </form>
    ...
    If you don't like the PHP being on top of the file, you can put it in a separate script and include it. You can also make a validation function that returns an array of error messages. It doesn't matter as long as the form data gets send to the script that generated the form.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2
    Originally Posted by Jacques1
    No, I'm saying that you need to change the overall structure of your scripts.

    With your current setup (a plain HTML file pointing to a PHP script), it's difficult and ugly to get the PHP error messages into the form. It's possible, but I really wouldn't recommend it.

    Instead, make a PHP script which both renders and processes the form. This allows you to simply add the error messages to the form before rendering it.

    PHP Code:
    <?php
        $input_errors 
    = array();        // an associative array holding the error message for each field
        // process input, add messages to $input_errors
    ?>
    ...
    <form action="thisfile.php" method="post">
        ...
        <input type="text" name="email" />
        <!-- if there's an error message for this field, display it: -->
        <span class="error"><?php if ( isset($input_errors['email']) ) echo htmlentities($input_errors['email'], ENT_COMPAT ENT_XHTML'UTF-8'?></span>
        ...
    </form>
    ...
    If you don't like the PHP being on top of the file, you can put it in a separate script and include it. You can also make a validation function that returns an array of error messages. It doesn't matter as long as the form data gets send to the script that generated the form.
    first.. thank you very much for your reply .

    second, i would like to make a separate script and include it as you suggested.. i thought i was doing that, i was wrong.

    but, does that mean that i have two separate php scripts, one for validation and one for processing?

    and how or what sequence would i be able to do that? like where would i insert the processing part since i wouldnt be able to put the processing file in the "action=" part?..

    i exactly do believe when you all say my
    style wont work and i really appreciate the energy / patience you give..

    i am new and pretty easily confused...
    also, i do know that java and js are very different and i shouldnt be typing one for the other apologize for me leading to confusion
    thanx again
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by Amkaos
    but, does that mean that i have two separate php scripts, one for validation and one for processing?
    That's one possibility. You make a script containing all the processing logic (let's call it process_contact_form.inc.php) and include it in the main script (contact_form.php).

    So you have one "public" script (contact_form.php) for displaying the contact form. It's also the target of the form. On top of the contact form script, you include a "private" script (process_contact_form.inc.php) for doing the data processing after the form has been submitted.

    The private script is not necessary. You might as well put everything into the "public" script as shown above. It's merely a way of separating the different aspects and structuring the code. Personally, I don't find it a very good way, because using an external script as a kind of detour for the main script is rather obscure. It's better to use an explicit validation function as explained above. That function many very well be located in a separate script.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2
    Originally Posted by Jacques1
    That's one possibility. You make a script containing all the processing logic (let's call it process_contact_form.inc.php) and include it in the main script (contact_form.php).

    So you have one "public" script (contact_form.php) for displaying the contact form. It's also the target of the form. On top of the contact form script, you include a "private" script (process_contact_form.inc.php) for doing the data processing after the form has been submitted.

    The private script is not necessary. You might as well put everything into the "public" script as shown above. It's merely a way of separating the different aspects and structuring the code. Personally, I don't find it a very good way, because using an external script as a kind of detour for the main script is rather obscure. It's better to use an explicit validation function as explained above. That function many very well be located in a separate script.
    my processing file has all my email info etc.. and things i want to keep private.. thats why i thought it should be on separate external file. maybe i miss something in what you say..
    thanx
  20. #11
  21. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Please don't make a full quote of every reply. The text is right above your post, so no need to repeat everything.

    Putting your data in a separate script doesn't protect it any more than putting it in the main script. The "separate" script isn't really separate anyway, because it gets included into the main script. This means the main script has full access to all variables, constants, functions etc.

    Your email data doesn't leave the script as long as you don't output it or let it leak through error messages. The latter is actually a big risk, because PHP servers are notoriously misconfigured and often dump every error message on the screen.

    So make sure your error configuration is correct. This sticky might be helpful:

    The mystery of errors and exceptions

    And of course you mustn't generate custom error messages with your data in it.

    Also be careful with storing critical data in constants or variables. There's always the risk of losing control over it or using it in the wrong context. Simply put your data in literal strings at the exact line where you need it. Don't store it anywhere.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2
    hi:
    i have not been able to gt through this.
    altho you have probly been very specific, to a new person like myself, it seems very general and i cannot process
    w/o examples..

    thanx for your replies tho.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    30
    Rep Power
    2
    i found tut on youtube explaining all details .. thanx

IMN logo majestic logo threadwatch logo seochat tools logo