Why is my validation from files index.php to login.php not working?

Question

What I'm trying to do is make sure the user inputs a quantity before clicking submit. The problem is that, the user can continue to the log in screen without any numerical input in the quantity box. I've tried pasting validation codes, but it still takes my user to the login.php screen. Any help will be greatly appreciated!

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
    </head>
    <body>

        <form action='login.php' method='post'> 

        <?php


//The following arrays contain my products and their information, one product per array.

$hulkhamburger = array('Food' => 'Hulk Hamburger', 'Description' => '...', 'Price' => '$1.00', 'Quantity' => '<input type="text" name="quantity">');
$atomichotdog = array('Food' => 'Atomic Hot Dog', 'Description' => '...', 'Price' => '$2.00', 'Quantity' => '<input type="text" name="quantity">');
$friedchicken = array('Food' => 'Fantastic 4 Fried Chicken', 'Description' => '...', 'Price' => '$3.00', 'Quantity' => '<input type="text" name="quantity">');
$psyonicpizza = array('Food' => 'Psyonic Pizza', 'Description' => '...', 'Price' => '$4.00', 'Quantity' => '<input type="text" name="quantity">');
$marvelmeatloaf = array('Food' => 'Marvel Meatloaf', 'Description' => '...', 'Price' => '$5.00', 'Quantity' => '<input type="text" name="quantity">');

//The following array takes my previous five arrays and puts them into one array for easier coding and reading.

$allfood = array ($hulkhamburger, $atomichotdog, $friedchicken, $psyonicpizza, $marvelmeatloaf);

/*The following code centers my table on the page, makes the table background white,
 makes the table 50% of the browser window, gives it a border of 1 px,
 gives a padding of 2 px between the cell border and content, and gives 1 px of spacing between cells.
 */

echo "<table align=center bgcolor='FFFFFF' width=50% border=1 cellpadding=1
cellspacing=2>";

/*The following code prints my table header.
 * Credit goes to Dr. Kazman; code is from Lecture 10.
 * I used his code because it was easier (and a more efficient way) than doing it all manually like I did for Mini Asst. 2.
 */

echo "<tr>";
$header = array_keys($hulkhamburger);
foreach ($header as $key => $myheader)
{
    echo "<th>$myheader</th>";  
}
echo "</tr>";

//The following code loops through the whole table body and then prints each row.
for($i=0; $i<count($allfood); $i++)
    {
    echo "<tr>";
    foreach ($allfood[$i] as $key => $value)
        {
        echo ("<td align=center>$value</td>");
        }
    }        
//This code ends my table.
echo "</align>";
echo "<br>";   
        ?>
 <tr>
 <td>
 <td>
 <td>
 <td>
 <center><input type='submit' value='submit'></center>   
        </form>
    </body>
</html>

And this is my login.php

<?php//made the user login menu into a nice table that will center the username and password in the middle of the page.?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">

    <tr>
<form name="login" method="post" action="invoice.php">
    <td>

<table width="100%" border="0" cellpadding="3" cellspacing="1">
    <tr>


    <td colspan="3"><strong>User Login </strong></td>
    </tr>
    <tr>
    <td width="78">Username</td>
    <td width="6">:</td>    
    <td width="294"><input name="myusername" type="text" id="myusername"></td>
    </tr>
    <tr>
    <td>Password</td>
    <td>:</td>
    <td><input name="mypassword" type="text" id="mypassword"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type='submit' name='login' value='Login'>

<?php
 /*This code will allow a new user to go to the registration page and register for the site
 * before buying anything.
 */
?>
<a href="registration.php"><br>New user registration</a>
    </td>
    </tr>
    </table>
    </td>
</form>
    </tr>
</table>

Answer 1

You move your user by

header("Location: http://www.google.de");

The page you specify in your form has to do the validation. Either you send the user to the login.php directly and this sends him back if the validation fails or your index.php does the validation and sends the user to the login.php once the validation is successful or you create a third script that send the user to one of the two pages.

Use Javascript in case you want to check the values before you pass them to your server.

Use a framework (for example YII) if you don't want to code the JS yourself.

Answer 2

I don't see any validation code in your first page, which is really where you should be validating - before the user can even proceed to the next page. Here is a good/simple example.

If all you want is to prevent people from click the button based on the value of the input element, you could do something like this:

<script>
function validateQuantity() {
    var x = document.getElementById('quantity');
    var y = document.getElementById('submitBtn');
    if(isNumber(x.value)){
        y.disabled = false;
    }else{
        y.disabled = true;
    }
}
function isNumber(n) {
    return !isNaN(parseFloat(n)) && isFinite(n);
}

That will toggle the submit button's disabled attribute. I admit, this is not the best answer. You should really have form validation on the form page and fire off the JS validation code by having something like this: onsubmit="return(validate());" in your form element.

Then you can validate the results again on the page that receives the $_POST data to protect against any kind of injections and stuff like that.