PHP Form with process on another page - But PHP validation doesn't work
Question
I've created a basic HTML form, and want to insert the form data into mysql database using php code. I've created 3 pages, one is index.php, second is process.php and third is config.php. My HTML form code is included in index.php as below:
<form action="process.php" method="POST">
<div>
<label for="name">Name:</label><br />
<input type="text" name="name" id="name"><br />
<span class="error"><?php echo $nameErr; ?></span><br />
</div>
<div>
<label for="email">Email:</label><br />
<input type="text" name="email" id="email"><br />
<span class="error"><?php echo $emailErr; ?></span><br />
</div>
<div>
<label for="message">Message:</label><br />
<textarea name="message" id="message" cols="22" rows="10"></textarea>
</div>
<br />
<input type="submit" name="submit" value="Submit">
</form>
my PHP code for form validation and inserting data into database is included in process.php. and my code for connecting to database is included in config.php. The problem is that, when I correctly fill the form fields, It works perfectly, form is submitted, and insert data into database. But when I wrongly fill the form fields, instead of showing me the validation messages below the each field and stopping me on the index.php page until I fill all the fields correctly, It redirects me to blank process.php page.
I want, when I fill the wrong field, It should show me an alert message below the field, and should stop me on index.php page until I fill all the fields correctly.
Thanks,
2 answers
solution1
0 2020-09-01 07:48:17
What you do now is:
- load
index.php - include
process.php - there is no
$_POSTdata, so it skips the checking and displays the form
Then you post the form to process.php :
- load
process.php - check
$_POST - if data is ok: echo succes message, or fail on error inserting
- if data not ok: you reach the end of the script and do nothing, resulting in a blank page
What you should do is point the form to index.php
- load
index.php - include
process.phponly if there is$_POSTdata - check
$_POST - if ok: echo message and DIE
- if not ok: set errors
- display the form (again, including the errors)
So index.php should look like:
<?php
$name = $email = $message = "";
$nameErr = $emailErr = "";
//If there is $_POST data, do the check
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// load process.php only if needed
require_once "process.php";
//... do the testing
if (empty($nameErr) && empty($emailErr)) {
// load config.php only if needed
require_once "config.php";
//... insert into db
if ($stmt -> execute()) {
//SHOW a SUCCESS message and STOP
echo ...;
die;
}
else {
//show a FAIL message and STOP
echo ...;
die;
}
}
}
?>
//At this point, there is either no POST data (first time load), or you checked the data and there are errors. So you DISPLAY THE FORM (again), including errors.
<form action="index.php" method="POST">
....
</form>
solution2
-1 2020-09-01 07:40:01
I assume your form is in index.php . First of all, you should make a form and check if there's anything stored in session as error message or not to show errors:
<?php
// index.php
session_start();
$emailErr = isset($_SESSION['error_email']) ? $_SESSION['error_email'] : '';
$messageErr = isset($_SESSION['error_message']) ? $_SESSION['error_message'] : '';
$nameErr = isset($_SESSION['error_name']) ? $_SESSION['error_name'] : '';
?>
<form action="process.php" method="POST">
<div>
<label for="name">Name:</label><br />
<input type="text" name="name" id="name" value="<?php echo $name; ?>"><br />
<span class="error"><?php echo $nameErr; ?></span><br />
</div>
<div>
<label for="email">Email:</label><br />
<input type="text" name="email" id="email" value="<?php echo $email; ?>"><br />
<span class="error"><?php echo $emailErr; ?></span><br />
</div>
<div>
<label for="message">Message:</label><br />
<textarea name="message" id="message" cols="22" rows="10"><?php echo $message; ?></textarea>
<span class="error"><?php echo $messageErr; ?></span><br />
</div>
<br />
<input type="submit" name="submit" value="Submit">
</form>
Now you should process your form in process.php and set desired session errors for non-validated fields:
// process.php
session_start();
unset($_SESSION['error_email'], $_SESSION['error_message'], $_SESSION['error_name']);
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$valid = true;
$input_name = test_input($_POST['name']);
if (empty($input_name)) {
$_SESSION['error_name'] = "Please enter a name!";
$valid = false;
} elseif (!preg_match("/^[a-zA-Z ]*$/", $input_name)) {
$_SESSION['error_name'] = "Only letters and white spaces are allowed!";
$valid = false;
} else {
$name = $input_name;
}
$input_email = test_input($_POST['email']);
if (empty($input_email)) {
$_SESSION['error_email'] = "Please enter an email address!";
$valid = false;
} elseif (!filter_var($input_email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['error_email'] = "Invalid email address!";
$valid = false;
} else {
$email = $input_email;
}
$input_message = test_input($_POST['message']);
if (empty($input_message)) {
$_SESSION['error_message'] = "Please enter your message!";
$valid = false;
} else {
$message = $input_message;
}
if ($valid) {
$sql = "INSERT INTO users (name, email, message) VALUES (?, ?, ?)";
if ($stmt = $conn -> prepare($sql)) {
$stmt -> bind_param("sss", $param_name, $param_email, $param_message);
$param_name = $name;
$param_email = $email;
$param_message = $message;
if ($stmt -> execute()) {
echo "<p style='color:green'>Thank you for submitting the form! We'll get back to you soon.</p>";
echo "<a href='index.php'>Go back</a>";
} else {
echo "<p style='color:red'>Something went wrong! Please try again later.</p>";
}
}
$stmt -> close();
$conn -> close();
} else {
$conn -> close();
header('Location: index.php');
exit('<meta httpd-equiv="Refresh" content="0;url=index.php"/>');
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.