Introduction
Server Side form validation with PHP is time consuming, yet a powerful tool to validate the form content before making any solid use of it.
This articles can guide you to validate the form data making use of SESSIONS, CLASSES & FUNCTIONS.
Workflow
The main file, "index.php" contains the form that is supposed to be filled in by the user.
The form on this page submits the data to another page "process.php" where the form data is validated by putting it through several conditions complying with the business logic.
After validation, the server is redirected to the page "index.php" again.
index.php:
<?php
session_start();
include("form.php");
?>
<html>
<?php
if($form->num_errors > 0) echo $form->num_errors." Errors found in the form.<br>";
else if(isset($_SESSION['message']))
{
echo $_SESSION['message']."<br>";
unset($_SESSION['message']);
}
else echo "<br>";
?>
<form action='process.php' method='post'>
<table>
<tr>
<td>Username</td>
<td><input type='text' name='user' value='<?php echo $form->value("user"); ?>'></td>
<td><?php echo $form->error("user"); ?></td>
</tr>
<tr>
<td>Password</td>
<td><input type='password' name='pass' value='<?php echo $form->value("pass"); ?>'></td>
<td><?php echo $form->error("pass"); ?></td>
</tr>
<tr>
<td>Email</td>
<td><input type='text' name='email' value='<?php echo $form->value("email"); ?>'></td>
<td><?php echo $form->error("email"); ?></td>
</tr>
<tr>
<td>Contact</td>
<td><input type='text' name='cont' value='<?php echo $form->value("cont"); ?>'></td>
<td><?php echo $form->error("cont"); ?></td>
</tr>
</table>
<input type='submit' value='Submit'>
<input type='hidden' name='form1' value='1'>
</form>
</html>
process.php:
<?php
include("form.php");
class Process
{
function Process()
{
session_start();
if(isset($_POST['form1'])) $this->validateForm1();
}
function validateForm1()
{
global $form;
$user = $_POST['user'];
$pass = $_POST['pass'];
$email= $_POST['email'];
$cont = $_POST['cont'];
if(!$user || strlen($user = trim($user)) == 0) $form->setError("user", "Username not entered");
if($pass)
{
if(strlen($user = trim($pass)) < 6) $form->setError("pass", "Password too short");
}
else $form->setError("pass", "Password not entered");
if(!$email || strlen($email = trim($email)) == 0) $form->setError("email", "Email not entered");
if($cont)
{
if(!is_numeric($cont)) $form->setError("cont", "Invalid Contact No");
else if(strlen($cont = trim($cont)) != 10) $form->setError("cont", "Contact No should be of 10 digits");
}
else $form->setError("cont", "Contact No. not entered");
if($form->num_errors > 0)
{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
}
else
{
$_SESSION['message'] = "No errors in the form, good to go!";
}
header("Location: index.php");
}
}
$process = new Process;
Description
Two object arrays are created, one to store the field names of the form and the corresponding values submitted by the user.
Another array serves the purpose of storing the field names and the corresponding validation messages to be displayed.
During the process of validation, the fields not complying with the standards are stored in the array "errors" along with the message to be displayed.
All the values submitted by the user are stored in the array "values".
After the validation, two SESSION arrays, namely "value_array" and "error_array" are used to contain the previous arrays "values" and "errors". These SESSION arrays are helpful in retrieving the form and validation data on "index.php" again.
form.php:
<?php
class Form
{
var $values = array();
var $errors = array();
var $num_errors;
function Form()
{
if(isset($_SESSION['value_array']) && isset($_SESSION['error_array']))
{
$this->values = $_SESSION['value_array'];
$this->errors = $_SESSION['error_array'];
$this->num_errors = count($this->errors);
unset($_SESSION['value_array']);
unset($_SESSION['error_array']);
}
else $this->num_errors = 0;
}
function setValue($field, $value)
{
$this->values[$field] = $value;
}
function setError($field, $errmsg)
{
$this->errors[$field] = $errmsg;
$this->num_errors = count($this->errors);
}
function value($field)
{
if(array_key_exists($field,$this->values)) return htmlspecialchars(stripslashes($this->values[$field]));
else return "";
}
function error($field)
{
if(array_key_exists($field,$this->errors)) return "<font color=\"#ff0000\">".$this->errors[$field]."</font>";
else return "";
}
function getErrorArray()
{
return $this->errors;
}
};
$form = new Form;
?>
Functions used to validate, store and retrieve the form data
Function "setValue" inserts a field name and the corresponding value submitted by the user to the array "values" on "process.php".
Function "setError" inserts a field name and the corresponding error messages to the array "errors" on "process.php".
Function "value" returns the value submitted by the user corresponding to the field name passed as the argument.
Function "error" returns the error message corresponding to the field name passed as the argument.
Variable "num_errors" maintains a count of the number of errors found in the form.
Kindly revert with the suggested betterment for this process.