php - process and validate form - correct process

Question

In PHP I want to use a script held in a separate file to process a form and validate it. If there are errors I want the form to display the errors and original values for the user to change. At the moment the validation script is on the same page as the form and all works ok. However I would like this away from the form and send the form variables to the script using the 'action' in the form. If I do this though, how can I then go back to the form with error messages and original values — do I simply use $_POST in the script and a header location? or is there a better method. If the form validates okay I'll then go to a separate page (using a header).

Can anyone help me understand the process/logic I should be trying to achieve and the function s to past variables between the pages ($_GET?)

Related: http://stackoverflow.com/questions/10827242/understanding-post-redirect-get — Jürgen Thelen, Sep 15 '12 at 09:22

score 0 · Answer 1 · answered Sep 15 '12 at 07:09

0

If you want to track variables across multiple pages, it might be feasible to investigate sessions. You can assign variables from $_GET or $_POST to the session, and they will be accessible across pages.

answered Sep 15 '12 at 07:09

Brett

5,690
6
36
63

kazinix · Answer 2 · 2012-09-15T07:37:16.533

I think what you are looking for is a framework called Model-View-Controller (MVC). In your case, your form is the "view" and script to process data is "controller" then the controller has the option what to show to the user (view) which is your form with error message or some other page with success message. But MVC is a bit more complex than that. If you want to study MVC, read some articles and choose MVC framework to use like CakePHP, CodeIgniter, Zend framework et cetera.

If you are studying basics of PHP, you might not want to start using a framework, in that case, you can do something like this (login sample):

login.php

<?php
    $error = "";
    $username = "";
    $password = "";

    //POST method used. The user is trying to login
    if(isset($_POST))
    {
        $username = $_POST["username"];
        $password = $_POST["password"];

        //process login here
        //check database
        if($success == true)
        {
            header( 'Location: home.php' ) ;
        }
        else
        {
            include "login-view.php";
            $error = "Either username or password is incorrect.";
        }
    }
    else //GET method used. The user visits the login page
    {
        include "login-view.php";
    }
?>

login-view.php

<p><?php echo $error; ?></p>
<form method="post" action="login.php">
     <input type="text" name="username" value="<?php echo $username ?>" />
     <input type="password" name="password" />
     <input type="submit" value="send" />        
</form>

The code above goes like this:

1) The user visit the login page. login.php will detect that the method used is GET -- cliocking a link, opening a bookmark or typing URL to address bar. login.php then will include login-view which contains the form.

2) The user type his username and password and click submit button. login.php will detect that the request is POST, then validate username and password, provide error message if necessary. If valid, then redirect to home page, if not, include login-view.php (form), this time with error message and previously typed username.

php - process and validate form - correct process

2 Answers2