0

Thank you for taking the time to read this....

My task is to validate a php form and process it in a new page "process-comp.php" I can validate it ok in JS and I can validate it OK in PHP. The problem: If it validates incorrectly it prompts the errors. if it validates correctly it does not go anywhere and do not process the form

I need to know how to redirect the form and its values to "process-comp.php" once the form is completed and validated.

If there are error I do not want the user to enter the info again in the blank fields just to correct the incorrect fields.

And how do i protect against XSS (Cross Site Scripting) attacks,

Please find code below:

    <?PHP
   require_once ("formvalidator.php");

   $show_form=true;
   if(isset($_POST['Submit']))
   {// We need to validate only after the form is submitted
   //   
   // The first argument is the name of the input field in the form. 
   // The second argument is the validation descriptor that tells the type of the validation required. 
   // The third argument 
   // is the error message to be displayed if the validation fails. 
   //

   //Setup Server side Validations
       //Please note that the element name is case sensitive 
       $validator = new FormValidator();
       $validator->addValidation("FIRSTNAME_FIELD","req","Please enter first name");
       $validator->addValidation("LASTNAME_FIELD","req","Please neter your surname");    
       $validator->addValidation("EMAIL_FIELD","email","Enter a valid email value");
       $validator->addValidation("EMAIL_FIELD","req","Please enter an Email");
       $validator->addValidation("STORE_NAME_FIELD","req","Please select a store");


       //Then validate the form
       if($validator->ValidateForm())
       {
    // 
   // How do i make it to process the form it is correctly to "process-page.php"
    //
       }
       else
       {
           echo "<B>Validation Errors:</B>";

           $error_hash = $validator->GetErrors();
           foreach($error_hash as $inpname => $inp_err)
           {
             echo "<p>$inpname : $inp_err</p>\n";
           }
       }
   }

   if(true == $show_form)
   {
   ?> 





   <form class="" name="emvForm" id="emvForm"  action="" method="POST" style="" >

        <table width="380" border="0" cellspacing="10" cellpadding="" style="">
     <tr>
       <td class="form-comp"><label for="FIRSTNAME_FIELD" style="">First name*</label></td>
       <td><input type="text"  class="required nameaa " id="FIRSTNAME_FIELD" name="FIRSTNAME_FIELD" value="" size="25" maxlength="64" style=""></td>
     </tr>
     <tr>
       <td class="form-comp"><label for="LASTNAME_FIELD">Surname* </label></td>
       <td><input type="text" class="required nameaa" id="LASTNAME_FIELD" name="LASTNAME_FIELD" value="" size="25" maxlength="64" style=""></td>
     </tr>
     <tr>
       <td class="form-comp"><label for="EMAIL_FIELD">Email*</label></td>
       <td><input type="text" id="EMAIL_FIELD" class="required email" name="EMAIL_FIELD" value="" size="25" maxlength="64" style=""></td>
     </tr>
     <tr>
       <td class="form-comp"><label for="STORE_NAME_FIELD">Select shop*</label></td>
       <td><select id="STORE_NAME_FIELD" name="STORE_NAME_FIELD" class="required" style="">
         <option selected disabled="disabled" value="">Select shop</option>
         <option value="Aberdeen |T: 0123456789 | 345 Lorem High St EFG 456">Aberdeen </option>
         <option value="Acton | T: 0123456789 | 123 Ipsum High St ABD 123">Acton </option>
         <option value="Aldgate">Aldgate </option>
         <option value="Ashford">Ashford </option>
         <option value="Aylesbury">Aylesbury </option>
         <option value="Baker Street">Baker Street </option>

       </select></td>
     </tr>
     <tr>
       <td> <label for="STORE_NAME_FIELD"> </label>
       </td>
       <td>
        <input type='submit' name='Submit' value='Submit form' style=" cursor:pointer;">
       </td>
     </tr>
   </table>
         <input type="hidden" id="SOURCE_FIELD" name="SOURCE_FIELD" value="St-Petes">
         <input type="hidden" id="PROMO_FIELD" name="PROMO_FIELD" value="<?php echo($Promo); ?>">
         <input type="hidden" id="PROMO2_FIELD" name="PROMO2_FIELD" value="<?php echo($Promo2); ?>">





   </form>

   <?PHP
   }//true == $show_form
   ?>



   </table>
devnull69
  • 16,402
  • 8
  • 50
  • 61
user1514899
  • 35
  • 1
  • 7
  • define a action of form for submit handler like
    if none or defined blank it be same page
     – Rakesh Sharma Jan 15 '13 at 11:18
  • Set the form action to process-comp.php and do all of your validation checks on that page. If they fail set the header location back to the form page to display the errors. – Ian Brindley Jan 15 '13 at 11:24

2 Answers2

2

Depending on what your process-page looks like, this should be the easiest way.

if($validator->ValidateForm())
 {
    include("process-page.php");   
 }

But I recommend to copy the relevant part of the file "into" the current file, because like this, anyone (who has the knowledge) can POST directly to the processing-site and bypass validation.

dognose
  • 20,360
  • 9
  • 61
  • 107
1

I will sugeest yo to do it with ajax.

Send form data to your proccess-page.php and return true if it valid or return error message if it is not valid.

This will give you information how to prevent XSS : How to prevent XSS with HTML/PHP?

Community
  • 1
  • 1
Farid Movsumov
  • 12,350
  • 8
  • 71
  • 97
  • Thank you, unfortunatelly I do not use ajax, I only know PHP. in regards of your XSS article very useful. thank oyu for answering that one... – user1514899 Jan 15 '13 at 13:22