Form submission preview with form validation (PHP)

Question

This is going to sound like a dumb question, so I apologize upfront.

I have a PHP form, with its action posting to itself, so that I can do some validation to make sure text boxes, a few checkboxes and a couple radio buttons are selected. After I confirm there are no form errors, I need to let the user preview what they've entered before letting them submit the information to a database.

For previewing form submission details, logically page1.php would have <form action="page2.php"> and page2.php would allow the user to preview what they've submitted.

But for form validation, logically, the form should submit to itself so that it can validate all required fields are entered while on the same page.

So, is there a way that I can direct the user to a "next page" after the form has validated by submitting to itself, so that they can preview the information?

Note: I am rewriting a classic ASP form, which does this:

if errorMsg = "" then
  response.redirect "verify.asp"
else
  session("errorMsg") = errorMsg
  response.redirect "default.asp"
end if

I assume in the case of PHP, the "else" portion of a similar conditional would be unnecessary since it already posts to itself, it's only when the error message array is empty that it should redirect to the verify page.

score 1 · Accepted Answer · answered Jul 29 '16 at 17:51

1

You can use header to perform a redirect:

if(empty($errorMsg)) {
  header("Location: verify.php");
  exit;
}

answered Jul 29 '16 at 17:51

Mark H.

549
6
16

Actually, on further inspection, this won't work. PHP documentation says that the header function has to be used **before** any output is sent. I'm fairly certain my code occurs after the `````` is opened, which will cause an error. – Tiffany Jul 29 '16 at 19:49
But this does give me an idea of where I need to look. I found out that there's no php redirect alternative and that the recommended direction is using javascript and meta tags, meta tags will account for if javascript is disabled. – Tiffany Jul 29 '16 at 20:00
@Tiffany There shouldn't be a reason why the form processing can't be done before outputting any html. More generally, having a page post to itself in this manner may lead to other issues (e.g. if a user backs onto the page using the browser's back button, the browser will prompt the user to repost/resend the form). Outside of using an established framework posting to a separate file to handle the form and perform the redirects would be a better option. – Mark H. Jul 29 '16 at 20:10
How would you recommend doing form validation on a different page, then? I'm not opposed to posting to verify.php, but only if I'm able to validate the form on the same page before going to verify.php. I don't want to use javascript to validate the form, in case javascript is disabled. – Tiffany Jul 29 '16 at 20:20
It could also be a question of: is the flow of my logic correct? Because I have to include a config.php file and then have several function and variable definitions before I even start the form validation. One of my function calls opens the `````` tag and prepares the rest of the HTML page. I suppose I could move that function call after I do all of the form validation, and that would leave less interference to use a header function call. – Tiffany Jul 29 '16 at 20:24
@Tiffany default.php contains the form, plus code to fill the form with any data and validation errors from the session. default.php posts to process.php, which validates the input and loads it into the session. If there is an error, process.php redirects back to default.php, otherwise it redirects to verify.php. It is a matter of flow, which may be different from what you're used to in asp. – Mark H. Jul 29 '16 at 20:26
is it possible to use ```header('Location: ' . fqdn . '/verify/');``` without having the index.php within the function? There will be an index.php file within the /verify/ directory, but that won't work if the header function doesn't allow it. Google is showing how it can be changed using .htaccess, but I'm not on an Apache box, I'd have to figure out an IIS solution, which isn't a problem, but it'd save me time if I didn't have to. – Tiffany Jul 29 '16 at 21:02
@Tiffany Any url that you load in a browser can be used in the Location header; the header() function is literally sending a header to the browser telling it to go to that url. – Mark H. Jul 29 '16 at 21:07
After posting my comment, I figured out how I could test it myself and it worked as I wanted, so I'll do it this way. For now, I'm going to omit a processor but I'll look at adding that as an in-between when I'm closer to completion. This is one of those "need this done yesterday" projects. :/ A final question: If I need to access the $_POST array on the verify page, I'll need to set the values to session variables, right? My concern using session vars is some of the data is sensitive, and I'd feel guilty if the session was hijacked. – Tiffany Jul 29 '16 at 21:15
@Tiffany $_POST is only filled on the page the form is posted to. If you need the data to persist to another page, you need to load it into a session or save it to a database or some other datastore. In the case of a quick-and-dirty solution I can see why you'd want to opt for a single page solution. In this case you could have the verify page on the same page as the form, and selectively show the form or the verify section based on whether or not the form was posted and validated. – Mark H. Jul 29 '16 at 21:20
If I'm not able to use the $_POST data on the next page, I can just stick it into the database and then recall it on the next page. Once the data is validated, I can define a PDO connection and stuff it all into a table. On the next page I can spit it all out again with another PDO connection on the verify page. – Tiffany Jul 29 '16 at 21:47
And in the end, I had to rewrite my form to include a processor. I encountered a fatal flaw in my logic that I have no other way to resolve except adding a processor. Funny how that happens. – Tiffany Aug 03 '16 at 20:30

score 0 · Answer 2 · edited May 23 '17 at 12:08

0

Using Mark Heintz's answer and some googling, I figured out the best way to do it is with a combination of Javascript and a meta tag. The meta tag will account for when javascript is disabled.

Redirect in PHP without use of header method
Redirecting to a relative URL in JavaScript
There is also an AJAX way of doing it: Modify the URL without reloading the page

edited May 23 '17 at 12:08

Community

1
1

answered Jul 29 '16 at 20:05

Tiffany

680
1
15
31

Meta refreshes and javascript redirects are a poor substitute for server-initiated redirects, as the browser has to start receiving/parsing a page before redirecting to the next one. The URL modification referenced doesn't actually navigate you to a different page, if that is your intent. AJAX/XHR form processing is another animal entirely. – Mark H. Jul 29 '16 at 20:15

Form submission preview with form validation (PHP)

2 Answers2