1

I have a basic PHP form page that contains quite a large amount of data that will be saved into about 4-5 different tables in MySql once it is all done. Since constructing this save routine will take a bit of PHP I'm looking to have the POST action to not point at PHP_SELF and instead a separate PHP file for processing.

Where all general data such as phone numbers, email, zip codes, etc. will be validated prior to the submit is passed to the processor script, if an error is returned by the processor...

What is the best practice way to point back to the original form page (HTTP_REFERER) while maintaining data input?

Form page:

<form action="processor.php" action="post">
<!-- lots of fields -->
<input type="submit" id="submitButton" name="Save" value="Save" />
</form>

Processor page:

<?php
     if ( isset($_POST['date']) && ($_SERVER['HTTP_REFERER'] == "form.php") )
     {
          $errors = false;

          //attempt to put data in database

          if ( $errors )
          {
               //Pass back to the form.php page with error message and all data intact
          }
     }
?>
Jeff
  • 1,742
  • 5
  • 24
  • 39

3 Answers3

1

I have come across this problem before, how we solved this was to put all the fields into a session, then redirect back to form.php using header("Location: form.php");

When the data was posted to the form, we stored the $_REQUEST into a $_SESSION['post']; if the validation failed, we sent it back to the form, populated the fields and unset the session.

So for example

$_SESSION['post']['field_a'] = $_REQUEST['field_a'];
$_SESSION['post']['field_b'] = $_REQUEST['field_b'];

With some fancy naming conventions you can just loop this to make it easy.

Then on the Form page, we just checked to see if there was some data, or just echo the data regardless.

$str_field_a = @$_SESSION['post']['field_a'];
...
<input name="field_a" value="<?php echo $str_field_a; ?>" />
...
unset($_SESSION['post']);

This is probably a messy way of doing this, but it has proven effective for our purposes. Just thought I'd share.

Dave
  • 862
  • 10
  • 20
  • I've heard of this from others but was wondering if this was considered a best practice or not. It is dirty but it does get the job done... effectiveness is the key here though. – Jeff Mar 04 '11 at 04:54
  • 1
    There were a number of reasons why we chose this way instead. Having the java script to force redirection with the submit would allow a user to hit the back button and possibly cause some errors. The GET method was not very optimal as we had more than 60 fields of data. The only other way that was available was to hold it in a temporary session. I agree, it is a messy way, but there has not been any issues with this thus far. It's really down to personal opinion and the options you are faced with. – Dave Mar 04 '11 at 05:00
  • Thanks for the reasoning on javascript - I hadn't considered that to be the reason for using that instead of a submit button. – Jeff Mar 04 '11 at 05:02
0

I think you can do that using an array of error.

  1. Set error flag false (if error occurs then set it true and so not store in database).

  2. Check element 1, if error then store it in array $error['name'] = 'value'

  3. Similarly check all elements, and store using same procedure.

  4. In the end if error flag is set to false do not store in database and (if on the same page, you will be able to access the array on form where you want to display error message. )

    if(isset($error['elementname'])) echo $error['elementname'];

below the page.

However, the best approach is to use an Object Oriented approach.

[UPDATE]

  1. storing php objects on html form element and passing php objects through GET method?

  2. how to send redirect page pass variables as post variables from a php script

Also I guess, storing the whole object in SESSION would not be a bad approach

Community
  • 1
  • 1
S L
  • 14,262
  • 17
  • 77
  • 116
  • My question isn't so much on how to collect errors into an array or StdObject of some sort but how to gracefully pass the data back to the HTTP_REFERER page to allow the user to correct mistakes and resubmit without having to re-enter data. – Jeff Mar 04 '11 at 04:42
  • @Jeff you know you can pass data through `GET`, `POST`, and `SESSION`. I guess `GET` will be the elegant one (but quite unsecure). and `POST` will be the easy one (if on same page). and `SESSION` would be the worst one – S L Mar 04 '11 at 04:47
  • Right - it would be stored in POST more than likely - but how to deal with the logic of sending the page control back to the form.php page from the processor? Do you simply take the POST that is received and add a new item on it of $_POST['error'] and submit it back to the form.php page to be resubmitted? If so - do you have a quick example? – Jeff Mar 04 '11 at 05:00
  • @Jeff so you are using two different pages (one for submitting and another for processing), as far as I know, you cannot redirect page with post (though you can get the content and display or parse it), I think the best would be to pass using get method. To pass object you can check out above updated link – S L Mar 04 '11 at 05:06
0

I would send a post back to form.php containing errors and values. I use the same method in my personal project.

if ( $errors ) {
    ?><form action="form.php" method="post" name="error">
    <input type="hidden" name="errcode" value="<?php echo $errorcodes; /*or whatever message*/ ?>" />
    <input type="hidden" name="anotherdata" value="anothervalue" />
    <?php /*you can add all post datas here as hidden field*/  ?>
    </form>
    <script type="text/javascript">document.error.submit();</script><?php
}

And this is similar to my form.php

//first I set default blank variables for form
$formvalue="";
$formnumericvalue="";
//i set them, yay!

//if I get values from post.php, I update the values
if (isset($_POST['iserror'])) { //you can either echo a error message or update current data here, I'm showing this for both
    $formvalue=$_POST['formvalue'];//don't forget to validate these!
    $formnumericvalue=$_POST['formnumericvalue']; //don't forget to validate these!
}
//I also do this method for edit forms

//and finally I show the form
?>
<form name="form" method="post" action="post.php">
    <input type="text" name="formvalue" value="<?php echo $formvalue; ?>" />
</form>
Arda
  • 6,756
  • 3
  • 47
  • 67
  • I guess I don't follow. Is the top code snippet from your form page or form_processor? If from your form page then it is referenced the same as PHP_SELF which I'm trying to stay away from giving the nature of the script. If from your form_processor why would you reinsert a new form object that points back to the original form with hidden fields? – Jeff Mar 04 '11 at 04:57
  • Top code is in processor.php. If you catch an error you can send the values back to form.php like the code I've written. That is to submit datas back to the form.php (or to a different page) for a person to correct and resubmit (it simply sends the submitted data back to form.php). I inserted it because you set the form action into a different page. if both of they are in same page you won't be needing to make a
    . Either you set only one data including error message or send all form datas so the submitter can only finds his/hers errors and fixes them.
     – Arda Mar 04 '11 at 05:02