1

all.

I've been thinking about a design decision for a PHP form and I'd like some input from people smarter than I am.

Here are the basics: I have a user input form which lets people register a chapter for a school. I'm doing input validation on the form fields, which lets me a) sanitize the data and b) validate the input. I then intend to send an email to the user who registered (as their email address will be submitted in the form) and write their information into a MySQL database.

Right now, I've got the data validation portion (and the requisite error messages) set up through POST, and the page is posting back to itself for the validation. This seemed logical to me as I could easily retain sanitized user input and display errors (for required fields, datatypes, whatnot). If all required fields are filled and the data is valid, I would like to redirect the user to a thank you page with extra information.

(Sorry I'm so verbose. I need to work on that.)

Thing is, I would like to separate the validation logic and the database write/email logic completely, if possible. My initial idea was to redirect to a thank you page if all fields were valid, but now I'm thinking that the thank you page should actually contain the logic to write to the DB, send an email, and then print the thank you message. This would, however, complicate things and involve passing POST data to another page without using GET. Although I've never had to do anything like this before (I'm fairly new to PHP), this is apparently possible (see here, here, and here) and there are multiple ways to accomplish this.

The question, though - should I even be trying to separate this logic in separate PHP pages? Every programming instinct tells me "hell yes, do it, it's a logical separation of responsibility"....but is this best practice for form handling in PHP? Can anyone with more PHP experience elaborate on the pros and cons of doing something like this, and their experiences? How would you do it?

Community
  • 1
  • 1

2 Answers2

1

What you're referring to (if you don't already know) is the basis of MVC pattern design. In this case, I'd probably go a step further and separate the database and email logic from the Thank You page. You can perform these actions in your Model, and redirect upon success from your Controller to display the correct View.

It can take a while to get used to this concept, so if it is difficult to grasp at first, I'd suggest starting off with a PHP framework that forces MVC file separation, like Codeigniter or CakePHP. This can help you think about where your code belongs.

Check out this document for an excellent primer on MVC patterns in PHP, and read about the pros and cons.

Dave Kiss
  • 10,289
  • 11
  • 53
  • 75
  • Going to have to do quite a bit of reading on this one. Thank you, though. –  Jun 15 '11 at 16:32
0

you don't need to separate pages to separate logic. you can quite easy write functions and actions in other files and then import them. have one db.php and one somthingelse.php and use import to use their functions (or classes, if you (like me) an OOP kinda guy) in your original somthing.php... As I see it, passing sensitive information between pages is problematic, since a clever user can change it himself.

When you use "GET" you need to be ready for your users to mess around with the values without any vicious intent, something can get deleted, or they send a link to a friend, or maybe something else occurred.

anyway, always remember you need to re-validate info every time you send it between pages.

EDIT: I need to clarify, I referred to first validating, and then blindly passing info through GET or POST to database logic...

fingerman
  • 2,440
  • 4
  • 19
  • 24