PHP portion, where variables are initialized and set to empty. As well as the post methods and isset functions
The functions seem to be right, no errors when running the code. However, nothing is processed when the user submits everything. This is just a small portion of the code.
<?php
//define variables and set them to empty values
$fname_error= $phone_error= $address1_error= $address2_error= $city_error= $state_error= $zipcode_error= "";
$fname= $phone= $address1= $address2= $city= $state= $zipcode= "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fname_error = "Missing";
}
else {
$fname = test_input($_POST["fname"]);
//now we check to see that the name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fname_error = "Please use letters and white space only";
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
The Html portion:
<div class="userinput">
<label for="fname"><b>First Name</b></label>
<input type="text" name="fname" value="<?php
echo $fname ?>">
<span class="error">
<?php echo $fname_error;?></span>
</div>
Close the conditional REQUEST_METHOD.
Your code should look like this:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
//define variables and set them to empty values
$fname_error = $phone_error = $address1_error = $address2_error = $city_error = $state_error = $zipcode_error = "";
$fname = $phone = $address1 = $address2 = $city = $state = $zipcode = "";
//flag to validate and allow SQL insert if true
$valid=true;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fname_error = "Missing";
$valid=false;
} else {
$fname = test_input($_POST["fname"]);
//now we check to see that the name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
$valid=false;
$fname_error = "Please use letters and white space only";
}
}
}
//filter your input for security reason
function test_input($data) {
$data1 = trim($data);
$data2 = stripslashes($data1);
$data3 = htmlspecialchars($data2);
return $data3;
}
if($valid){
//Add you insert SQL
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<label for="fname"><b>First Name</b></label>
<input type="text" name="fname" value="<?php echo $fname ?>">
<span class="error">
<?php echo $fname_error; ?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
//For testing porpuses:
echo "<h2>Your Input:</h2>";
echo $fname;
?>
</body>
Reference: https://www.w3schools.com/php/php_form_complete.asp
Form validation
Related
I want to pass a variable from another page to a page that has a validation form
Page1.php is the page contains the variable I want to pass. Let's say page2.php?var=$var
Page2.php is the page that has a validation form I want to store this variable from page1.php.
Let's say $var = $_REQUEST['var'];
The form of page2.php kind like this:
<?php
// define variables and set to empty values
$nameErr = $emailErr = "";
$name = $email = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z-' ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z-' ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
?>
</body>
</html>
When I pass the variable from page1.php to page2.php, first time is ok.
But as long as I hit "submit", the passed variable will be lost.
How could I keep this variable after multiple times of "submit"? so I can insert this variable along with the form to database
to validate the data in different files you just need to require the folder that accepts the form contents to the validation file
I am attempting to display the results without the form being shown at the same time. So, initially when they go to the URL they see the form, and after they fill out the form and the form validation and required fields and URL is valid. Here is what I started with.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$TXTlinknameErr = $TXTurlErr = "";
$TXTlinkname = $TXTurl = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["TXTlinkname"])) {
$TXTlinknameErr = "Name is required";
} else {
$TXTlinkname = test_input($_POST["TXTlinkname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$TXTlinkname)) {
$TXTlinknameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["TXTurl"])) {
$TXTurl = "";
} else {
$TXTurl = test_input($_POST["TXTurl"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$TXTurl)) {
$TXTurlErr = "Invalid URL";
}
}
if (empty($_POST["TXTurl"])) {
$TXTurlErr = "URL is required";
} else {
$TXTurl = test_input($_POST["TXTurl"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Create HTML Link</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="TXTlinkname" value="<?php echo $TXTlinkname;?>">
<span class="error">* <?php echo $TXTlinknameErr;?></span>
<br><br>
URL: <input type="text" name="TXTurl" value="<?php echo $TXTurl;?>">
<span class="error"><?php echo $TXTurlErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your HTML Code:</h2>";
echo "<br>";
echo '<textarea name="htmlcode" rows="10" cols="60">' . $TXTlinkname . '</textarea>';
?>
</body>
</html>
Here is what I have tried.
I've tried adding else statements after body and before results. I'd like the results not to show until after form submitted.
Here's what I have so far...
I tried to add the below after the body
<?php
//If form not submitted, display form.
if (!isset($_POST['submit'])||(($_POST['name']) == "")){
?>
Then I added:
<?php
} else {
//Retrieve show string from form submission.
Just after
// define variables and set to empty values
Finally added:
<?php
} ?>
Before /body
Here is what I tried.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
//If form not submitted, display form.
if (!isset($_POST['submit'])||(($_POST['TXTlinkname'] && $_POST['TXTurl']) == "")){
?>
<?php
// define variables and set to empty values
$TXTlinknameErr = $TXTurlErr = "";
$TXTlinkname = $TXTurl = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["TXTlinkname"])) {
$TXTlinknameErr = "Name is required";
} else {
$TXTlinkname = HTML_input($_POST["TXTlinkname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$TXTlinkname)) {
$TXTlinknameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["TXTurl"])) {
$TXTurl = "";
} else {
$TXTurl = HTML_input($_POST["TXTurl"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$TXTurl)) {
$TXTurlErr = "Invalid URL";
}
}
if (empty($_POST["TXTurl"])) {
$TXTurlErr = "URL is required";
} else {
$TXTurl = HTML_input($_POST["TXTurl"]);
}
}
function HTML_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Create HTML Link</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="TXTlinkname" value="<?php echo $TXTlinkname;?>">
<span class="error">* <?php echo $TXTlinknameErr;?></span>
<br><br>
URL: <input type="text" name="TXTurl" value="<?php echo $TXTurl;?>">
<span class="error"><?php echo $TXTurlErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
} else {
echo "<h2>Your HTML Code:</h2>";
echo "<br>";
echo '<textarea name="htmlcode" rows="10" cols="60">' . $TXTlinkname . '</textarea>';
?>
<button onclick="location = location.href">Go Back</button>
<?php
} ?>
</body>
</html>
So, initially when they go to the URL they see the form, and after they fill out the form and the form validation and required fields and URL is valid.
The big issue I see with your code is the if statement. The variables are not defined unless form hasn't been submitted. What I've changed is moved the function to be defined globally along with the variable names, and inverted the if statement. PHP Tags, you don't need them everywhere. One wrapper is good enough.
I'm not sure about what your result is, but for what you asked, I shall provide.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
function HTML_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$TXTlinkname = $TXTurl = "";
$TXTlinknameErr = $TXTurlErr = "";
//If form not submitted, display form.
if (isset($_POST['submit'])){
if (empty($_POST['TXTurl'])) {
$TXTurlErr = "URL is required";
} else {
$TXTurl = HTML_input($_POST['TXTurl']);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$TXTurl)) {
$TXTurlErr = "Invalid URL";
}
}
if (empty($_POST['TXTname'])) {
$TXTlinknameErr = "Name is required";
} else {
$TXTlinkname = HTML_input($_POST['TXTname']);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$TXTlinkname)) {
$TXTlinknameErr = "Only letters and white space allowed";
}
}
}
if (empty($TXTurlErr) && empty($TXTlinknameErr) && isset($_POST['submit'])) {
echo "<h2>Your HTML Code:</h2>";
echo "<br>";
echo '<textarea name="htmlcode" rows="10" cols="60">' . $TXTlinkname . '</textarea>';
echo '<button onclick="location = location.href">Go Back</button>';
} else {
echo '<h2>Create HTML Link</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="'.htmlspecialchars($_SERVER["PHP_SELF"]).'">
Name: <input type="text" name="TXTname" value="'.$TXTlinkname.'">
<span class="error">* '. $TXTlinknameErr .'</span>
<br><br>
URL: <input type="text" name="TXTurl" value="'.$TXTurl.'">
<span class="error">'.$TXTurlErr.'</span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>';
}
?>
</body>
</html>
Tested locally on XAMPP
You have to have a variable that tells you if you're going to show the textarea or not...
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$TXTlinknameErr = $TXTurlErr = "";
$TXTlinkname = $TXTurl = "";
$show_textarea = false; //DEFAULT
if (isset($_POST['submit'])) { //The form is sent...
$show_textarea = true; //Then this is DEFAULT!!
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["TXTlinkname"])) {
$show_textarea = false; //DON'T SHOW TEXTAREA
$TXTlinknameErr = "Name is required";
} else {
$TXTlinkname = test_input($_POST["TXTlinkname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$TXTlinkname)) {
$show_textarea = false; //DON'T SHOW TEXTAREA
$TXTlinknameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["TXTurl"])) {
$show_textarea = false; //DON'T SHOW TEXTAREA
$TXTurl = "";
} else {
$TXTurl = test_input($_POST["TXTurl"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$TXTurl)) {
$show_textarea = false; //DON'T SHOW TEXTAREA
$TXTurlErr = "Invalid URL";
}
}
if (empty($_POST["TXTurl"])) {
$show_textarea = false; //DON'T SHOW TEXTAREA
$TXTurlErr = "URL is required";
} else {
$TXTurl = test_input($_POST["TXTurl"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($show_textarea === false) {
?>
<h2>Create HTML Link</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="TXTlinkname" value="<?php echo $TXTlinkname;?>">
<span class="error">* <?php echo $TXTlinknameErr;?></span>
<br><br>
URL: <input type="text" name="TXTurl" value="<?php echo $TXTurl;?>">
<span class="error"><?php echo $TXTurlErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
}
if (isset($_POST['submit'])) { //The form is sent...
if ($show_textarea === true ) { //...AND the form has valid values
echo "<h2>Your HTML Code:</h2>";
echo "<br>";
echo '<textarea name="htmlcode" rows="10" cols="60">
' . $TXTlinkname . '
</textarea>';
}
}
?>
</body>
</html>
try this one:
if (!$_POST) || $_POST['TXTlinkname'] == "" && $_POST['TXTurl']) == "")){
I am currently making a simple login page. I am using preg_match to check if a username contains only letters and whitespace. If it helps, I am basing it off w3schools example: https://www.w3schools.com/php/php_form_url_email.asp
PHP
<?php
$username = $password = "";
$usernameErr = $passwordErr = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["username"])) {
$usernameErr = "A Username Is Required!";
} elseif (!preg_match("/^[a-zA-Z ]*$/",$username) === 0) {
$usernameErr = "Letters and White Space Only!";
} else {
$username = input(isset($_POST["username"]));
}
if (empty($_POST["password"])) {
$passwordErr = "A Password Is Required!";
}
else {
$password = input(isset($_POST["password"]));
}
}
function input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
}
?>
HTML
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Password: <input type="text" name="password">
<span class="error">* <?php echo $passwordErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
The value of $username is not changed between
$username = $password = "";
and
} elseif (!preg_match("/^[a-zA-Z ]*$/",$username) === 0) {
I think you meant to write
} elseif (!preg_match("/^[a-zA-Z ]*$/",$_POST['username']) === 0) {
Further, attempting to do an explicit integer type match on the return value for preg_match() is a bit silly. Particuarly if you perform a boolean negate on the value. This would be better:
} elseif (!preg_match("/^[a-zA-Z ]+$/",trim($_POST['username']))) {
Then just when we though it couldn't get any worse...
$username = input(isset($_POST["username"]));
Are you aware of what isset() does? It returns a boolean which you are processing with your input function. But since your function doesn't return a value you are setting $username to null.
Consider
$username = input($_POST["username"]);
...
function input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
There's a lot more wrong with the code, but that is enough clues.
I would strongly recommend that you when experimenting with code you put
error_reporting(E_ALL | E_STRICT);
at the top of your code and clean out all the warnings PHP will tell you about (the "| E_STRICT" is redundant if your PHP install is up to date).
hi guys i need your help Im new in this field
i have created a form and i want to validate it using php then after validation
i want to insert it in my database but the validation didnt work please help me :(
<?php
$fname = "";
$fnameErr = "";
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (empty($_POST['firstname'])) {
$fnameErr = "Firsname required";
}else{
$fname = test_input($_POST["firstname"]);
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fnameErr = "Only letters and white space allowed";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
mysql_connect('localhost','root','G0cl');
mysql_select_db('db') or die ('Unable to connect to database');
$insert_query = "INSERT into tbl values('$fname')" ;
$record_insert = mysql_query($insert_query);
?>
<?php
include "process.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>practice</title>
</head>
<body>
<h2>Absolute classes registration</h2>
<form method = "post" action = "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]) ?>">
<input type = "text" name = "firstname" placeholder=" Firsname ">
<span class = "error">* <?php echo $fnameErr;?></span>
<input type = "submit" name = "submit" value = "Submit">
</form>
</body>
</html>
Your code reads:
If POST:
Do validation.
Do database insert.
Display form (with errors/feedback).
In other words it doesn't matter if validation fails or not.
You want logic along the lines of:
If POST
Do validation
If no validation errors:
Do database insert.
If insert success:
Redirect.
Display form (with errors/feedback).
Example here:
<?php
$errors = [];
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$firstname = isset($_POST['firstname']) ? trim($_POST['firstname']) : null;
if (empty($firstname)) {
$errors['firstname'] = "Firstname required.";
}
elseif (!preg_match("/^[a-zA-Z ]*$/", $firstname)) {
$errors['firstname'] = "Only letters and white space allowed.";
}
// etc.
if(! count($errors)) {
echo 'Passed validation, do database insert and then redirect here.';
}
}
$show_error = function($key) use ($errors) {
if(isset($errors[$key])) {
return '<span class = "error">*' . $errors[$key] . '</span>';
}
};
?>
<!DOCTYPE html>
<html>
<head>
<title>Form</title>
</head>
<body>
<h2>Absolute beginners</h2>
<form method = "POST" action = "">
<input type = "text" name = "firstname" placeholder="e.g. Joe.">
<?= $show_error('firstname'); ?>
<input type = "submit" name = "submit" value = "Submit">
</form>
</body>
</html>
try this one
<?php
$fname = "";
$fnameErr = "";
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (empty($_POST['firstname'])) {
$fnameErr = "Firsname required";
}else{
$fname = test_input($_POST["firstname"]);
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fnameErr = "Only letters and white space allowed";
}
else{
mysql_connect('localhost','root','G0cl');
mysql_select_db('db') or die ('Unable to connect to database');
$insert_query = "INSERT into tbl values('$fname')" ;
$record_insert = mysql_query($insert_query);
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<?php
include "process.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>practice</title>
</head>
<body>
<h2>Absolute classes registration</h2>
<form method = "post" action = "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]) ?>">
<input type = "text" name = "firstname" placeholder=" Firsname ">
<span class = "error">* <?php echo $fnameErr;?></span>
<input type = "submit" name = "submit" value = "Submit">
</form>
</body>
</html>
You need to include your insert query code after the preg_match. If preg_match false then then the firstname can be inserted to database table.
I'm just starting off with PHP and I've been trying to validate an HTML form and then POST the form's data onto another page, for some reason this doesn't seem to want to work. The issue is that when submit is clicked the page simply refreshes if there are no errors. Here are snippets of the code:
<?php
$nameErr = $surnameErr = " ";
$name = $surname = " ";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$valid = 0;
if (empty($_POST["name"])) {
$nameErr = "Name is required";
$valid++;
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["surname"])) {
$surnameErr = "Surname is required";
$valid++;
} else {
$surname = test_input($_POST["surname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$surname)) {
$surnameErr = "Only letters and white space allowed";
}
}
if($valid == 0){
header('LOCATION: page2.php');
exit();
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
And here is the HTML
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<div class="label1">
<label>First Name</label>
<input type="text" name="name" id="name" placeholder="John" value="<?php echo $name;?>" onblur="validateName('name')">
<label>Surname</label>
<input type="text" name="surname" id="surname" placeholder="Smith" value="<?php echo $surname;?>" onblur="validateSurname('surname')"> <br />
<input type="submit" name="submit" value="Submit">
</div>
</form>
page2.php
<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your surname is: <?php echo $_POST["surname"]; ?>
</body>
</html>
When you do your header('LOCATION: page2.php'); you will loose all your posted data, that will not be available in page2.php.
There are several solutions to that, for example:
use include instead of a header redirect;
store the posted data in a session or a database so that it is available in other pages.
I don't see any reason why you could not use an include here, is there a specific reason you want to redirect?
Try this
**main page**
<form method="post" action="page2.php">
<div class="label1">
<label>First Name</label>
<input type="text" name="name" id="name" placeholder="John" onblur="validateName('name')">
<label>Surname</label>
<input type="text" name="surname" id="surname" placeholder="Smith" onblur="validateSurname('surname')"> <br />
<input type="submit" name="submit" value="submit">
</div>
</form>
**page2.php**
<?php
if (isset($_POST['submit'])) {
$valid = 0;
if (empty($_POST["name"])) {
$name = "Name is required";
$valid++;
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$name = "Only letters and white space allowed";
}
else{$name=$_POST["name"];}
}
if (empty($_POST["surname"])) {
$surname = "Surname is required";
$valid++;
} else {
$surname = test_input($_POST["surname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$surname)) {
$surname = "Only letters and white space allowed";
} else{$surname=$_POST["surname"];}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<html>
<body>
Welcome <?=$name?><br>
Your surname is: <?=$surname?>
</body>
</html>