I have a form that the user will submit multiple values to PHP via POST.
The PHP takes the input and if the data entered is valid, it will display a second form for the user to fill out.
After the user has filled out the second form, I need to process the data that was entered in the first form again as well as the data entered in the second form.
What is the best way to access the form data from the first PHP form?
Should I put each value into its own SESSION variable and access it when I need it again later?
I just wasn't sure if this is the best/cleanest way to accomplish this task.
Thanks!
I like the idea of sticking it in the $_SESSION, but depending on your validation needs, it might be better for you to simply use client-side (javascript) validation and some conditional logic to reveal additional form fields. Then you only have one efficient post to the server with all necessary information.
I think it should go without saying, but nevertheless, once it does post to the server you want to re-validate and sanitize the data.
Related
I want to create two different form. In the first form the users can enter the data.
Depending on the data given in the first step, i want to prepare some prefilled data in the second form.
It is possible to do so ?
Sorry for my English.
Thanks
Yes, this is totally possible.
Once the first form has been sent you validate and check the data. If your condition is met you'll store the data within the session and then redirect the user to the second form.
Once the second form has been validated correctly you can use the data from the session and the current forms data to do whatever you want to do.
I have worked on very large form and it’s submitting results to mysql very well. But I want to show confirmation of the entered form data so users can update it if there are any changes required before submitting it to mysql.
What should I use to achieve this? $_POST or $_SESSION? Please let me know your suggestions.
Definitely $_POST is the choice as it will not required to store again in sessions.
Just show the confirmation, if user selects yes, then you can insert them from the $_POST variable which you already have stored.
A combination of both?
When the user submits the form, use $_POST to get the parameters and prolly some validation if you don't let javascript do it for you.
Display those parameters in another page together with the confirm button.
You can keep the input in the $_SESSION for a while and when the user confirms, send it to mysql.
You should use JAVASCRIPT validation for check validation of this form and if all fields having valid values then Submmit form via POST method.Now you will get all your fields in $_POST.
Thanks.
use POST for the non-cookie, non-javascript solution
the confirm page will have the previous form data in hidden field and the data will be submitted again with the Yes button
here is a simple sample using jquery http://jsfiddle.net/robx/QBt5L/. Not formatted for anything, but you can get an idea from it, plus as mentioned, you should also consider JQuery validation for form validating to increase error submissions in required fields.
I wanted to know what is the best way to stop multiple form submissions using PHP, can you please give an example.
On the client side you can simply disable the form button after its clicked. However, this provides a very basic level of security.
Your next step would be to prevent it via PHP. In which case, it is best to have a hidden field within your form which consists of a unique and identifiable token. In order to perform your check, you will have to keep a list of tokens that have been used in the past and check if it has been submitted before.
<?php
//do stuff with the form input
//do not display anything
header('Location: ready.php');
?>
eaysiest and fastest way is to redirect the user to another page so if he relodes after redirection no input will be sent a second time.
You can use $_SESSION to store the users state, i.e. if he already sent the form or not.
I need to validate a form in php and display some error messages in the view if there are validation errors. The problem is that once the form is submitted, sending the user back to the page will clear all the of the completed form fields. Is there a simple way to not lose the unvalidated form data?
The only solution I can come up with is reverse engineering the $_POST variable, but I'd like a more elegant way to do it.
Don't send the user anywhere, but re-render the form right where you are, pre-populating the form with the entered values. That would be the most common method.
The second way would be storing the values in session variables, but that should be the last resort if the project structure doesn't allow for the first approach.
Validate on the client side.
If you must validate on the server side, made an ajax call (so you won't have to refresh the page) to the server with the elements you want to validate. Make the validations you need and return an answer back to the page (is valid or not).
If answer is valid, you can proceed (Note: you may not need to return to the page after the validation, if all the elements you need to proceed are also the ones validated).
If it's not valid, the answer should return the invalid elements (and possibly a error message for each) so that you can display the error messages you want.
If in php code that you use to prepare the form you always set field values to whatever exists in $_POST array, then in validation code you can simply conditionally include that form file and it will render itself with user values. When you render the form the first time (empty form) $_POST will not have elements with field names, and the form will be empty.
Hi I'm a relative newbie.
Have a mail contact form set up with a captcha image generator.
When the captcha is verified, on submitting the form, a php page is actioned which further validates the input data (checking against spam).
Challenge: would like to retain form data in case of error in enterred capthca code and needing to return to form.
If I use a sticky form with the form sticks okay but I cannot see how I then direct http to the php script for form data validation.
So I figure the answer is a javascript function to validate the captcha and stay within the same page where the form appears, ideally just having a pop up message (alert ...) if the enterred code is wrong, before sending the http to the php script page.
I have seen that this can be done but I cannot adapt the code to the captcha I use (i.e. webspamprotect.com) Could any body suggest a generic js function useable with any captcha ?
Would be most grateful for any input.
MANY THANKS
Steve
It doesn't make sense to be able to validate the CAPTCHA with javascript on the client. If you made it possible to validate with Javascript a scammer could use the validation function to test their guesses before they sent them to the server, so they would always be able to get the answer right.
You could implement an AJAX call requesting the server to validate the attempt instead of requiring a full page refresh, but the validation must still be done on the server.
When the captcha is generated the written word is usually stored inside the session or written into a hidden input field, so it can be validated against the user supplied word, when the form is submitted back to the PHP script.
You could pass the session variable holding this to your JavaScript (or read it from the hidden input if present) when rendering the page holding the form and captcha. Then, when the user clicks submit, intercept the call and check if the entered word matches the expected word.
As for retaining the values: just add the values to your HTML form value attribute. Make sure you escape the output in case users supply malicious code.
EDIT: agreeing with everyone who says you still have to validate the input on the server side as well. Client Side validation can easily be tinkered with and is nothing but a convenience feature for users, so they can fix their input before submitting.
simply check the value of "g-recaptcha-response"
if($('#g-recaptcha-response').val()==''){
alert('captcha not ticked');
}else{
alert('captcha ticked');
}