PHP - Form validation of fields and messages in PHP - php

I would like to validate the information before its send it to me. For instance that an email address has an # on it.
I have the following code to introduce: Name, LastName and email. I validated it that they are not empty, but:
How do I send a message to the user to let them know that they need to fill it up? I tried: if ($nameErr == ''){echo "Need to introduce a name"}
but it doens't work
How do I make validation of type: making sure that email address has an # or that a telephone is numeric and has 9 digits?
Thank you so much
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $surnameErr = "";
$name = $email = $surname = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
if (empty($_POST["surname"])) {
$surname = "";
} else {
$surname = test_input($_POST["surname"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
Last Name: <input type="text" name="surname">
<span class="error">*<?php echo $surnameErr;?></span>
<br><br>
E-mail: <input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>


you don't actually need to code all validation yourself. It is more convenient if you use a library like http://respect.github.io/Validation/ this.

Related

How Form handling works in PHP?

I am learning PHP through w3schools. I am little bit confused of the execution flow of the page. I will attach a code example from w3schools.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
if (empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST["website"]);
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="website">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="comment" rows="5" cols="40"></textarea>
<br><br>
Gender:
<input type="radio" name="gender" value="female">Female
<input type="radio" name="gender" value="male">Male
<input type="radio" name="gender" value="other">Other
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
?>
</body>
</html>
Can anyone explain how the execution flow goes on this form handling. Browser can't run the php script. In this example superglobal $_SERVER["PHP_SELF"] used to refer the same html page. when we try to submit the page with empty field it shows the error message in screen. This is happening due to the fact php variable got its error value after submission. I think that after triggering the submit button. This page makes a request to the same page in the server using POST method and in the server we access the same form value using superglobal $_POST["name"],["email"] etc.. and finally the server throws the new html page. Am i right? or this validation is happening entirely in the frontend.

In php the validation is happening entirely in the server ..
The frontend only validate things when JavaScript involved or you add field attributes like required , min , max.
I think w3 is good source to check small code snippets. but it's not good source to learn

php script generating new pw to PlayFab

This is my first php script ever and I have googled a lot to try to get the script to work.
I am working on this tutorial: https://learn.microsoft.com/en-us/gaming/playfab/features/engagement/emails/using-email-templates-to-send-an-account-recovery-email
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$emailErr = $pw1Err = $pw2Err = "";
$email = $pw1 = $pw2 = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["email"]))
{
$emailErr = "Email is required";
}
else
{
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["pw1"]))
{
$pw1Err = "Password is required";
}
if (empty($_POST["pw2"])) {
$pw2Err = "Confirm Password is required";
}
//$str1 = "Hello";
//$str2 = "Hello World";
//echo strcasecmp($pw11, $pw2); // Outputs: -6
//$check = strcasecmp($pw11, $pw2)
$check = strcasecmp($pw1, $pw2); // Outputs: -6
/*
if ($check == 0)
{
<br><br>
echo Passwords are the same!;
<br><br>
}
else
{
<br><br>
echo Passwords are NOT the same!;
<br><br>
}
*/
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Password Recovery</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
New Password: <input type="test_input" name=pw1 valur="<?php echo $pw1;?>">
<span class="error">* <?php echo $pw1Err;?></span>
<br><br>
Confirm Password: <input type="test_input" name=pw2 valur="<? php echo $pw2;?>">
<span class="error">* <?php echo $pw2Err;?></span>
<br><br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<br>";
echo "<h3>Your Input:</h3>";
echo $email;
echo "<br>";
echo $check;
?>
</body>
</html>
What I am trying to accomplish is the callback URL. I first tried to create it in WordPress, which was also a first, and now try with php code.
Here is what I try to accomplish:
A form with the following fields:
email
New pasword (currently a text_input during test but will be real pw)
Confirm password (currently a text_input during test but will be real pw)
Submit button
Currently I am focus on trying to echo the result but I just can't get this to work.
The ultimate target is to send back a confirmation with this API including the new checked password and the token.
https://learn.microsoft.com/en-us/rest/api/playfab/admin/account-management/reset-password?view=playfab-rest
I have been trying for quite a long time now so I reach out for help.

How to send email to user input email address after click a submit button? In php

I'm super new at coding. This is the form page code
<?php
// Start the session
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
$fnameErr = $emailErr = $addressErr = $countryErr = $stateErr = $suburbErr = "";
$fname = $email = $address = $country = $state = $suburb = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fnameErr = "Name is required";
} else {
$fname = test_input($_POST["fname"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
if (empty($_POST["address"])) {
$addressErr = "Address is required";
} else {
$address = test_input($_POST["address"]);
}
if (empty($_POST["country"])) {
$countryErr = "City is required";
} else {
$country = test_input($_POST["country"]);
}
if (empty($_POST["state"])) {
$stateErr = "State is required";
} else {
$state = test_input($_POST["state"]);
}
if (empty($_POST["suburb"])) {
$suburbErr = "State is required";
} else {
$suburb = test_input($_POST["suburb"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2 align="cemter">Check out</h2>
<p><span class="error">* required field</span></p>
Full Name: <input type="name" name="fname">
<span class="error">* <?php echo $fnameErr;?></span>
<br><br>
E-mail: <input type="email" name="email">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Address: <input type="text" name="address">
<span class="error">*<?php echo $addressErr;?></span>
<br><br>
Country: <input type="text" name="country">
<span class="error">*<?php echo $countryErr;?></span>
<br><br>
State: <input type="text" name="state">
<span class="error">*<?php echo $stateErr;?></span>
<br><br>
Suburb: <input type="text" name="suburb">
<span class="error">*<?php echo $suburbErr;?></span>
<br><br>
<form method="post" action="../mailer/index.php">
<input type="submit" name="submit" value="Purchase">
</form>
</body>
</html>
But after I fill up all the information and click submit, the page said cannot connect to SMTP sever host. The strange thing is, I can send email while run the phpmailer index.php alone. The form page php file and the mailer php file is in a different folder but same parent folder, is this the problem?

If one page works and another doesn't, and these are in different folders, then yes, that could be the problem. However, the solution is probably not to just move one of the files (which would probably give you other path related issues), but instead make sure that they both can reach the neccessary configuration (SMTP server host in this case).

Validating email before sending it from validated PHP form

I'm using this code from W3 (http://www.w3schools.com/php/php_form_complete.asp) to make server side validation for given example form.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST["website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $comment;
echo "<br>";
echo $gender;
?>
</body>
</html>
Although server side validation works fine,I can't put mail() function to work ONLY WHEN both $name (treated as subject) and $comment (treated as message) fields are filled.
I've tried many combinations but email is always submitted even when fields are empty.
So my question is: how to make this validated form send email only when $name and $comment fields are filled and validated?

As you are creating $nameErr when the name is invalid and $comment is an empty string when the comment is valid you can use the following conditional:
if (!$nameErr && $comment) {
}
Empty strings are considered FALSE:
http://php.net/manual/en/language.types.boolean.php

You can always use flags.
<?php
....
// let's say there are some flags for validation
if($flag1 && $flag2 && .. $flagN){
// perform email sending here
}
?>
Or you can use the default error message variables; check if they are empty
<?php
if(!empty($nameErr) && !empty($comment)){
// perform email sending
}
?>

Do the validation after you validated $name and $comment:
if($nameErr == "" && $emailErr == "") { // If they are empty, no errors where found
// Do your email validation here
}

w3 schools form tutorial doesnt send email

I am trying to set up a form for my website that is all on 1 php page (contact.php). I have went through the tutorial on w3schools and have gotten the form validation working perfectly. However, it does not send the form information anywhere. I have researched other form articles and tutorials, and although I can get some forms to email, they dont validate, and vice versa. I have tried combining this info, but it does not work.
Can someone please help me to get this code to send the form data to an email address?
Thank you.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $orgErr = $emailErr = $websiteErr = "";
$name = $org = $email = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["org"])) {
$orgErr = "Organization is required";
} else {
$org = test_input($_POST["org"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$org)) {
$orgErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST["website"]);
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name*: <input type="text" name="name" value="<?php echo $name;?>">
<span class="error"><?php echo $nameErr;?></span>
<br><br>
Organization*: <input type="text" name="org" value="<?php echo $org;?>">
<span class="error"><?php echo $orgErr;?></span>
<br><br>
E-mail*: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error"><?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="comment" rows="5" cols="40"><?php echo $comment;?></textarea>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>

Try after your checks to use the following function:
mail();
Reference:
http://www.php.net//manual/en/function.mail.php
http://www.w3schools.com/php/php_mail.asp

Categories