I ve read a few question on the site similar to this but couldn't really take anything from them. I have a form that gets submitted, if there are errors, I notify the user of the errors above the form and display the form below that for them to correct it. This is all good and dandy except that they have to re enter all of their information again. I want the information to stay, and them to only have to fix / reenter the field that the mistake was in.
Here is my handling file:
<?php
include_once("Header.php");
if(!empty($_POST['formsubmit'])){require_once ("Form_Handle.php");}
include("Form.php");
include_once("Footer.php");
?>
is there something that i have to do when I include the form.php after I handle it?
I felt the answers provided are somewhat vague and also incorrect in the sense they tell you to set the contents of the fields inside the value attribute based on whether or not values exist for those fields.
Here's why. When you put if statement logic inside the value attribute, it either sets the value attribute to 'YOURVALUE' or '""'. <- That is the problem. The value of the field gets set to empty string when $_POST["field_name"] is empty. If you had form validation and were hoping to throw an 'empty field' error, this would pass your validation logic, which would be completely incorrect (Your form field will appear empty, but there would be an empty string inside it).
Instead, just echo the variable without any checks. If it's not set, nothing will happen. If it is, you will be able to retain the value. For example,
<input type="text" name="email" value="<?php echo $_POST["email"]; ?>" >
Here's another example of code where I forgo the whole above situation and only echo the value attribute if the variables are not empty.
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" <?php if (!empty($_POST['name'])) {echo "value=\"" . $_POST["name"] . "\"";} ?> >
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" <?php if (!empty($_POST['email'])) {echo "value=\"" . $_POST["email"] . "\"";} ?> >
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Website: <input type="text" name="website" <?php if (!empty($_POST['website'])) {echo "value=\"" . $_POST["website"] . "\"";} ?> >
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Comment: <textarea name="comment" <?php if (!empty($_POST['comment'])) {echo "value=\"" . $_POST["comment"] . "\"";} ?> rows="5" cols="40"></textarea>
<br><br>
Gender:
<input type="radio" name="gender" value="female" <?php if ($_POST['gender']=="female") {echo "checked";} ?> >Female
<input type="radio" name="gender" value="male" <?php if ($_POST['gender']=="male") {echo "checked";} ?> >Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
In relation to the actual question that the user asked, you would need to add similar code into your form.php file.
You just need to write some logic in your input field value for keeping entered value. e.g
<input type="text" name="login" value="<?php if(isset($_POST['login'])){ echo $_POST['login'];}?>">
In your Form.php you should check the presence of various $_POST vars which you use and put their contents as value of input fields
In your form assign default values.
For example:
<?php
$answer = (isset($_POST['answer'])) ? $_POST['answer'] : '';
?>
And the form field:
<input type="text" name="answer" value="<?php print $answer;?>"/>
Why not store the posted data in a session variable.
Then when you redirect the user back to the form page, you can check to see if the form values are in the session variable, if so fill in the contents as the value in the input field.
Related
please correct me here.
i have created multi page form where i want to pass data from each pages to final pages and then submit those on email. first one is apply.php, there are many input fields, but i have listed some of those, here when some enters passport number in passport field, i want this to be passed in everypage of the form and print this at couple of places on each page. here getting some issues when passing some of these fields.
this is first page ( apply.php )
<?php
// Start the session
session_start();
?>
<form name="search_form" method="post" onSubmit="return chk();" action="apply2.php">
<input name="passportno" id="passportno" type="text" maxlength="20" placeholder="Enter Passport No." size="43" >
<input name="birthdate" type="date" class="textBoxDashed" size="43" id="birthdate" datepicker="true" datepicker_min="01/01/1900" datepicker_max="21/11/2017" maxlength="10" datepicker_format="DD/MM/YYYY" isdatepicker="true" value="">
<input name="button1" type="submit" value="Continue">
this is apply2.php . here there is some issues, i am not able to find, as you can see below codes, i am able to print date of birth but not able to print passport no ( input from form1 ). Please correct where i am wrong here.
<?php
session_start();
$msg="";
////include("connect.php");
if (isset($_POST['button1']))
{
extract($_POST);
$code=strtolower($_POST['captcha_code']);
$sess=strtolower($_SESSION["code"]);
if ($sess==$code)
{
$appid=time().rand();
$result=mysqli_query($con,"select *from registration where email='$email'");
if (mysqli_fetch_row($result)>0)
{
?>
<script>
alert("This email is already exist");
</script>
<?php
}
else
{
$query="insert into registration values('$appid','$passportno','$birthdate','$email')";
if (mysqli_query($con,$query))
$msg="Data saved Successfully.Please note down the Temporary Application ID $appid";
else
echo "not inserted".mysqli_error($con);
if (!isset($_SESSION["appid"]))
{
$_SESSION["appid"]=$appid;
}
}
}
else
{
?>
<?php
}
}
?>
<form name="OnlineForm" method="post" onsubmit="return OnSubmitForm();" action="apply3.php">
<input name="applid" id="applid" value="<?php echo $_SESSION["appid"];?>">
<input type="hidden" name="birthdate" value="<?php echo $birthdate;?>"><b><?php echo $birthdate;?>
<input name="passportno" type="text" class="textBoxDashed" id="passportno" value="" size="43" maxlength="14" value="<?php echo $passportno;?>">
input name="sc" type="submit" class="btn btn-primary" id="continue" value="Save and Continue" onclick="document.pressed=this.name">
Don't use extract. Also do some checking to see if the data is set. As for not getting the the data try $_POST['passportno'] and if you want to pull the values and put them back into the input boxes simply use <?php echo isset($_POST['passportno'])?$_POST['passportno']:'' ?> to return nothing if it is not defined.
Also you need to do add some protection to your inputs.
You can add protection by using $passportno = mysqli_real_escape_string($con, $passportno);
I'm trying to get user input in a progressive sequence that leads to that input being sent by email. Sending by email is a whole other issue that I haven't tackled yet so not really worried about that.
The part I am having difficulty with is once the user gets to the "Send Email?" (Yes/No) radio buttons, the input from that question is not processed correctly.
I've gotten further with this by using a separate php file as the form action but still get errors related to emailName, emailAddress, and emailMsg not existing ("Notice: Undefined index...").
Furthermore, I still need to be able to use the $_POST[athletes] array further down but I'm guessing it's outside of the variable scope at that point.
So to bring that all together, I'm really asking a few questions:
1) How can I get all of the forms to work together in the same file?
2) When the program actually goes past the "Send Email?" radio buttons when I use a separate php file as the form action, why am I getting undefined index errors?
3) Why do I get an error when I try to use the athletes[] array further down in the code? Should I somehow be passing the array values to that part of the code?
The exact steps the user would take to get to the issue is:
Select 1 or more athlete checkboxes and click the 'Display Selection(s)' button.
Select 'Yes' for "Send Email?" and click the 'Submit' button.
Restarts the code for some reason.
Any help would be greatly appreciated. Also, this is my first post so sorry if I asked the question incorrectly or not according to site etiquette.
I also apologize for the long code fragment but I'm not sure what parts might be causing this to be incorrect.
<b><h1><center>Athelete Selection Screen</center></h1></b>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<p>
<fieldset>
<legend>Athletes Available: </legend>
<input type="checkbox" id="student1"
name="athletes[]" value="Student1 Test">
<label for="student1">Student1 Test</label><br/>
<font color="grey">Football - Running back</font><br/>
<p>
<input type="checkbox" id="student2"
name="athletes[]" value="Student2 Test">
<label for="student1">Student2 Test</label><br/>
<font color="grey">Soccer - Left Forward</font><br/>
</p>
<p>
<input type="checkbox" id="student3"
name="athletes[]" value="Student3 Test">
<label for="student1">Student3 Test</label><br/>
<font color="grey">Baseball - Pitcher/Left Outfield</font><br/>
</p>
</fieldset>
<p>
<?php echo("\t\t\t\t\t"); ?><button type="submit" name="submit" value="submit">Display Selection(s)</button>
</p>
</form>
<fieldset>
<legend>Athletes You Selected: </legend>
<?php
if (!empty($_POST['athletes']))
{
echo "<ul>";
foreach($_POST['athletes'] as $value)
{
echo "<li>$value</li>";
}
echo "</ul>";
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<p>
<fieldset>
<legend>Send Email? </legend>
<input type="radio" id="Yes"
name="radioSendMsg[]" value="Yes">
<label for="student1">Yes</label>
<p>
<input type="radio" id="No"
name="radioSendMsg[]" value="No">
<label for="student1">No</label><br/>
</p>
<button type="submit" name="submitRadio" value="submit">Submit</button>
</p>
</form>
<?php
if (!empty($_POST['radioSendMsg']))
{
foreach($_POST['radioSendMsg'] as $radioMsg)
{
if($radioMsg == "Yes")
{
echo "\tPlease enter information regarding the email to be sent: ";
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<p>
<label for="emailName"> Name: </label><br/>
<input type="text" size="25" id="emailName" name="emailName" />
</p>
<p>
<label for="emailAddress">E-mail Address: </label></br>
<input type="text" size="25" id="emailAddress" name="emailAddress" />
</p>
<p>
<textarea id="emailMsg" name="emailMsg" cols="30" rows="5"></textarea>
</p>
<button type="submit" name="emailSubmit" value="send">Send Message</button>
</form>
<?php
$msg = "Name: ".$_POST['emailName']."\n";
$msg.= "E-Mail: ".$_POST['emailAddress']."\n";
$msg.= "Message: ".$_POST['emailMsg']."\n";
$msg.= "<ul>";
foreach($_POST['athletes'] as $value)
{
$msg.= "<li>$value</li>\n";
}
$msg.= "</ul>";
$emailRecipient = "sjzerbib#gmail.com";
$emailSubject = "Athlete Selection Submission";
$emailHeaders = "From: Sebastien\n"."Reply-To: ".$_POST['emailAddress'];
mail($emailRecipient,$emailSubject,$msg,$emailHeaders);
echo "Message sent: \n".$msg;
}
else
{
?> <p /> <?php
echo "\n\nNo email will be sent for your last athlete selection.";
?>
<br/>Please click here
to return to the Athlete selection screen.
<?php
}
}
}
}
When you submit a form, only those controls contained within that form are included. The exception is successful controls that have the form attribute set to the id value of the form that was submitted.
So, given you had something like:
<form id="form-1" method="post">
<input type="text" name="first-input" />
</form>
<input type="text" name="second-input" />
The only value to be submitted would be that of first-input. If you add the form attribute to second-input:
<input type="text" name="second-input" form="form-1" />
Then the submission of the form would include both values. Unfortunately, the form attribute is not fully supported (IE and Edge have no support).
Of course, your markup is invalid, so that's a moot point. For starters, you cannot nest a form within a form. How a browser responds to markup that violates that rule is up to it's vendor, but in my experience is somewhat unpredictable. You're also using deprecated tags (<font> and <center> are no longer valid) and nesting elements incorrectly (<h1> is a block level element, whereas <b> is inline).
If you're doing a full submit each time (so the page gets submitted to itself and then reloads), then just use some sort of conditional to only render the dependent controls if the preceding form submissions were successful:
<?php
$canDoNextStep = !empty($_POST['input-1']);
?>
<form id="form-1" method="post">
<input type="text" name="first-input" />
<?php if(canDoNextStep): ?>
<input type="text" name="second-input" />
<?php endif; ?>
</form>
Lastly, whitespace is (mostly) ignored when your browser parses and displays your HTML, so you can lose the \t and \n values in your strings, unless you're concerned about how your markup looks if someone chooses to view source when using your form.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I need your help with some form/php code:
2Fields first for name 2nd for fam.name
If the "User" fill both fields its echo what he filled in
If the "User" dont fill any field he get form back with an error message
Same if he just fill only 1 of the 2 fields
My question is if the "User" just fill 1 field and send it (submit) i want that he gets the error message like now but also save his input (the date he filled in the field) so he only has to fill the other field and not both again.
I tried it allready with session_start(); and stuff but failed.
<?php
$errormessage="";
//check if 1 of 2 fields is empty
if(empty($_POST['vorname'])){
$errormessage=$errormessage." First field ,";
}
if(empty($_POST['nachname'])){
$errormessage=$errormessage." Second field ,";
}
//Submit starts
if (isset($_POST['go'])) {
if (!empty($_POST['vorname'])&& !empty($_POST['nachname'])){
echo "First field : ".$_POST["vorname"]." ";
echo " 2nd field: ".$_POST["nachname"];
}//end empty
//ELse if inputs empty
if (!empty($errormessage)) { ?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="vorname" />
<input type="text" name="nachname" />
<input type="submit" name="go" />
<?php echo "error: ".$errormessage; ?>
</form>
<?php } //ende if errormessage
}//ende if isset go
else {//start side ?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="vorname" />
<input type="text" name="nachname" />
<input type="submit" name="go" />
</form>
<?php} //end else?>
If user specified some info only for one field and send it, why don't you paste correct filled data from $_POST var into value attribute of one of yours inputs:
<input type="text" name="vorname" value="<?php echo $correct_data ?>"/>
and show additional error message, like you do?
I mean, you can save old $_POST['vorname'] and $_POST['nachname'] into two extra vars, if one of the $_POST fields is empty, one of this var is empty, then add this vars in value attrubutes of your inputs in html form:
$errormessage = "";
$old_vorname = empty($_POST['vorname']) ? "" : $_POST['vorname'];
$old_nachname = empty($_POST['nachname']) ? "" : $_POST['nachname'];
....
//ELse if inputs empty
if (!empty($errormessage)) { ?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="vorname" value="<?php echo $old_vorname; ?>"/>
<input type="text" name="nachname" value="<?php echo $old_nachname; ?>"/>
<input type="submit" name="go" />
<?php echo "error: ".$errormessage; ?>
</form>
Value attribute of html input element contains it actual content, you can see on webpage or edit.
I am new to php and am not quite clear on what to do to carry my information from the first page to the next and then submit it to my email when they are done filling out contact information.
I need the script to work as follows:
Step1: User clicks the input check-boxes for the field they want that is stored in an array
ex:
< input type="checkbox" name="Sound[]" value="item1" > item1
and clicks a button i have written as
< input type="image" name="Submit" class="" alt="" src="images/contact1.png" border="0" >
Step2: The information from the check-boxes they have clicked needs to be carried over to the next page where they will fill out their contact info. Name email phone etc.
ex:
<tr>
<td valign="top">
<label for="telephone">Telephone Number *</label>
</td>
<td valign="top">
<input type="text" name="telephone" maxlength="30" size="30" style="margin-bottom: 10px;">
</td>
</tr>
Step3. All of this information should be sent to my email upon button press for me to contact them :D
<tr>
<td colspan="2" style="text-align:center;">
<input type="image" name="Contact" class="contactbutton" alt="" src="images/contact.jpg"/>
</td>
</tr>
I can pull the information from my inputs but do not know how to carry to the next page!
Can I do it all in the same php script? or does each page need a different php script?
Please help!
Thanks Paul
you can do it with a form and send it to the page2.php. value will be stored in
$_POST['S'] for the checkbox
<form action="page2.php" method="post">
<input type="checkbox" name="S" value="item1" > item1
<input type="SUBMIT" >
</form>
------------------
page2.php
echo($_POST['S']); // will be item1
$_SESSION array is better. to use it you need to put session_start(); at start of
every page that will use your $_SESSION variable i.e
session_start();
if(isset($_POST['S'])){
$_SESSION['h'] = $_POST['S'];
echo($_SESSION['h']); } //output value in checkbox
?>
<html><body>
<form method="post">
<input type="checkbox" name="S" value="item1" > item1
<input type="SUBMIT" value="item1" >
Once this script is run you can accesS value in $_SESSION['h'] in other pages.
the data will be deleted when you close browser.
----------------------------------
page2.php
<?php
session_start();
if(isset($_SESSION['h'])){ //check if $_SESSION['h'] has been set a value
echo $_SESSION['h']; //output value stored in var
}
?>
You will ultimately still require the use of POST data to get the checkbox status from your page.
Page 1:
<?php
session_start();
// If postdata is received then redirect to next page
if(isset($_POST['Sound'])) {
$_SESSION['Sound'] = $_POST['Sound'];
header('Location: http://www.example.com/page2.php');
exit;
}
?>
<form method="post" action="page1.php">
Sound? <input type="checkbox" name="Sound" value="item1"><br>
<input type="submit">
</form>
Page 2:
<?php
session_start();
// If postdata is received then redirect to next page
if(isset($_POST['telephone']) && isset($_POST['email'])) {
$_SESSION['telephone'] = $_POST['telephone'];
$_SESSION['email'] = $_POST['email'];
header('Location: http://www.example.com/page3.php');
exit;
}
?>
<form method="post" action="page2.php">
<!-- If you want to output the previously saved data in a disabled item -->
Sound? <input type="checkbox" name="Sound" value="item1" disabled="disabled" <?php if($_SESSION['Sound'] == 'Yes') echo('checked="checked"'); ?>>
Telephone: <input type="text" name="telephone" value=""><br>
Email: <input type="email" name="email" value=""><br>
<input type="submit">
</form>
And so on and so forth for your next pages
This does not include the code for generating the e-mail via PHP but is intend to show you how you can take the form input/checkbox selections and store there values to a SESSION ARRAY. Note that in this example: The form is submitting to itself by leaving the action="" blank, but normal would submit to a external PHP file for parsing/handling.
Also, im choosing to create a random number to represent the visitor to the form if not specifically set by $_POST['user']
<?php session_start();
if (!isset($_SESSION['user'])) {$_SESSION['user']=rand(10,700);}
if (isset($_POST['user'])) {$id=$_POST['user'];} else {$id=$_SESSION['user'];}
?>
<form action="" method="post">
Sound 1:<input name="cb1" type="checkbox" value="sound1"><br>
Sound 2:<input name="cb2" type="checkbox" value="sound2"><br>
Sound 3:<input name="cb3" type="checkbox" value="sound3"><br>
<input type="submit" name="submit" value="submit"><br><br>
<?php
if (isset($_POST['submit']) && $_POST!=="") {
foreach($_POST as $key => $value) {
$_SESSION['visitor']['sounds'][$id]=array(
'selects'=>$_POST['cb1'].",".$_POST['cb2'].",".$_POST['cb3']
);
};
echo "For user ID:".$id." We echo the comma delimited stored SESSION array: ".$_SESSION['visitor']['sounds'][$id] ['selects'];
echo "<br><br>";
// Option 2 Explodes the comma delimited ['selects'] field to handle each choice seperately
$choice = explode(",",$_SESSION['visitor']['sounds'][$id] ['selects']);
echo "For an alternative, we EXPLODE the stored 'selects' field of the SESSION ARRAY and can then echo each out seperately"."<br><br>";
echo "User ".$id." Option 1 value was: ".$choice[0]."<br>";
echo "User ".$id." Option 2 value was: ".$choice[1]."<br>";
echo "User ".$id." Option 3 value was: ".$choice[2]."<br>";
echo "<br><br>";
echo "A last example we loop through the EXPLODED values and echo only those that were selected (ie: had a value)"."<br>";
foreach ($choice as $key => $value ) { if ($value!=="") {echo "Selection: ".$value."<br>";} }
}
?>
(I found this but still dont understand) {HTML form PHP post to self to validate or submit to new page}
I am sorry if this question is explained better in another place but I have been stuck for hours, have searched, and have just given up. I am going by the W3c website tutorial on how to validate, sanitize, and handle forms using PHP. All went well (At least I think it did) until it was time to do something with this data. I will show you the code now and further explain my position and problem after the code:
<form method="POST" name="signup" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<label for="first name"></label><input id="first name" name="first_name" placeholder="First Name" type="text" value="<?php echo $firstname;?>" /> <span class="error">* <?php echo $firstnameErr;?></span>
<label for="last_name"></label><input id="last name" name="last_name" placeholder="Last Name" type="text" value="<?php echo $lastname;?>" />
<span class="error">* <?php echo $lastnameErr;?></span>
<br><br>
<label for="email"></label><input id="email" name="email" placeholder="Email" type="text" value="<?php echo $email;?>" />
<span class="error">* <?php echo $emailErr;?></span>
<br /><br />
<label for="password"></label><input id="password" name="password" placeholder="Create Password" type="password" />
<span class="error">* <?php echo $passwordErr;?></span>
<br /><br />
<label for="male"><strong>Male</strong></label>
<input id="male" value="male" <?php if (isset($gender) && $gender=="male") echo "checked";?> name="gender" type="radio" />
<label for="female"><strong>Female</strong></label> <input id="female" value="female"
<?php if (isset($gender) && $gender=="female") echo "checked";?> name="gender" type="radio" />
<span class="error">* <?php echo $genderErr;?></span>
<br /><br />
<label for="submit">"I Agree To Terms And Conditions"</label> <input id="submit" value="Submit" type="submit" name="submit"/><br /><br />
<p><span class="error">* required field.</span></p>
<hr>
I am confused on many things. Should I keep the 'Form Action" as is, or should I change it to something like, "welcome.php". If I do change it to "welcome.php" do I still include the 'htmlspecialchars'? I am going to be using MSQLI. I am already able to connect to my database but how do I go about converting the users data into viable information for the server? Do I just go ahead and use the variables that I created in this HTML form? I know I need to put some kind of variables into a query string and then make sure I exit it as well. I am sorry if I pissed some of you off but I am just needing help. I dont want negative points but if I can receive some answers than I can handle a few bad points. Thanks for your help and happy holidays.
Below is my "welcome.php." It is actually called something different but for this moment it is "welcome.php". Thanks again.
<?php
$hostname="social89.db";
$username="social89";
$password="P!!";
$dbname="social89";
$db_conx = mysqli_connect($hostname, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
if(mysqli_connect_errno()){
echo mysqli_connect_error();
exit();
}
$select = mysqli_select_db($db_conx,$dbname);
$firstname= $_POST["first_name"];
$lastname= $_POST["last_name"];
$email= $_POST["email"];
$password= $_POST["password"];
$gender= $_POST["gender"];
mysqli_query($db_conx,"INSERT INTO users (firstname, lastname, email, password, gender)
VALUES ('$firstname', '$lastname', '$email', '$password', '$gender')");
mysqli_close($db_conx);
header("Location: ERASETHISprofile.php")
?>
Ooh, where to begin.
At the beginning I guess.
"Post to self" refers to having the same script that renders the form receive the form data. The form action points back at the same php script using the server variable $_SERVER['PHP_SELF'].
This means you can do something like:
<?php
if (!empty($_POST)) { // if $_POST isn't empty, the user submitted the form
// validate
if ($validationPassed) {
// insert to db
} else {
// tell the user they messed up
$error = 'Hey, you! Email address was incorrect.';
}
}
//
?>
<html> ...
<?php if (isset($error)) { echo $error; } ?>
// form
The above is really basic. You'll want to set errors for specific fields failing validation to give the user more of a clue as to what to correct.
htmlspecialchars() - Convert special characters to HTML entities
In short, if you trust the input string, you don't need it. So "welcome.php" that has been typed manually by yourself into the document, is trusted, and doesn't need to have special characters converted - there aren't any in the string. If that text came from a user it could contain, for example, <h2>Hello</h2>. Without the use of this function, your page may render that Hello inside the H2.
Recommended reading for the next part: How can I prevent SQL injection in PHP?
At the moment you are vulnerable, because you are taking data from the form and are not validating or sanitizing it. Obligatory XKCD comic: http://xkcd.com/327/. In addition to the risk of SQL injection there is the risk of junk data ending up in your DB.
Validation in PHP: filter_var examples: http://www.php.net/manual/en/filter.examples.validation.php