It's useful to validate an HTML form using JavaScript before a form is submitted but it shouldn't be considered as a substitute for validating the form on the server.
JavaScript can be interfered with by the user on the client side but not PHP on the server side and this is covered in the tutorial Form Reply Scripts.
If PHP finds an error with the submitted data it needs to redirect the user back to the form.
However, to be useful, the script needs to inform the user which fields are in error as well as ensure that the form still holds the data that the user originally entered.
To hold the data that the user entered - in order to repopulate the form fields.
To hold the error messages to inform the user which fields are in error.
Both sets of session variables can be written into the HTML form but won't be displayed if no error has been found by the script that handles the form data.
The HTML Form
Below is a simple form that gathers two name/value pairs, name and email, and passes them to form_reply.php when the user clicks the Send button.
The form is standard except for the following additions.
session_start() is required to access the session variables, if they exist.
The inputs of each field have a value attribute set to the value of the session variables that hold the user's data.
These will only be output if the form has already been unsuccessfully submitted since it's the form script that will create the variables.
Next to each input field a session variable is used to output an error message.
Again these will only be output if the form has already been unsuccessfully submitted since it's the form script that will also create these variables.
Once the session variables have been output, if they exist, then session_destroy() will get rid of them.
In this example the validation only checks for blank fields and if found will produce one of 3 error messages.
The form script first has to store the form data as session variables to repopulate the form if validation fails.
Next it has to validate each field and if the validation fails, create session variables to hold appropriate error messages.
Finally if error messages have been created then the script should send the user back to the contact.php page - or if not, then go ahead and send the email.
The form_reply.php Script
<?php
session_start();
if (!session_is_registered("name")) session_register("name");
$HTTP_SESSION_VARS["name"] = $HTTP_POST_VARS["name"];
if (!session_is_registered("email")) session_register("email");
$HTTP_SESSION_VARS["email"] = $HTTP_POST_VARS["email"];
//Check for blank name and email fields
if ($HTTP_POST_VARS["name"] == "" && $HTTP_POST_VARS["email"] == "")
{
session_register("error_3");
$HTTP_SESSION_VARS["error_3"] = "*Both your name and email address are required!";
header ("location: contact.php");
exit;
}
//Check for blank name field
if ($HTTP_POST_VARS["name"] == "")
{
session_register("error_1");
$HTTP_SESSION_VARS["error_1"] = "*Your name is required!";
header ("location: contact.php");
exit;
}
//Check for blank email field
if ($HTTP_POST_VARS["email"] == "")
{
session_register("error_2");
$HTTP_SESSION_VARS["error_2"] = "*Your email address is required!";
header ("location: contact.php");
exit;
}
// If the script gets to here then forward the data
// Code for sending the email
?>
Free Web Design Tutorials
Form ValidationJavaScript to PHP
