-2

This is what I did in a nutshell:

<?php
// define variables and initialize with empty values

//error variables
$agentNameErr = "";

//non-error variables
$agentemail = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {

if (empty($_POST["agentname"])) {
        $agentNameErr = "Missing";
    }
else {
        $agentname = $_POST["agentname"];
    }
}

// form

<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" >

<input name="agentname" type="text" id="agentname" autocomplete="on"  placeholder="Agent Name" value= "<?php echo htmlspecialchars($agentname);?>" />

//only shows up if $agentNameErr is assigned the value of "Missing"

<span class="error"><?php echo $agentNameErr;?></span>

</form>

It checks if $agentname is erroneous (blank). If it's not blank, I don't know how to proceed. I want it to just automatically submit all the information without any additional user input to a review page so the user can see if the name was spelled correctly. And then they can do a final submission.

I don't know MySQL.

In normal english:

//user presses the submit button

if ($agentname has error)
   stay on page and display errors
else 
   submit automatically to next page (order review page for visual checking)

What do I do to "submit automatically to next page"?

fuzzybabybunny
  • 5,146
  • 6
  • 32
  • 58
  • You are posting this form to itself? If you want there to be a next step, you should set the `action` attribute to the next page and do the validation there, and redirect back to this page if it is incorrect. – mituw16 Jan 13 '14 at 18:42
  • Do you want the user to go to the next page or input the data into a database? What do you mean by submit automatically to the next page? – ChaseC Jan 13 '14 at 18:42
  • 1
    @Ed, what if javascript is disabled (i know rare, but have to protect yourself)? Server side validation combined with js is good. It is bad practice to rely only on js validation – mituw16 Jan 13 '14 at 18:43
  • validation absolutely does not occur on the client. that's just begging for someone to feed you bad data. some of us have js disabled, yes, but even if that weren't true, an attacker couldn't give half a crap about your client-side validation – Eevee Jan 13 '14 at 18:49
  • I want the user to stay on the same page, so yes, I want the form to post to itself. 1. User fills out the form and submits 2. The form appears again and displays the error on any fields that were left blank. 3. User can directly edit the same form to correct for the error (I don't want them to have to go back) 4. After editing, user submits again. 5. If validation passes, it sends the data to the next page. – fuzzybabybunny Jan 13 '14 at 18:56

3 Answers3

0

Use a php session.

if ($agentname has error)
   stay on page and display errors
else
{
   $_SESSION['key1'] = 'something'
   $_SESSION['key2'] = 'something else'
   ...
   header('location: ' . $next_page);
}

If you don't know how to use php sessions see the examples here

elitechief21
  • 2,964
  • 1
  • 17
  • 15
  • I see. So it goes back to changing the header to go to the next page. Are there any possible downsides to using the header approach? There's a good amount of data being send (like 20+ form entries). – fuzzybabybunny Jan 13 '14 at 19:00
  • No downsides that I can think of. Just be sure that you don't display any html before calling the header function otherwise you may get an warning saying that the headers have already been sent. As far as data size concerns, the amount of data you can post is set by your php.ini file and I believe the default is 8MB(usually more than enough), and as long as the data is getting posted to your server switching it over to being stored in session variables should be no problem. – elitechief21 Jan 13 '14 at 19:06
0

Try this:

    <?php

    $agentNameErr = "";
    $agentemail = "";

    if ($_SERVER["REQUEST_METHOD"] == "POST") {

        if (empty($_POST["agentname"])) {
            $agentNameErr = "Missing";
        } else {
            $agentname = $_POST["agentname"];
            header("Location: nextpage.php?agent=".$agentname);
        }
    } else {

    ?>

    <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" >

    <input name="agentname" type="text" id="agentname" autocomplete="on"  placeholder="Agent Name" value= "<?php echo htmlspecialchars($agentname);?>" />

    //only shows up if $agentNameErr is assigned the value of "Missing"
    <?php if(!empty($agentNameErr)) { ?>
    <span class="error"><?php echo $agentNameErr;?></span>
    <?php } ?>
    </form>
<?php } ?>
Stafox
  • 1,007
  • 14
  • 25
  • It is an example. To send agentname to another page you can use session or use fsockopen to send data via POST method (if this data really secure, also you can use encryption algorithms like interchanging bytes). – Stafox Jan 13 '14 at 19:05
0

Keep it simple. Capture the entire contents of the form and store in a session variable.

$agentNameErr = '';
$agentemail = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (empty($_POST['agentname'])) {
        $agentNameErr = 'Missing';
    } else {
        $_SESSION['agent-form'] = $_POST;
        // Move to next page
        header('Location: nextpage.php');
        exit;
    }
}

Once forwarded to the next page you can access the form data from the session variable.

// Entire contents of form
print_r($_SESSION['agent-form']);
// "agentname" data
print_r($_SESSION['agent-form']['agentname']);
Dave
  • 3,658
  • 1
  • 16
  • 9