0

I am fairly new to server-side validation and I currently post my form values to the page below.

<form id="sign_in" action="<?php echo htmlspecialchars('inc/validate.php') ?>" method="POST">

I perform other operations on the page so I'd like all the code to be in one place. I would like to handle all of my validation on this page and send back the error messages to the form page. However, alot of the examples I'm seeing are using:

action="<?php echo $_SERVER['PHP_SELF']; ?>"

validate.php has the following code

<?php
include('prc_input_validation.php');


// check if username and password isset and are not empty
if ($_SERVER['REQUEST_METHOD'] == 'POST') {



   // Retrieve values from login form

    $username = checkInput($_POST['username']);
    $password = checkInput($_POST['password']);
    
    $userNameempty = emptyCheck($username);
    if($userNameempty == "true")
    {
        $empty_error = "This field is required";
        header("location: ../sign-in.php");
    }

}

?>

prc_input_validation.php has the following code

<?php

function checkInput($inputField) {
    $inputField = trim($inputField); // Strip whitespace (or other characters) from the beginning and end of a string
    $inputField = stripslashes($inputField);  //Un-quotes a quoted string
    $inputField = htmlspecialchars($inputField); //Convert special characters to HTML entities
    return $inputField;
}  


    function emptyCheck($inputField)
    {
        if(empty($inputField))
        {
            return "true";
        }
        else
        {
            return "false";
        }
    }
    
    ?>

Form input

           <input type="email" class="form-control" name="username" placeholder="Username" autofocus required>
                        <span class="text-danger"><?php echo $empty_error; ?></span>

How can I correctly send back the error message to the form for it to be displayed? on the form

A.Mac
  • 203
  • 3
  • 19
  • You could `include` the validation script inside the main script – ADyson Mar 31 '21 at 17:39
  • If it keeps the same site, you can omit action attribute or set to `action="?"` which does the same as `$_SERVER['PHP_SELF']`. – Markus Zeller Mar 31 '21 at 18:03
  • @ADyson yes I did that. But I am not sure how to show the error message on the form. I will edit the code to show how I currently do this – A.Mac Mar 31 '21 at 20:00
  • Your mistake is redirecting after you find errors. That effectively resets the page. Just let it continue and render the form again underneath, but have some if statements within it to show the error messages, if populated. – ADyson Mar 31 '21 at 21:09
  • @ADyson I'm a bit confused. The error check is done on a separate page from the form which is validate.php are you saying that this should not be done on validate.php but on the page where the form is? – A.Mac Apr 01 '21 at 14:28
  • Yes it should. Otherwise you can't get back to the previous form easily. Include validate.php in the other page if you want to re-use the code. – ADyson Apr 01 '21 at 14:32
  • @ADyson I would also like to make some DB checks in validate.php does it mean that after I do the server-side validation I will now have to pass their values as URL parameters using header? – A.Mac Apr 01 '21 at 14:55
  • @ADyson or pass the values in sessions instead? – A.Mac Apr 01 '21 at 15:01
  • You could use sessions, but it gets messy if you have more than one or two messages. And also you have to be careful to clear them later so the user doesn't see them by accident if they refresh or go back to the same page later. – ADyson Apr 01 '21 at 15:15
  • `I would also like to make some DB checks in validate.php does it mean that after I do the server-side validation I will now have to pass their values as URL parameters using header` ...not if you do as I suggested and make the validation process simply a call that you make from the main PHP script where the form is. That's the standard approach. – ADyson Apr 01 '21 at 15:16

0 Answers0