php - best way to return form validation error

Watch
beepbeeprichie
Badges: 18
Rep:
?
#1
Report Thread starter 7 years ago
#1
If you are validating a form with php what is the best way of returning an error?

Do you:
- Use session variables to store an error
- Use a GET variable
- Some other method

Any thoughts most appreciated.
0
reply
mfaxford
Badges: 1
Rep:
?
#2
Report 7 years ago
#2
I have the validation in the same script as the form. If the script detects data has been submitted it will validate that data. If there are no errors it will do something with the data if there are errors (or no data was submitted) it will display the form potentially with some fields pre-populated (the ones that had been submitted and are valid.).
0
reply
Cal97g
Badges: 11
Rep:
?
#3
Report 7 years ago
#3
I usually use GET.

PHP Code:

    
if(argument)
    {
        
header['Location: http://www.mysite.com?e=1'];
    } 
http://www.mysite.com?e=1:
PHP Code:
 if($_GET['e'] === '1')
 {
  echo 
"blah blah blah";
 } 
0
reply
DarkChaoz95
Badges: 18
Rep:
?
#4
Report 7 years ago
#4
well i use the if else conditions for validations. Here is an example:

PHP Code:

<?php

if(isset($_POST['submit']))
{
/** sanitize variables **/
$name mysql_real_escape_string($_POST['name']);
$name htmlentities($_POST['name']);

$email mysql_real_escape_string($_POST['email']);
$email htmlentities($_POST['email']);


if(
strlen($name) < 5)
{
echo 
"your username character must be at least 6 character long";
}
elseif(!
ctype_alnum($name))
{
echo 
"your username must contain only alphanumeric characters only";
}
elseif(
filter_var($emailFILTER_VALIDATE_EMAIL) === false)
{
echo 
"your email is invalid";
}
else
{
/** mysql queries here blah blah **/
echo "success!";
}
}
?>
0
reply
rmhumphries
Badges: 17
Rep:
?
#5
Report 7 years ago
#5
I use GET variables to mark errors.

The problem with sending data to the same page is you run the risk of processing the data every time the user refreshes the page, which is not always what you want.

For instance, take a system where you send an e-mail. If the user refreshes the page for any reason, then an e-mail will be sent twice. If you go to a separate page to send the e-mail, and then return from that page, refreshing the contact us page will only redisplay the error/success message.
0
reply
DarkChaoz95
Badges: 18
Rep:
?
#6
Report 7 years ago
#6
(Original post by rmhumphries)
I use GET variables to mark errors.

The problem with sending data to the same page is you run the risk of processing the data every time the user refreshes the page, which is not always what you want.

For instance, take a system where you send an e-mail. If the user refreshes the page for any reason, then an e-mail will be sent twice. If you go to a separate page to send the e-mail, and then return from that page, refreshing the contact us page will only redisplay the error/success message.

perhaps, with posts you could make use of csrf tokens which is good against csrf vulnerabilities and makes each submit unique.
0
reply
DarkWhite
Badges: 17
Rep:
?
#7
Report 7 years ago
#7
PHP has exception handling built-in, and you can then just choose what to do (e.g. if it's a critical error, die with an error message; if it's not critical, continue running the script but print it out somewhere).

http://www.php.net/manual/en/language.exceptions.php
0
reply
Planto
Badges: 16
Rep:
?
#8
Report 7 years ago
#8
(Original post by DarkWhite)
PHP has exception handling built-in, and you can then just choose what to do (e.g. if it's a critical error, die with an error message; if it's not critical, continue running the script but print it out somewhere).

http://www.php.net/manual/en/language.exceptions.php
Exception handling and validation are completely orthogonal things; if you're using exceptions for validation, you're doing something very wrong.
0
reply
rmhumphries
Badges: 17
Rep:
?
#9
Report 7 years ago
#9
(Original post by DarkChaoz95)
perhaps, with posts you could make use of csrf tokens which is good against csrf vulnerabilities and makes each submit unique.
It is certainly possible to prevent, but you need to have some form of extra data to prevent it from happening, which is more work.
0
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Have you made your mind up on your five uni choices?

Yes, and I've sent off my application! (152)
55.07%
I've made my choices but havent sent my application yet (38)
13.77%
I've got a good idea about the choices I want to make (31)
11.23%
I'm researching but still not sure which universities I want to apply to (26)
9.42%
I haven't started researching yet (16)
5.8%
Something else (let us know in the thread!) (13)
4.71%

Watched Threads

View All