Where would I run this validateForm method? I'm a very newbie PHP developer getting the hang of web developing.

Question

Here's what I have:

<html>
<head>
    <?php
    $validForm = false;

    function getValue($field){
        if(isset($_GET[$field])){
            return $_GET[$field];
        }
        else{
            return "";
        }
    }

    function validateForm(){
     //magic goes here.   
    }        
    ?>
</head>

<body>
    <?php if($validForm == false){ ?>
    <form action="class2.php" method="get">
        <dl>
            <dt>First Name:</dt>
            <dd><input type="text" value="<?php echo htmlspecialchars(getValue('name')) ?>" name="name" />                    
            </dd>                

            <dt>Last Name:</dt>
            <dd><input type="text" value="<?php echo htmlspecialchars(getValue('lastname')) ?>" name="lastname" />                    
            </dd>

            <br />                
            <dt>
                <input type="submit" value="enviar" />
            </dt>                
        </dl>
    </form>
    <?php
    } else {
    ?>

    <h1>Congratulations, you succesfully filled out the form!</h1>

    <?php }
    ?>
</body>

Where would I put the validateForm() call? I'm not sure. What I want is to continue showing the form until the $validForm variable is true. :)

Thank you SO you always help me out.

Answer 1

You have to add a name to your submit button :

  <input type="submit" value="enviar" name="validate" />

And after the declaration of validateForm

you put

if(getValue("validate") != "")
validateForm();

Answer 2

function validateForm(){
 if ( ) // Your form conditions go here
 {
    return true;
 } else {
    return false;
 }
} 
if ( $_GET ) // Only validate the form if it was submitted
{
   $validForm = validateForm();
} else {
   $validForm = false;
}

Examples for some conditions:

if ( !empty ( $_GET[ 'name' ] ) and !empty ( $_GET[ 'lastname' ] ) ) // Check if the user entered something in both fields

I can only recommend you to change your getValue function too.

It would be a good idea to change

return $_GET[$field];

to something like

return htmlspecialchars ( trim ( $_GET[$field] ) );

This will remove unnecessary whitespace and escape the output at once.

The next or probably first step you should take would be to change your form from GET to POST as it is, in most cases, a bad idea to send form data via GET.

Answer 3

1. I'd check for the $_POST-variables in your getValue-function as you're trying to validate form-data (your checking $_GET-variables which is data submitted through the URL), you also may want to add "trim"
2. give the submit-button an id and check if the form has beed submitted that way

e.g. <input type="submit" value="enviar" id="submitButton" />

setting $validForm would look this this: $validForm = validateForm(); (instead of "$validForm = false;")

your validateForm-function should then check whether "$_POST["submitButton"]" is set and if your data is valid (set, right type, etc. etc.), if all of that is ok, return "true", otherwise "false"

Answer 4

<html>
  <head>
  <?php
    $validForm = validateForm();

C.