Best practice to deal with form processing

Question

Hello guys,

I was wondering what is the best practice to deal with form processing?

In my case I do something like that:

• if the user hasn't submited the form
  • display the form
• else
  • if there are form errors
    • display errors
    • display form again
  • else
    • display a success message
    • (and) display the form again

My problem is that I'm repeating the HTML code for the form for 3 times and I don't think this is a good practice (long file, difficult to read).

Answer 1

Given that in each case you're displaying the form, can you simply display the same form by default and then add the extras such as error messaging etc?

What other technologies are you using?

Answer 2

Your workflow looks correct. I don't see why you need to repeat the HTML code for the form. Restructure your code so that the success message is displayed at the top of the form if present and the errors are displayed next to the input boxes if they're present. At the top of your (PHP?) file, process everything and set the variables that will be displayed in the form below.

Answer 3

You can use the same form code and just display the error / success message above the form.

Answer 4

you can break your script in two:

• one displays the form

• one gets form data, checks it and returns errors or the success message

Answer 5

Check out this validation script i wrote with PHP and jQuery. Let me know if you want a copy.

http://swyg.site11.com/

Answer 6

You should follow the Post/Redirect/Get pattern to prevent form submission duplicates.

You can integrate that pattern with error processing and successful message display this way:

if POST_REQUEST:
  ERRORS = VALIDATE_FORM()
  if ERRORS IS EMPTY:
    PROCESS_REQUEST
    REDIRECT TO <Successful URL>

DISPLAY_FORM(ERRORS)

These are the possible scenarios:

• Get request at form url:
  POST_REQUEST is false and so you just display the form with no errors (so a normal empty form)
• Form submission with errors:
  POST_REQUEST is true, you validate the form. In this case some errors will be returned in the ERRORS variable (probably an array). The ERRORS variable is not empty so you just display the form with the error messages displayed
• Correct form submission:
  POST_REQUEST is true and you validate the form. Since this time the form is valid the ERRORS variable would be empty and you perform the redirect to the <Successful URL> which will display the successful message to the user.

Using this pattern you prevent that the user to send again form data when refreshing the page after a correct form submission.

Django Framework suggest to handle forms this way.

A good way to handle errors in form display is to have the VALIDATE_FORM() function returning an associative array of errors where each key is the name of the field and the corresponding item is an array of error messages.

General form errors (not associated with a specified field) should have an emtpy key.

This way you can, for example, display errors this way in the DISPLAY_FORM() function:

<ul class="errors"><?php foreach(ERRORS['field_name'] as $error) { echo "<li>$error</li>"; } ?></ul>
<input name="field_name" type="text" ... />

Answer 7

Look, it's as simple as an egg!
Just put the same actions in the different order:

• if the user submited the form
  • if there are form errors
    • fill errors array
  • else
    • record data to database
    • 302 regirect, as it required by HTTP standard
    • exit
• if we have some errors
  • display errors
  • fill form field values
• display the form

If you can't live without a success message (a quite useless thing in my opinion) you can display it using get parameter (less preferred) or session (optimal)

oops! it was an old one.