0

So I have a form and need to validate it. So what I'm doing is 

if(empty($name) || empty($username) || empty($email) || empty($password)){
    $_SESSION['comp_form'] = "Complete all fields";
    header('Location: register.php');
}
if(strlen($password) < 5){
    $_SESSION['pass_leng'] = "Choose a longer password";
    header('Location: register.php');
}

I'm doing this because I need to display the Session on another page, but only one error gets shown. What I'm trying to do is something like this where all errors are shown at once.

enter image description here

Am I on the right track? Or is there another way to go about this. Because I can only display one message at a time using 

$_SESSION['comp_form'] = "Complete all fields";
header('Location: register.php');
exit()
Improve this question
4
  • 1
    FYI, the example that you're showing is most likely using client-side validation. Commented Jun 26, 2014 at 21:15
  • 3
    Build up an array of errors during your validation, then check to see if there are errors in the array and redirect if there is. You could also use array keys to identify which field to show each error on. Commented Jun 26, 2014 at 21:15
  • Yeah I know. I just want to do this server side @PatrickQ Commented Jun 26, 2014 at 21:16
  • Can you show an example? I'm fairly new and any help would be great @scrowler Commented Jun 26, 2014 at 21:17

3 Answers 3

Reset to default
2

You can build up an array of errors during your validation, then check to see if there are errors in the array and redirect if there is. You could also use array keys to identify which field to show each error on.

Here's an example:

$errors = array();

if(empty($name) || empty($username) || empty($email) || empty($password)){
    $errors['comp_form'] = "Complete all fields";
}
if(strlen($password) < 5){
    $errors['pass_leng'] = "Choose a longer password";
}

// more validation here if you wish
if(count($errors) > 0) {
    $_SESSION['errors'] = $errors;
    header("Location: register.php");
    exit;
} else {
    // clean up previous validation errors, everything's fine
    unset($_SESSION['errors']);
}

Then on your form you can check for errors:

<!-- add hasError class to input when validation failed to allow you to style it -->
<input type="password" name="password" class="<?php if(isset($_SESSION['errors']['pass_leng'])) echo 'hasError'; ?>">
<!-- if there's an error, output it on a generic error message element -->
<?php if(isset($_SESSION['errors']['pass_leng'])) echo '<p class="formError">' . $_SESSION['errors']['pass_leng'] . '</p>'; ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You're welcome. I'd suggest a certain amount of client side validation would benefit you in terms of your UX, e.g. clearing the error messages when a form becomes valid. It is totally essential to validate server side as well though.
I just added one more thing to clear the errors when the page gets refreshed. I used unset($_SESSION['errors']); on the actual form. So it might be worth putting it in the answer
2

You could try something like this:

$_SESSION['error'] = 0;
if(empty($name) || empty($username) || empty($email) || empty($password)){
    $_SESSION['comp_form'] = "Complete all fields";
    $_SESSION['error'] = 1;
}
if(strlen($password) < 5){
    $_SESSION['pass_leng'] = "Choose a longer password";
    $_SESSION['error'] = 1;
}
if($_SESSION['error'] == 1){
    header('Location: register.php');
}

Just unless you want to use AJAX which will improve the smoothness of your Site at the cost of using JavaScript.

Improve this answer

1 Comment

This is correct. When you do header('Location: register.php');, it is as if you wrote exit() or return. Anything that comes later in the code won't take effect, because the user has already "left" the page then. Just collect all errors first and then do the redirect, like suggested here.
2

Create an array of fields you require to be validated (which match up with their $_POST names):

$fields = array(
  'name'     => 'Name', 
  'username' => 'Username',
  'email'    => 'E-Mail',
  'password' => 'Password'
);

Then loop over them, if they aren't valid, add them to your $_SESSION['errors'] array:

$_SESSION['errors'] = array(); 

foreach ($fields as $field => $niceName) {
    if (empty($_POST[$field])) {
        $_SESSION['errors'][$field] = $niceName . ' cannot be empty';
    } elseif ($field == 'password' && strlen($_POST[$field]) < 5) {
       $_SESSION['errors'][$field] = 'Choose a longer password';
    }      
}

Then, if $_SESSION['errors'] isn't empty, you can redirect:

if (!empty($_SESSION['errors'])) {
    header('Location: register.php');
    exit(); 
}
Improve this answer

2 Comments

You should implement a key -> value pair to give a user label for each field, it would look a little naff to present "name cannot be empty", especially if more complicated field names were used... confirm_password, foo_client_age_bar etc.
Agreed, I often do something similar to the above when doing input validation. I think I misunderstood the question anyway :p

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.