Form Validation (PHP)

229
December 21, 2016, at 01:23 AM

I need to create validation for this form, and I don't know how to do it right.

    <?php
$errName = '';
$errEmail = '';
$errMessage = '';
$result = '';
if (isset($_POST["submit"])) {
    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $from = 'simply@email.tld';
    $to = 'again@email.tld';
    $subject = 'Form';
    $body = "Name: $name \n E-mail: $email \n Message: $message";
}
if (!$_POST['name']) {
    $errName = 'Write Name here.';
}
if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
    $errEmail = 'Write correct e-mail';
}
if (!$_POST['message']) {
    $errMessage = 'Write your message';
}
if (!$errName && !$errEmail && !$errMessage) {
    if (mail ($to, $subject, $body, $from)) {
        $result = "<div style='color:white;font-size:15px;font-weight:700;'>Your message has been sent.</div>";
    } else {
        $result = "<div style='color:red;font-size:15px;font-weight:700;'>Your message has not been sent, try again!</div>";
    }
}
?>

The form works right but if as example I won't write one thing there is no error, message just isn't sent. Any ideas what's wrong?

Answer 1

The problem I see with your original code is that the variables that contain the error message ($errName, $errEmail, $errMessage) aren't ever echo'd anywhere. They simply get checked if they contain any content and if none of them do then the mail function is called, otherwise nothing.

I believe a better approach to this would be to use a try/catch block. Your approach continues checking for valid variables even if a previous variable has already failed a check and the mail is already going to be prevented because of it. In this application, a couple extra easy checks aren't going to amount to anything significant, resource-wise. But in a larger application it's a good idea to not waste resources if you already know something is going to fail.

I've rewritten your code using the suggested try/catch block.

<?php
if (isset($_POST["submit"])) {
    $name       = (string) $_POST['name'];
    $email      = (string) $_POST['email'];
    $message    = (string) $_POST['message'];
    $from       = 'simply@email.tld';
    $to         = 'again@email.tld';
    $subject    = 'Form';
    $body = "Name: $name \n E-mail: $email \n Message: $message";
    try {
        if (!$name) {
            throw new Exception('Write Name here.');
        }
        if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
            throw new Exception('Write correct e-mail');
        }
        if (!$message) {
            throw new Exception('Write your message');
        }
        if (mail ($to, $subject, $body, $from)) {
            $result = "<div style='color:white;font-size:15px;font-weight:700;'>Your message has been sent.</div>";
        } else {
            throw new Exception("Your message has not been sent, try again!");
        }
    } catch(Exception $e){
        $result = "<div style='color:red;font-size:15px;font-weight:700;'>" . $e->getMessage() . "</div>";
    }
    echo $result;
}
?>

If a variable doesn't pass one of your checks, a new Exception is thrown with the applicable error message. This stops further execution in the try block and moves execution to the catch block. The $result variable gets filled with your styled error message, which gets echo'd at the end. Likewise, if the mail is successfully sent, the $result variable gets filled with the success message which gets echo'd.

READ ALSO
How to get by Webservice PHP-MySQL image in base 64?

How to get by Webservice PHP-MySQL image in base 64?

I need print this "print json_encode($datos); the image in base64

322
Making a simple to use dynamic MySQL class that can read from and write to a database

Making a simple to use dynamic MySQL class that can read from and write to a database

I want to create a script that runs any query from through PHP the same way you would run it through the MySQL console just by calling MySQL::query([the query]);

208