PHP:Form Series, Part 1: Validators & Client-side Validation
by: Dennis Pallett
Introduction
Welcome to the first part of a new two-part series on the PHP:Form web component. In this part, I will give you an introduction to PHP:Form, its features, and why it is so useful. I will also discuss the inbuilt validators that PHP:Form supports. In the second part I will discuss the more advanced features of PHP:Form.
What is PHP:Form?
PHP:Form is a (new) web component, developed by TGP PHP Scripts (
http://phpscripts.pallettgroup.com). It is designed to help you create forms with a lot less effort. When you're creating a new PHP script, you will undoubtedly have to create forms to allow input to be entered. There is (almost) no PHP script without forms, and forms usually require solid validation to make sure there are no security leaks. It would be nice if those forms are accessible as well, but this often gets forgotten.
We've all had to create forms again and again. And every time we've had to write those validation functions. I'm sure you remember... if (empty($blah)) { echo 'Invalid'; }, etc. After a while it becomes a really boring and mundane task, and most of the time we don't do it properly either. One of the hardest things to do is to return error messages, indicating what is wrong, and allowing visitors to fix their mistakes, without having to re-do the complete form. I used to simply tell them to hit the back-button, after returning the errors, but this is obviously a not-so-good way of doing it.
Thankfully, that's where PHP:Form steps in. It handles all the boring parts for you, and does it properly as well.
PHP:Form has support for inbuilt validators, which means you only have to use a simple HTML-like syntax to add new validation logic to a form. With these validators also comes automatic client-side validation. All the necessary JavaScript is created for you, and there's nothing you need to do. Another remarkable feature of PHP:Form are so-called "formtypes", which are basically form templates. These allow you define form templates, which can be re-used over and over again.
Let's have a closer look at the validation part of PHP:Form; the validators.
Inbuilt Validators & Client-side Validation
Before we look at the validators, let's first look at the basic PHP:Form syntax. It has a really simple syntax, because it's basic HTML. To create a new form, use the tags, like so:
<php:form name="example">
... form html goes here ...
</php:form>
That's all that is really necessary. But you must also tell the form to display, using PHP, like so:
$_FORMS->display ('example');
Those two things are the only things absolutely necessary to create and display a new form. Of course, nothing will be displayed yet because you haven't created any input fields. To see a simple form in action, have a look at demo 1 (
http://www.phpit.net/demo/phpform%20series/demos/demo1.php)
Let's move on to validators now. Validators are used to validate form fields, and just like the form tags, they are simple html, for example:
<validator for="[fieldname]">Your error message here</validator>
You can either place validators in between the form tags, or outside the form tags. If you place them outside the form tags you must specify the form name (using the 'form' attribute).
A simple form with a validator would look like this:
<?php
// Include PHP:Form
include ('../phpform.php');
// Begin form:
?>
<php:form name="example">
<validator for="name" required="true"><p style="font-weight:bold;color:red;">Please enter your name</p></validator>
Name: <input type="text" name="name" />
<input type="submit" value="Go!" />
</php:form>
<?php
if ($_FORMS->validate ('example') == true) {
// Show POST'ed values
echo '
';
print_r ($_POST);
echo '
';
} else {
// Display form
$_FORMS->display ("example");
}
?>
View live demo (
http://www.phpit.net/demo/phpform%20series/demos/demo2.php)
As you can see in the code we created a validator that has the required attribute set to "true". That means that this validator just checks whether the value of the input field isn't empty.
There are 5 different kinds of validators:
- Required: they are used to make sure an input field isn't empty, like I just demonstrated.
<validator for="field" required="true">Please fill in something</validator>
- Numeric: they are used to make sure an input field only contains numbers, and nothing else.
<validator for="field" numeric="true">Please fill in something</validator>
- Regex: they can be used to specifiy a regular expression that an input field must match.
<validator for="field" regex="/test/i" >Please enter 'test' only.</validator>
- Callback: callback validators can take a callback function that is run on the server-side. That callback function is passed the value of the input field, and the function must return true or false. This is used for really advanced validation (and it's likely you will hardly ever use the callback validator)
<validator for="field" callback="is_email">Not a valid e-mail address.validator>
- Name: name validator can be used to display a message or error only when you want to. They can only be shown when you manually show them using the trigger_error ('form', 'errorname') method.
<validator name="mymsg">This is my custom error!</validator>
Then in PHP:
<?php
$_FORMS->trigger_error ('example', 'mymsg');
?>
When using validators, you will probably want to check if a form validates or not. To do this, use the validate() method, as seen in demo 2:
If ($_FORMS->validate('example') == true) {
echo 'It validates!';
} else {
echo It 'doesn\'t validate!';
}
Client-Side Validation
PHP:Form also automatically generates client-side validation (JavaScript) when using validators. It natively supports the required, numeric and regex validators, but it doesn't (fully) support the callback validator. This isn't really possible either, because the callback validator points to a function on the server-side. But if you create a JavaScript function with the same name as the callback function, it will work, and it will run the JavaScript function you created. This gives you great power, and means you can even using advanced JavaScript functions and Ajax to validate data.
If you would like to see the client-side validation in action, have a look at demo 2 again, and make sure you have JavaScript enabled. You will probably notice how fast the errors are returned, and that no refresh happens at all. That's the client-side validation.
Conclusion
In this first part of the PHP:Form series I have shown you what PHP:Form is: an extremely neat PHP form component, that is really useful for building web forms. I have been using it myself now for a few months, and I still can't get over how great it is. It has really simplified things, and I can focus on the important stuff. If you're still in doubt, have a look at the PHP:Form product page for more information and demo's (
http://phpscripts.pallettgroup.com/phpform/?ref=phpit).
I have also shown you exactly what validators are, and the different types. Validators are the most important part of PHP:Form, and you will probably use them in every form. You can some really interesting things with them, and when you combine a few validators it's possible to create a extremely secure form.
In the next part I will have a look at "form types", the form templates of PHP:Form. I will also have a look at setting default values, using the set_value() method of PHP:Form.
If you're interested in purchasing PHP:Form, don't forget to use the special PHPit coupon code: phpit
PHP:Form product page (
http://phpscripts.pallettgroup.com/phpform/?ref=phpit)
About The Author
Dennis Pallett is a young tech writer, with much experience in ASP, PHP and other web technologies. He enjoys writing, and has written several articles and tutorials. To find more of his work, look at his websites at
http://www.phpit.net,
http://www.aspit.net and
http://www.webdev-articles.com
