PHP Tutorial Part 2: Form Validation, Disabling Browser Caching, Embedding HTML Code by Christopher Heng, thesitewizard.com The first part of my PHP tutorial dealt with the basics of writing a PHP script, and took its readers through the creation of a simple but useful feedback script, which transmits the contents of a feedback form back to the webmaster in an email. If you missed that article, you can find PHP Tutorial 1: Writing Your First PHP Script: Feedback Form (Email Form) at http://www.thesitewizard.com/archive/feedbackphp.shtml This article refines that Form to Mail script while at the same time introducing other facilities available in PHP. 1. Checking / Validating Form Inputs If you have ever installed a form on your website before, you will probably have received the results of submissions that were incomplete in some way. For example, the visitor submitting the form may have completely omitted his email address. Or, in the case of trigger-happy visitors, they may have accidentally hit the Submit button before even writing their comments. To make the feedback script more robust, it is useful to have some sort of checking to ensure that all essential fields have been completed before sending the message to the webmaster. The simplest way to do this is to modify the script we wrote in the first part of this tutorial to the following: If you recall, the feedback form for the purpose of this tutorial is a simple:

Email:
Message:

Notice that we have inserted several additional checks into our feedback script. The first change we've made is that we check if the variable $_REQUEST['email'] has been defined by using the isset() function. In the first tutorial, I mentioned that it would have been defined if your script was called from your feedback form since PHP automatically provides your script access to all form fields through $_REQUEST['form-field-name'] (where form-field-name is the name of the field in your form). This check is useful to catch instances where your visitor tries to invoke "http://www.example.com/sendmail.php" just to see what happens. Without this check, you will wind up with a blank email in your mailbox if he/she does this. This revised script checks to see if the "email" field has been set, and if it has not, it means that the visitor has called the script directly without going through your form. In such a case, the script redirects the visitor to your feedback form. The line elseif (empty($email) || empty($message)) checks if the form was submitted without the visitor entering anything in either (or both) of those fields. The empty() function checks the variable enclosed within its brackets to see if they contain anything. If nothing is found in either of these variables, or if they have not been set, your visitor will be directed to your error page. Finally, if all is well, the form is submitted using the code explained in our previous tutorial. Notice that the script introduces three extra keywords: "if", "elseif" and "else". Like many programming languages, these control structures allow certain portions of your script to be executed only if a particular condition is true. The condition to be tested must be enclosed in the brackets "(" and ")". For example, if you want to the script to print "Hello!" if $email is empty, you can use the following code snippet: if (empty($email)) echo "Hello!" ; Unlike Perl, if the code to be executed is only one statement long (like the "Hello!" example above), you do not need to enclose your code (the echo portion) in curly braces "{" and "}". (I have included the curly braces in the main feedback script above in every instance in order not to confuse you at that early stage.) Incidentally, the feedback form generated by thesitewizard.com's Feedback Form (Email Form) Wizard contains all the above enhancements. If you want to examine the production code for an email form, check out http://www.thesitewizard.com/wizards/feedbackform.shtml That page also links to a "demo" site that implements the feedback form script, so you can try it out for yourself. 2. Generating HTML Code It is possible to make your PHP script generate HTML code instead of simply redirecting the visitor's browser to a separate HTML file. For example, if you prefer to generate your error message directly from the sendmail.php script above, you might wish to modify the script as follows: Error

Error

Oops, it appears you forgot to enter either your email address or your message. Please press the BACK button in your browser and try again.

<? } else { mail( "trajcetr@yahoo.com", "Feedback Form Results", $message, "From: $email" ); header( "Location: http://www.oocities.org/trajcetr/sub.htm" );