Hello everyone! In a previous post we built a simple guestbook for ourselves. While it worked just fine, it lacked many features. Today we’re going to dive deep into the guestbook and add validation to the user comments. So, let’s get started.

So far, we have extracted the different POST fields from the $_POST super global into our working namespace. Today, we shall assign each field to a separate variable and then check if they have been filled out properly. We shall start with the basics. When we submit a form, depending on the form’s submission method, the submitted data is stored into the $_GET and $_POST super global variables. They are called the “super globals” because they can be accessed from almost anywhere inside a script. They belong to the global scope. We shall discuss the scope of variables in a later post, for now let’s stick to what we have in our plates. Now, if a form is submitted using the “POST” method, the data from the input field named “email” can be accessed via $_POST[’email’]. This looks like this:

 
<form action="post.php" method="POST">
<input type="text" name="email" />
<input type="submit" value="Go" />
</form>

In the post.php we can use the following php codes to print the value of the text box:

<?php
echo $_POST['email'];
?>

To put in short – the “name” attribute of an element inside a form becomes the key in the $_GET or $_POST super global.

Now let’s look back and check out the form we used to collect the user’s comments:

<h3>Post A Comment:</h3>
<form action="post.php" method="post">
   <strong>Name:</strong><br/> <input type="text" name="name" /><br/>
    <strong>Email:</strong><br/> <input type="text" name="email" /><br/>
    <strong>Website:</strong><br/> <input type="text" name="website" /><br/>
    <strong>Message:</strong><br/> <textarea name="message" rows="5" cols="25"></textarea><br/>
    <input type="submit" value="Go">
</form>

Can you identify the fields? Yes, they are – name, email, website and message. We see the method of the form is “POST”. So we can access these fields using these codes:

 // Assign the form fields to individual variable
    $name = $_POST['name'];
    $website = $_POST['website'];
    $email = $_POST['email'];
    $message = $_POST['message'];

We have successfully assigned the field data into different variables. Now we want to check the name and message field. If the user hasn’t filled in the message and name field, we don’t let him/her post. We can use the empty() function to check if a variable is empty or not. If it’s empty, the function returns true, false otherwise. Let’s change the post.php. Replace the existing content with the following codes:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
     <title>My Little Guest Book</title>
</head>
<body>
<?php
require_once 'config.php';


    // Assign the form fields to individual variable
    $name = $_POST['name'];
    $website = $_POST['website'];
    $email = $_POST['email'];
    $message = $_POST['message'];


if(!empty($name) && !empty($message)) {

    $now = time();
    if (mysql_query("insert into comments (`name`,website,email,message,`timestamp` ) values ('{$name}','$website','$email','$message','{$now}')")) {
        header("Location: index.php");
    } else {
        echo "There was an error connecting to the database!";
    }
} else {
    echo "Either name or message field is empty!";
}
?>

</body>
</html>

Previously, the visitors had to fill in all the fields to submit a post. Now they shall need to fill in the name and the message box to post a comment. But wait, anyone can enter any garbage text as email and website address! “lorem ipsum dolor sit amet” – that can’t be someone’s email address! Yes, you are right. We haven’t added proper checking to validate the input. PHP has very good support for input validation. In the coming posts, we shall see how we can be benefited from those.