Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PHP form w/sessions, user presses back button and previously displayed validation error messages display again

Posted on 2011-04-26
9
Medium Priority
?
413 Views
Last Modified: 2012-05-11
I have a mult-page form using sessions. When the user receives a validation error, fixes it, and re-submits and then decides to go back to the page the error message(s) display again when the page loads. I can't figure out why the error message(s) display again. It seems as though when they press the back button on the browser the test if(isset($_POST['submit']) returns true instead of false and the validation checks are run again. But even then I don't understand why that test would fail and display the error. This happens on both FF and Safari.

Here is a snapshot of the relevant code. You can check it out here https://register.amor.org/individual/process1.php - Use a bad DOB, fix it and re-submit, and then travel back to see what I mean:

<?php
session_start();
if (isset($_POST['submit'])) {
      $errors = array();
...
      if ($lname = filter_var($_POST['lname'], FILTER_SANITIZE_STRING)) {
            $_SESSION['lname'] = $lname;
      } else {
            $errors['lname'] = "Please enter a last name";
      }
      if (check_dob($_POST['dob'])) {
            $_SESSION['dob'] = $_POST['dob'];
      } else {
            $errors['dob'] = "Please enter a date of birth - xx/xx/xxxx";
      }
... other validation/sanitation
      if(0 === count($errors)){       
            header("Location: /individual/process2.php");
      }      
?>

<body>
<div>
<?php
      if (0 != count($errors)) {
            echo "<div class='form_error_list'><strong>Please correct the following errors: </strong><ul>";
            foreach ($errors as $value) {
                    echo "<li>$value</li>";
            }
            echo "</ul></div>";
      }
?>
<form name="form" id="form" action="<?php echo $_SERVER['PHP_SELF']; ?>"  method="post">

...Form output

<div class="formElement_part"><h4>Birth Date</h4><input name="dob" class="med" id="dob" value="<?php echo h($_SESSION['dob']); ?>" /><label for="dob"></label>(xx/xx/xxxx)</div>

...More Form output

<input type="submit" name="submit" value="Proceed" class="proceed">
</form>
</div>
</body>



0
Comment
Question by:josha2122
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 43

Expert Comment

by:Rob
ID: 35472988
Is the user asked to resubmit the form?  If so it become increasingly difficult to know if it is a valid submission or not.

This problem is why i switched to AJAX so that if the user needed to fix their submission is could be handled by the javascript.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 35473090
It displays again because the original info that got you to that page in the first place is resent to the server when you 'back'.  That's what the message is trying to tell you.
0
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 35473101
the $_POST will submit true - usually the browser will ask you if you want to resend the data from the previous page - which will then result in the submit being set. However, this should not cause validation errors because the same valid data will be submitted that allowed you to get to page two.

Not quite sure what the problem is - tried your form - bit annoying with the valid zip code (if you don't live in the US - not intuitive and if you set another country other than US still wants a valid zip for the US). Also does not remember the phone number on validation. That aside once I did fill in data and proceeded to screen 2 when clicking the back button FF asked me if I wanted to resend - did so and the only validation I got was on the phone number - which was not remembered.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35474684
This looks like normal browser behavior.  It will probably happen on IE, too.  What is the question you want us to answer?  If you want to avoid repeated submits of the same data you can use an md5() string of the $_POST array.  Store that in the session.  If you get two matching strings you got duplicate post data.
0
 

Author Comment

by:josha2122
ID: 35475517
@JulianH - Thank you for taking the time to look over the form. I do still need to build in a separate validation for the zip code with countries other than the US. I will have to look into the phone number not being remembered.

@Ray - I would like to allow the user to resubmit the data, I just don't want the browser to do it when they click the back button. Would your suggestion do that or would it prevent also the user from resubmitting? The only thing I have come up with, and am still trying to work out, is to have a session set with the current page name and test that as well as isset($_POST['submit']) before the script goes through the validation checks. So if the session is set to page 2 and the user clicks back it would check against that session, skip validation, set the session to the current page number, and display the form.

I was hoping to find out if there was a best practice for dealing with this type of scenario. I have spent a few hours looking on the internet and only found solutions for preventing resubmitions entirely,

@tagit: Yes I would like to allow my user to resubmit the form. I wanted to validate in js and php, but if I can't figure this out I will probably rely on JS for validation and just sanitize the data in php.
0
 
LVL 34

Accepted Solution

by:
Slick812 earned 500 total points
ID: 35476079
Greetings josha2122, , , You say you need to have a way to re-submit the form, and it looks like a re-submit would be to make corrections to a mistake in the user reviewed submission entries given to read, ,
What I might do is add a button or a link on the "Review information and confirm trip" page that says "Make Corrections in the Information" or "Change my information to make correct" or the abililty to access the process1.php page without hitting the back button on the browser, which can cause problems, as you have seen. You will need to store all of the submitted user info in the session, I guess you already do that. and the link button access to the process1.php page for corrections will give you a way to do extra information analysis , to help the user, if that is something that might help.
0
 

Author Closing Comment

by:josha2122
ID: 35476136
Common sense approach! Thank you, I will implement this as a much more user friendly means to correct mistakes. I was hoping to find a common sense, elegant way to solve this issue and I think this does the trick.
0
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 35477474
Users will still press the back button - should plan for that eventuality as well
0
 
LVL 43

Expert Comment

by:Rob
ID: 35480839
I would also consider using AJAX, which completely removes the issue of the back button....
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses
Course of the Month21 days, 6 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question