[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 43
  • Last Modified:

stop form action from going to page if search field is empty

I have a search field in a form that looks like this on my index.php page.

 
 <form action="search.php" method="post">

Open in new window


The search function is working fine but I don't want the page to actually go to search.php if the search field is empty i.e.: they just click "search" without actually inputting anything.

I tried this above the form:

 $error = "";
		  
		  if($_SERVER['REQUEST_METHOD'] == "POST"){
			  
			  if (empty($_POST['search'])){
				  
				  $error .="Please enter a search term";
				  
			  } 
		  }

Open in new window


But it still posts the search.php page and shows the error there. Is it possible to stop the page from redirecting to search.php if the search input is empty?
0
Black Sulfur
Asked:
Black Sulfur
  • 3
  • 2
  • 2
1 Solution
 
Ray PaseurCommented:
Yes, it's possible, but this is not a PHP question.  You use JavaScript to influence behaviors in the client browser.  You might try using the "required" attribute in the search field.
http://www.w3schools.com/tags/att_input_required.asp
0
 
Ray PaseurCommented:
Also, you might rethink the use of a POST request for a search.  If you use GET instead of POST, your clients can bookmark the page, they can share the link with others, etc.  The search parameters are in the URL.  It's just a much more user-friendly way to work the issue.
0
 
Black SulfurAuthor Commented:
Thanks Ray. But "required" doesn't work with safari, I need something that does.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Dave BaldwinFixer of ProblemsCommented:
I use POST for my search functions and filter the values like crazy.  A 'Search' form is a Big target for spammers.  Too often the 'users' aren't 'user friendly'.
0
 
Dave BaldwinFixer of ProblemsCommented:
You have to do it twice in any case.  Use Javascript in the browser and PHP on the server.  Remember that spammers will bypass your form and send directly to your 'action' page.
1
 
Ray PaseurCommented:
Try this.  I don't have an instance of Safari to test, but it seems like it should work.
http://www.html5rocks.com/en/tutorials/forms/constraintvalidation/#toc-safari

Also, whether the request is GET or POST, all external input (GET, POST, COOKIES, Daatabase, etc) is by definition tainted and therefore must be considered an attack vector.  Always filter everything!
1
 
Black SulfurAuthor Commented:
Works like a charm!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now