R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Exiting from a PHP Form Validator

Also see:

Below are some code blocks to illustrate some points about exiting a form validator. The first block avoids all JavaScript and simply exits the user if the Google reCAPTCHA has not been clicked on the form on the HTML page. If using a PHP message (inside the PHP exit() function) rather than a JavaScript alert, it is polite to end it with Press Back button since it won't go back to the HTML page automatically. Why not use a PHP function to return to the previous page?

We wouldn't use the set $_SERVER referrer as that can be manipulated and thus not trusted. And we didn't want the hassle of using sessions. Sessions are NOT a good way of returning to the last page. If the user has two tabs open at the same time, the session variable will be overwritten by either tab. We also wanted to avoid the unreliability and vulnerability of using the header("Location: index.php") function. And the $_SERVER['HTTP_REFERER'] is unreliable and it's a pretty bad idea overall as the header can be hijacked. And storing the previous page in a query string may start opening up XSS holes. So let the visitor hit the back button which is both secure and easy.

1. $captcha=$_POST['g-recaptcha-response'];
if(!$captcha){exit("Please check the captcha form. Press Back button.");}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='yoursecretcaptchakey'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false)
{exit("Fill fields, please. Press Back button.");}

The second code block uses JavaScript for the message and both JavaScript and PHP for the exit. Since PHP scripts tend to run until there are errors, server problems, end of script commands (?>), or a die() or exit() function, a JavaScript window.location command in the middle of a PHP script may not really exit the user from the PHP script until the whole script runs or a die() or exit() is encountered, at which point it recalls the JavaScript command and goes to the desired page. The effect of this in an email form validator is that even though you did not want the email to get sent, it gets sent anyway (in a cleaned up form, since any good script will have stripped all the undesirable characters out of it at the beginning of the script) if you're trying to exit solely using JavaScript. The email will still get sent unless your window.location function is followed by a PHP exit() function, in which case no mail will get sent since the rest of the PHP script will not run. You'll get the desired result by using a code block like the one below.

2. $Name=$_POST['Name'];$T=$Name;cleanit($T);$Name=$T;
if (strlen($Name)<5){
echo '<script language="javascript">alert("Please enter your full real name. It will be kept private.");window.location = "index.html#input";</script>';exit();}

The third code block shows the end of a script, which should automatically exit, so the addition of the exit() function is simply a good habit to get into to ensure your code does what you want it to. Note the JavaScript alert before the PHP exit. This is a very viable method for clean exits with good user-friendly messages.

3. $to = "ourwebsite@site.info";
$subject = "ourwebsite email";
$message = $N."\nPHONE: ".$H."\nFAX: ".$F."\nEMAIL: ".$E."\nMESSAGE: ".$A;
$headers = "From: ".$E;
$mail_sent = mail($to, $subject, $message, $headers);

if($mail_sent){echo '<SCRIPT LANGUAGE="JavaScript">alert("Message sent!");</script>';}
echo '<SCRIPT LANGUAGE="JavaScript">window.location = "index.html";</script>';exit();}
?>

To sum up, there are several different ways to exit a PHP validator that gets posted HTML form input:

  1. PHP only — The most secure method as long as you exit with the PHP exit() function. This is less user-friendly than the JavaScript and PHP together method, which is almost as secure. The user will need to hit a Back button, which may feel like the webmaster must be a bit amateurish.
  2. PHP only exiting with such things as $_SERVER['HTTP_REFERER'] — We've discussed above all the things that may go wrong with this method and the others mentioned above. JavaScript and HTML are both built to conveniently and securely send the user to other web pages, but PHP is simply not.
  3. JavaScript only — This is an unreliable exit method in a PHP script, since the PHP script tends to run until it hits the end or a PHP exit() or die() function, and then if you're lucky it may recall where JavaScript wanted it to go.
  4. JavaScript and PHP together — This is best for user and programmer alike. This is a very viable method for clean, safe exits with good user-friendly messages.