Drop Shadow

Form Verification

This plug-in helps you verify that the stuff you get from your forms meets certain basic criteria. For example, you can require that some fields not be left empty, and require that others be e-mail addresses, or numbers. This plug-in is designed for custom forms, where you are handling the forms in PHP that you write. If you want more automatic handling of form data, see some of the other web coding plug-ins we’ve made available to you:
Custom verificationIf you need to customize your form verification, there are some functions in the JavaScript file to assist you.
Custom warningsIf you need to move warnings somewhere else, you can set the form plug-in to queue warnings until you tell it to display them.
Easy SQL in PHPThis PHP plug-in makes it a lot easier to work with SQL databases on your PHP pages.
Email FormHave your form data sent automatically to your e-mail address from any form on a PHP web page.
At its most basic, you need two lines to get started using the form verification plug-in:

include_once("/web/includes/forms.phpi"); $contactForm = new Form();

You should put this at the very top of your PHP web page. Otherwise, some functions will fail.

Get data

If you want a simple list of all of the data from your form, you can use $contactForm->displayFields(). If you want them joined with something special, such as a break, pass that as an argument. For example:


By default, the data is displayed as a table. You can also use $contactForm->allFields() to get the list back broken up by carriage returns. You might use this to pass the list to another function, such as to the Mail Queue plug-in.

Valid data

By default, the form will accept data from both POST and GET methods, and from cookies. You can specify that the plug-in only pays attention to a subset of those types (as well as FILE), by adding that as a parameter when you make the new form:

//only accept GET data $contactForm = new Form("get") //accept both GET and COOKIE data $validSources = array("get", "cookies"); $contactForm = new Form($validSources);

The valid types are get, post, cookies, and files. If you need to add more methods later in your script, you can use $contactForm->addMethods() to add them. You can (and should) also specify what fields constitute a valid submission. If you don’t specify a list of valid fields, then the plug-in will assume that any data sent to it is worth looking at.

$validFields = array("name", "address", "age"); $contactForm = new Form("get", $validFields);

Special headers

For the plug-in to pre-flight a form before it gets submitted, you need the appropriate JavaScript in your page’s HEAD. The plug-in itself can create this for you, but you’ll need to add the HTMLHead() method in between the <HEAD> and </HEAD> section of your page.



The most basic requirement is that some fields cannot be empty. Use the required() method to specify these. You can also use the numeric() method to specify that a field or fields must only contain numbers.

$requiredFields=array('name', 'address'); $contactForm->required($requiredFields); $contactForm->numeric('age');

Start and end the form

<?$contactForm->start();?> <p>Name: <?$contactForm->text("name");?></p> <p>Address: <?$contactForm->text("address");?></p> <p>Age: <?$contactForm->text("age");?></p> <p><?$contactForm->submitbutton();?></p> <?$contactForm->end();?>

If you want the form to have a special style, you’ll need to tell the plug-in this before you start the form.

$contactForm = style("contacts");

Has the form been submitted correctly?

You’ll want to verify that the form was submitted correctly, even if you have JavaScript pre-flighting set up. All verification should be performed “server-side” to reduce the effectiveness of hacking attempts. Often, you’ll also want to create a message for people after they’ve submitted the form. You might even want to not show them the form after they’ve submitted it. Use the submitted() method to control these sections. It returns either true or false, depending on whether or not the form has been submitted.

<?IF ($contactForm->verify()):?> <p>Thank you for submitting this form!</p> <?ELSE:?> <?$contactForm->start();?> <p>Name: <?$contactForm->text("name");?></p> <p>Address: <?$contactForm->text("address");?></p> <p>Age: <?$contactForm->text("age");?></p> <p><?$contactForm->submitbutton();?></p> <?$contactForm->end();?> <?ENDIF;?>

The verify() method will check that all required fields were submitted and that numeric fields are numeric; if anything is wrong, it will display a list of the incorrect submissions.


Some fields are a list of choices. Only those choices are valid. Rather than having the person type them in, we can make it be a multiple choice field. First, you need to give the plug-in an array of choices.

<? $contactForm->choices('cakes', $validcakes); ?>

Now, when you put this field on your form, you can use multiplechoice() to place it as a series of checkboxes.

<p>Cake: <? $contactForm->multiplechoice('cakes'); ?></p>

When you specify that a field is a list of choices, verification will also ensure (on the server) that the field does contain one of those choices if the field has been entered. By default, the form will automatically pre-select choices after the form has been submitted if you redisplay the form. If you want some choices to be pre-selected even before the form has been submitted, pass those as an array:

<p>Cake: <? $contactForm->multiplechoice('cakes', array('angel', 'devil', 'is a lie')); ?></p>

Option choices submitted via the form will take precedence over the provided defaults.

Advanced information for your script

All that the above does is to verify form submission. It doesn’t do anything with the form data. What you do with the form data is up to you. This plug-in is designed for custom forms. But it does have some features that you can use to make handling your form data easier. You can get the value of any submitted field using the fieldValue() method.

$name = $contactForm->fieldValue('name');

This returns the first valid POST, GET, or COOKIE value that it finds.