First of all, there is no code with me … I’m gathering required data to start a project.
I will be having multiple <form>s on a website which are all linked to the same PHP page, say for example to send email or add data to DB.
Now, I can build the forms, and the PHP page to send mail or add data to DB. BUT here is the point I need to know about … If any of the forms call the PHP page, how can I know which one did to act accordingly?
Also, is it better to do double-validation to the form? I mean, client-side then server-side?
Since we are talking about validation, is it better to be, on client-side, JS or JQuery (I can write both)? And about the DB thing, how can I secure it?!! I mean, how can I assure that the user won’t enter a PHP code to mess things up and how I can detect it.
I know this seems to be like general question or a discussion, but you will be helping me a lot. And frankly, I’ve been using this website for around 3 yrs now, and you guys helped me pass my grad project with a great grade 🙂 So I’m willing to find answers here 🙂
Thanks all.
You can use hidden fields in your form to denote which action should take place. You can also just include a parameter in the ACTION attribute of the form. Same result either way.
For validation, server side validation comes first and then add client side validation to reduce server processing and reduce round trip times. People will appreciate responsive form designs. There are plenty of form validation tools available, just look at the Related links for this question.
For security, make sure you’re using PDO or the Mysqli extension to create your queries. The golden rule is to escape your input and encode your output. You can use methods like htmlspecialchars() to encode your output. And make use of PHP’s Filter methods. This will help you immensely – http://php.net/manual/en/book.filter.php. Also, it’s usually better to whitelist rather than blacklist when working with validation.