Help with Form Validation

[eluser]Flying Fish[/eluser]
Newbie, having trouble getting form validation to work.

Here's the Controller

Code:

<?php

// For added security
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Order extends Controller{

    function __construct()
    {
        parent::Controller();        

        $this->load->helper(array('form', 'url'));                
        $this->load->library('form_validation');

    }

    function index()
    {
        $data['title'] = "Order Stuff Here";
        $data['heading'] = "Let's Get Started";
        
        // Set up rules to validate the getting started form
        $config = array(
               array(
                     'field'   => 'user_first_name',
                     'label'   => 'First Name',
                     'rules'   => 'required'
                  ),
               array(
                     'field'   => 'user_last_name',
                     'label'   => 'Last Name',
                     'rules'   => 'required'
                  ),
               array(
                     'field'   => 'user_email',
                     'label'   => 'Email',
                     'rules'   => 'required|valid_email'
                  ),  
               array(
                     'field'   => 'user_phone',
                     'label'   => 'Phone',
                     'rules'   => 'required'
                  )
            );

        $this->form_validation->set_rules($config);
        
        // If there is a validation error, show the form again
        if ($this->form_validation->run() === FALSE)
        {
            $this->load->view('order_index', $data);
        }
    }
    
    function choose_item()
    {
        $data['title'] = "Choose an Item";
        $data['heading'] = "Choose an Item";
        $data['query'] = $this->db->get('nbt_items');

        $this->load->view('order_choose_item', $data);
    }

And Here's the View

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
&lt;html &gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /&gt;
&lt;title&gt;&lt;?=$title?&gt;&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;

    <h1>&lt;?=$heading?&gt;</h1>
    <p>First, some info about you and your church.</p>
    &lt;?=validation_errors()?&gt;
    &lt;?=form_open('/order/choose_item/')?&gt;
    &lt;?=form_fieldset('About You')?&gt;
    <div><label for="user_first_name">First Name</label>&lt;?=form_input('user_first_name', 'john')?&gt;</div>
    <div><label for="user_last_name">Last Name</label>&lt;?=form_input('user_last_name', 'doe')?&gt;</div>
    <div><label for="user_email">Email</label>&lt;?=form_input('user_email', '[email protected]')?&gt;</div>
    <div><label for="user_phone">Phone</label>&lt;?=form_input('user_phone', '123-456-7890')?&gt;</div>
    <div><label for="user_cell">Cell Phone</label>&lt;?=form_input('user_cell', '123-456-7890')?&gt;</div>
    <p>Having your cell number can be very helpful if we need to contact you about your order.</p>
    &lt;?=form_fieldset_close()?&gt;
    &lt;?=form_fieldset('About Your Crusade')?&gt;
    <div><label for="church_name">Church Name</label>&lt;?=form_input('church_name', 'Your Church Name Here')?&gt;</div>
    <div><label for="church_street">Street</label>&lt;?=form_input('church_street', '123 Church Street')?&gt;</div>
    <div><label for="church_city">City</label>&lt;?=form_input('church_city', 'Sampletown')?&gt;</div>
    <div><label for="church_state">State</label>&lt;?=form_input('church_state', 'Stateland')?&gt;</div>
    <div><label for="church_zip">Zip</label>&lt;?=form_input('church_zip', '01234-5678')?&gt;</div>
    &lt;?=form_fieldset_close()?&gt;
    &lt;?=form_submit('submit', 'Continue');?&gt;
    &lt;?=form_close()?&gt;

&lt;/body&gt;
&lt;/html&gt;

On successful completion, I want the form to go the the next function in my Order class which is /order/choose_item/

When I submit the form now it is following the form action but not cathing the mistakes I intentionally put in it

Help :-)

[eluser]TheFuzzy0ne[/eluser]
Firstly, you should only really run the validation when you know the form is being submitted. My forms tend to have a button with the name attribute set to "submit". So then I can do something like this in my code:

Code:

if ($this->input->post('submit') && $this->form_validation->run())
{
    // ...

I would probably write your method something like this:

Code:

<?php
function index()
{
    # Set up rules to validate the getting started form

    $rule = array(
            array(
                'field'   => 'user_first_name',
                'label'   => 'First Name',
                'rules'   => 'required'
            ),
            array(
                'field'   => 'user_last_name',
                'label'   => 'Last Name',
                'rules'   => 'required'
            ),
            array(
                'field'   => 'user_email',
                'label'   => 'Email',
                'rules'   => 'required|valid_email'
            ),  
            array(
                'field'   => 'user_phone',
                'label'   => 'Phone',
                'rules'   => 'required'
            )
        );
    
    $this->form_validation->set_rules($rules);
    
    # Check if the form is being submitted. If it is, run validation

    if ($this->input->post('submit') && $this->form_validation->run() === TRUE)
    {
        # If the validation has passed, load another view and return/exit,
        # or redirect to another page.
    }
    
    # I like to keep my data array declaration down here, as often, things like
    # the title are changed dynamically depending on the outcome of the above logic.
    # This doesn't mean you should, however.

    $data['title'] = "Order Stuff Here";
    $data['heading'] = "Let's Get Started";
    
    $this->load->view('order_index', $data); // Load this view by default
}

Hope this helps.

EDIT: And it's really quite refreshing to see someone declaring a doctype in their view file, especially XHTML Strict. :cheese:

[eluser]Flying Fish[/eluser]
Thanks for the reply

I updated the Order controller to your suggestions, but the form just does not validate

I'm leaving the email field blank to test it, but it continues to the next step instead of showing the error

could it be that I'm setting some suggested values in the view?

Here's the updated controller

Code:

<?php


// For added security
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Order extends Controller{

    function __construct()
    {
        parent::Controller();
        
        $this->load->helper(array('form', 'url'));                
        $this->load->library('form_validation');

    }
    
    function index()
    {        
        // Set up rules to validate the getting started form
        $rules = array(
               array(
                     'field'   => 'user_first_name',
                     'label'   => 'First Name',
                     'rules'   => 'required'
                  ),
               array(
                     'field'   => 'user_last_name',
                     'label'   => 'Last Name',
                     'rules'   => 'required'
                  ),
               array(
                     'field'   => 'user_email',
                     'label'   => 'Email',
                     'rules'   => 'required|valid_email'
                  ),  
               array(
                     'field'   => 'user_phone',
                     'label'   => 'Phone',
                     'rules'   => 'required'
                  )
            );
        
        $this->form_validation->set_rules($rules);
        
        // Check if the form is being submitted. If it is, run validation
        if ($this->input->post('submit') && $this->form_validation->run() === TRUE)
        {
            // If the validation has passed, redirect to the next step
            redirect('/order/choose_item/');
        }
        
        $data['title'] = "Order Stuff Here";
        $data['heading'] = "Let's Get Started";
        
        // Load this view by default
        $this->load->view('order_index', $data);
    }
    
    function choose_item()
    {
        $data['title'] = "Choose an Item";
        $data['heading'] = "Choose an Item";
        $data['query'] = $this->db->get('nbt_items');

[eluser]TheFuzzy0ne[/eluser]
I think you're problem might be routing. I'd suggest that you don't have any kind of form validation in your index function if you can help it. If you do, you'll probably need a route to it.

Also you're currently submitting your form to '/order/choose_item/' when it needs to be validated by '/order/index/', (replace "index" with the name of your default controller, as set in your routes.php)

[eluser]Flying Fish[/eluser]
I'm looking at this again now...couple of questions.

1. Does the validated form always have to have an action that points to the same url? Is it not possible to validate and have it post to a different url?

2. Also curious about not putting validation in the index function. I loosely followed the tutorial here.
http://ellislab.com/codeigniter/user-gui...controller Which included the validation in the index function.

There isn't anything special about the index function really except that it's the one called if no other method is in the url...is that right?

[eluser]Flying Fish[/eluser]
Ok by changing the form action to 'order' I was able to get the form to work.

Code:

<?=form_open('/order/')?>

[eluser]TheFuzzy0ne[/eluser]
Yes, it's possible to have your form validated via another URL, in which case, that's where the validation rules need to be. However, unless you have a compelling reason to do so, I would suggest you avoid it, as it may make your code harder to follow. If you can look at your code again in 12 months time and it's clear enough for you to instantly know what's going on, then by all means, go for it.

Please ignore my comment about putting validation in the index method. I am easily confused in my old age, and I was thinking about passing arguments via the URI to the index page. However, your form still submits to /order/choose_item/ and will need to submit to /order/ if you want your index() method to do the validation.

If you want to, there's nothing stopping you doing this:

Code:

class Order extends Controller {

    function index()
    {
        $this->page1();
    }

    function page1()
    {
        // Do stuff
    }

    function page2()
    {
        // Do stuff
    }

}

So your index method will simply serve as an alias for your first page.

[eluser]Flying Fish[/eluser]
Thanks for the help! Think I got it working.

Going to move my rules to form_validation.php file in the config folder, as it seems to make sense to put all of my form validation rules there.

Question about cleaning the data for insertion into a database. If I am always limiting fields to either alpha_numeric or valid_email, then I don't need to do anything extra to scrub the data before it goes into the database, is that right?

[eluser]TheFuzzy0ne[/eluser]
Yes, that's right, so long as the data is escaped before it goes into your database. I can't see how anyone could run an SQL injection attack using number or a valid Email address, but it always pays to careful. If you're using Query Binds or the Active Record class, this is done automatically for you.

[eluser]Flying Fish[/eluser]
I appreciate the help. I know some of these questions may seem pretty basic, but they're helping me a great deal.

If I need to insert a one line comment into a database and it needs to be letters, numbers, spaces, and basic punctuation, no html or code necessary, how does this look.

The validation for the form field itself
'required|prep_for_form|encode_php_tags|xss_clean'

Then when I put the data into the database I use $this->db->escape()