Creating Sticky Forms Using PHP

[Tech Manager]

Web browsing is meant to be a pleasant experience. But pleasant is not the word to describe the experience of filling out and submitting a webform only to have it reply that you have errors in your submission…and then take you back to an empty webform.

A simple solution to this problem is to use PHP to create sticky forms. A sticky form uses a $_GET, $_POST or in some cases a $_SESSION variable, to retain user data. If a site visitor uses a sticky form to submit data and your processing script catches an error or unacceptable user input such as a numeral in a first name, a letter in a phone number, missing or incomplete fields, and so on, the user will be returned to the form with all his original data intact.

Here’s a simple example of how to use PHP to make your form fields sticky:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table width="500" align="center"><tr><td valign="top"><fieldset><legend>Sender Information</legend>
<table width="500" align="center">
<tr>
<td valign="top"><p>*First Name:</p></td><td width=5></td><td valign="top"><input type="text" name="first" size="15" maxlength="30" value="<?=$_POST['first'] ?>"></td>
</tr>
<tr>
<td valign="top">*Last Name:</p></td><td width=5></td><td valign="top"><input type="text" name="last" size="25" maxlength="30" value="<?=$_POST['last'] ?>"></td>
</tr>
</table></fieldset></td></tr></table>
<table width="500" align="center"><tr><td valign="top"><fieldset><legend>Email Address</legend>
<table width="500" align="center">
<tr>
<td valign="top"><p>*Email Address:</p></td><td width=40></td><td valign="top"><input type="text" name="email" size="45" maxlength="100" value="<?=$_POST['email'] ?>"></td>
</tr>
</table></fieldset>
</td>
</tr>
</table>
<table width="500" align="center"><tr><td valign="top"><fieldset><legend>Submit Form...</legend>
<table width="500" align="center">
<tr>
<td valign="top" align="center"><input type="submit" name="submitcontact" value="Submit Contact Request"></td>
</tr>
</table></fieldset></td></tr></table>
</form>

Please note the value parameter within each of the form fields.

value="<?=$_POST['first'] ?>"
value="<?=$_POST['last'] ?>"
value="<?=$_POST['email'] ?>"

PHP will use these values to retain the form data in the event the form is rejected. If the form is rejected the site visitor will have an opportunity to correct the problem without having to reenter all the data.

Making your webforms sticky will improve the browsing experience of all who visit your website and use your forms.

Good luck!

[aaron_s]

I would have to suggest one thing for security.

Before the contents of the "sticky form", you should use htmlentities on the input. This will escape any potentially malicious data the user might have tried to post to your site. This is even more important if your form is using $_GET or $_REQUEST instead of $_POST. With $_GET, a malicious third party could craft an URL that would insert some XSS into that form with just enough 'wrong' information to make the form come back and be displayed to the user.

However, the idea is great - I applaud you for bringing up this usability item. I know people just can't stand it when they fill out a form - and then have to return with NOTHING left.

-aaron

[Tech Manager]

Quote:

Originally Posted by aaron_s

I would have to suggest one thing for security.

Before the contents of the "sticky form", you should use htmlentities on the input. This will escape any potentially malicious data the user might have tried to post to your site. This is even more important if your form is using $_GET or $_REQUEST instead of $_POST. With $_GET, a malicious third party could craft an URL that would insert some XSS into that form with just enough 'wrong' information to make the form come back and be displayed to the user.

However, the idea is great - I applaud you for bringing up this usability item. I know people just can't stand it when they fill out a form - and then have to return with NOTHING left.

-aaron

I appreciate the feedback. The original post only deals with the Sticky Form itself, not the security scripts and other processing. Instead of htmlentities I would probably rely more on strip_tags() and regular expressions to validate the data against the input I would accept.

Thank you for responding.

[kgun]

About 90 % and more of what you need for your php programming is already made for you like

PEAR :: Package :: HTML_QuickForm

Tiger Computing Ltd : The Linux Company:

Two posts for the religious

Php performance vs ASP.Net Performance - ASP.NET Forums

I’m sorry, but PHP sucks! » Jonas Maurus’ maurus.net

[Tech Manager]

Quote:

Originally Posted by kgun

About 90 % and more of what you need for your php programming is already made for you like

PEAR :: Package :: HTML_QuickForm

Tiger Computing Ltd : The Linux Company:

Two posts for the religious

Php performance vs ASP.Net Performance - ASP.NET Forums

I’m sorry, but PHP sucks! » Jonas Maurus’ maurus.net

Sure, there are plenty of premade scripts, forms, etc., but if you want to be a successful programmer it really helps to know a little about the code. Whether you are working with PHP, ASP, AJAX, Java, JavaScript, XML, RSS, take some time to learn the how and why things work. Stay on top of the security issues and learn to identify threats.

I have absolutely nothing against scripts/templates. Call me a purist, but I truly prefer to know and understand the language so I can use appropriate standards, improve and troubleshoot the code, stay aware of exploits and instruct others.

If you are not a programmer then by all means use templates, PEAR packages, ASP applications, PHPbb or whatever it takes to make your life successful. But, if you want to be the one who creates PEAR packages, ASP applications, etc., learn the appropriate languages and hone the skills.

This particular thread is not intended as the end all to your form needs. Its intent is to introduce some relatively simple concepts to those webmasters and coding neophytes who like to understand how things work.

As for kgun's post, he provides some very good information. Visit the links and take a close look at some of the packages. There is some excellent code available. Get some of it and do some reverse engineering. Learn how things work; it is fun and the knowledge you gain will be invaluable in your future programming.

As for the last two links in kgun's post...It's Mac versus Windows all over again.

There are vast differences between ASP & PHP but I think this isn't the thread to debate the values. In my case I will say both are great languages with ASP a more powerful language and PHP easier to learn.

As for maurus.net post, "I’m sorry, but PHP sucks", I strongly disagree with the position in his title, but not all the substance of his opinion piece.

When I worked at Microsoft, many of the software engineers were enthralled with Windows 95, 98, XP and Longhorn at the time. But many of them despised Millennium (with good reason). PHP & ASP, like Windows OS's are evolving. They will continue to evolve and each will have its place and purpose in the coding world.

[kgun]

I think Pear is an excellent PHP package invented by a Norwegian OOP programmer that I do not remember the name of. My own background in chronological order:

1. Fortran.
2. A lot of IBM main frame programs. Nag, Troll from MIT (CIA related, my initials were KGB in the Central Bank of Norway's research department. The only institution outside the USA that could go inside the Troll System. Not dangerous to say that in 2008, since I fired myself in 1996).
3. C.
4. C++. Borland C++ Builder Professional that even implemented MS C++ Class library better than Ms.
5. A little assembler.
6. A little Simula.
7. PHP.
8. JavaScript.
9. Transact SQL.

The "religious" thread's was only to prevent that discussion. As I wrote in another thread, the problem is most often not the language, but the code.

Now, since you partly "disagree" with me, you are soon a WPW moderator

I am a happy amateur compared to the programmers at Fast (that were bought by MS) and Opera.

[Tech Manager]

Quote:

Originally Posted by kgun

I think Pear is an excellent PHP package invented by a Norwegian OOP programmer that I do not remember the name of. My own background in chronological order:

1. Fortran.
2. A lot of IBM main frame programs. Nag, Troll from MIT (CIA related, my initials were KGB in the Central Bank of Norway's research department. The only institution outside the USA that could go inside the Troll System. Not dangerous to say that in 2008, since I fired myself in 1996).
3. C.
4. C++. Borland C++ Builder Professional that even implemented MS C++ Class library better than Ms.
5. A little assembler.
6. A little Simula.
7. PHP.
8. JavaScript.
9. Transact SQL.

The "religious" thread's was only to prevent that discussion. As I wrote in another thread, the problem is most often not the language, but the code.

Now, since you partly "disagree" with me, you are soon a WPW moderator

I am a happy amateur compared to the programmers at Fast (that were bought by MS) and Opera.

I appreciate your background info. Mine is similar, except it includes additional emphasis on systems, networks, etc. It's always nice to meet a fellow techie.

I agree with you about PEAR. It is an exceptional package. Pear was the brain child of Stig Bakken.

Here's a nice little history and introduction to PEAR: Getting Started with PEAR - PHP's Low Hanging Fruit

Here's an additional article you might enjoy:

Q&A: PHP creator Rasmus Lerdorf

As for being a moderator...no hurry, maybe someday.

[kgun]

Quote:

Originally Posted by Tech Manager

Here's a nice little history and introduction to PEAR: Getting Started with PEAR - PHP's Low Hanging Fruit

Google:

php low hanging fruit kgun site:www.webproworld.com

[wige]

Well, if you are going to get in a religious debate, the ultimate language is PERL. I remember back in the day (and I'm younger than both of you) when we used to laugh at the "newbies" programming their sites in PHP. Now who uses PERL? Everything evolves.

If you want chronology: BASIC > HTML > PERL > JAVA > C++ > PHP

Man, I feel old...

[Tech Manager]

Quote:

Originally Posted by wige

Well, if you are going religious, PERL. I remember back in the day (and I'm younger than both of you) when we used to laugh at the "newbies" programming their sites in PHP. Now who uses PERL? Everything evolves.

If you want chronology: BASIC > HTML > PERL > JAVA > C++ > PHP

Man, I feel old...

Old? When I started my first year of college we were using IBM punch cards. Talk about a nightmare when you drop a sleeve of those...

[Tech Manager]

Quote:

Originally Posted by kgun

Google:

php low hanging fruit kgun site:www.webproworld.com

Found it. Thanks.

[kgun]

What about ftp://ftp.daimi.au.dk/pub/beta/betabook/betabook.pdf where everything is a pattern (generalized class)?

I plan to make C++Builder product page or later my next Software buy.

[Tech Manager]

Quote:

Originally Posted by kgun

What about ftp://ftp.daimi.au.dk/pub/beta/betabook/betabook.pdf where everything is a pattern (generalized class)?

I plan to make C++Builder product page or later my next Software buy.

Thanks for the links.

[wige]

I've built in Borland using their compilers for Java and C++ for school, but as most of my programming has been more hobby-level, I tend to stick with the free stuff. I was actually surprised when Microsoft released free versions of their development tools.

[southplatte]

Quote:

Originally Posted by wige

I've built in Borland using their compilers for Java and C++ for school, but as most of my programming has been more hobby-level, I tend to stick with the free stuff. I was actually surprised when Microsoft released free versions of their development tools.

That makes two of us who were surprised - needless to say I have now been working on learning some basic C# and VC++ after starting with Basic->HTML->JavaScript->Java->PHP with some ASP and minimal VB added in there.

[carbonize]

Just to be pedantic and bring this thread back on topic.

1 - As already mentioned you should always sanitize any incoming data before displaying it.
2 - Not all servers have short tags enabled so you should always use <?php ... ?> when writing code that is for public use.

As to all the talk about packages and the like I'd sooner get down and dirty and write as much of the code myself as possible. That way I know there is no code that I don't need.

[Tech Manager]

Quote:

Originally Posted by carbonize

Just to be pedantic and bring this thread back on topic.

1 - As already mentioned you should always sanitize any incoming data before displaying it.
2 - Not all servers have short tags enabled so you should always use <?php ... ?> when writing code that is for public use.

As to all the talk about packages and the like I'd sooner get down and dirty and write as much of the code myself as possible. That way I know there is no code that I don't need.

I love the above response. I also prefer to write as much of my own code as possible. Thanks for responding.