This is exactly why most PHP scripts that generate forms are also responsible for receiving and validating the input of those forms.
If all the input is valid, then you redirect to the page that will process (e.g. insert into database, etc) the data.
If any of the data is invalid, then you flag the fields that were invalid and regenerate the form with error messages.
What's nice about this approach is that you can pre-populate all the fields of the form that contained valid info -- this spares the user of having to fill in ALL the fields when only one or two of them might be bad.
Here's the flow of logic:
<?php
if (the user submitted data)
{
for each field in the form
{
is the user input valid?
if not, add this field to your "error fields" list.
}
if your "error fields" list is empty,
{
process the data (or redirect to your processing script)
and exit.
}
}
// if we got here, we need to generate the form.
generate the form. Output any error messages and highlight
any fields in your "error fields" list.
If any previously submitted data exists, populate the form
fields with the submitted value. Don't do this for fields
in your "error fields" list.
?>
Hope this makes sense!
Take care,
Nik
http://www.bigaction.org/