Table of contents
In this tutorial, we will be going to learn how to create a sticky form in PHP PDO and sticky form easily sanitize the user input before the submission. Let's see the details.
Sticky Form in PHP PDO
Sticky forms in PHP are a technique used to preserve form data after a form has been submitted. This can be very useful for users in situations where a user has made an error in the form and needs to correct it, or double-check their information before the final submission.
Read also : PHP connect to MySQL Database
We need to create a sticky form in PHP, the first step is to store the form data in variables. First, create a database table named 'users'. These variables can be either $_POST or $_GET, depending on the method used to submit the form.
Create Database Table:
create table users (id int PRIMARY KEY AUTO_INCREMENT,
name varchar(30) not null,
email varchar(100)NOT null,
password varchar(100));
Once the data is stored in the database, it can be used to pre-populate the form fields when the page is loaded again.
Sticky Form HTML:
In the above code, the form data is stored in the $_POST array and is used to pre-populate the form fields. The fields are created and the value is submitted and if there are errors that occur, the user can easily correct them without having to re-enter all of the data.
<div class="container py-5">
<div class="col-md-6 mx-auto">
<form method="post" class="form-control p-4" action="">
<div class="row g-3 align-items-center">
<h1 class="py-3 text-center">Sticky forms in PHP</h1>
<div class="mb-3">
<label class="form-label" for="name">Name:</label>
<input class="form-control" type="text" id="name" name="name" value="<?php echo $name; ?>"><br>
<span class="error">* <?php echo $nameErr;?></span>
</div>
<div class="mb-3">
<label class="form-label" for="email">Email:</label>
<input class="form-control" type="email" id="email" name="email" value="<?php echo $email; ?>"><br>
<span class="error">* <?php echo $emailErr;?></span>
</div>
<div class="mb-3">
<label class="form-label" for="password">Password:</label>
<input class="form-control" type="password" id="password" name="password"><br>
<span class="error">* <?php echo $passwordErr;?></span>
</div>
<input class="btn btn-success" type="submit" value="Submit">
</div>
</form>
</div>
</div>
PHP PDO Connection and Stored Data:
try {
$pdo = new PDO("mysql:host=localhost;dbname=webontools", "root", "");
// set the PDO error mode to exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)";
$stmt = $pdo->prepare($query);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':password', $password);
$stmt->execute();
//echo "data instered successfully";
header("Location: stickyform.php");
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
SERVER POST METHOD code:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
//Validation process
// stored data using PDO connection
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
Validation Process code:
$nameErr = $emailErr = $passwordErr = "";
if (empty($name)) {
$nameErr = "Name is required";
} else {
$name = test_input($name);
}
if (empty($email)) {
$emailErr = "Email is required";
} else {
$email = test_input($email);
}
if (empty($password)) {
$passwordErr = "Password is required";
} else {
$password = test_input($password);
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
if (strlen($password) < 8) {
$passwordErr = "Password must be at least 8 characters long";
}
if (empty($nameErr) && empty($emailErr) && empty($passwordErr)) {
//PHP PDO Connection
Conclusion:
If the sticky form is best for security, they are the security reasons, it is good for sanitizing the user input data before using it to repopulate the form. This is to prevent any malicious code from being executed on the server.