Page 453 - Beginning PHP 5.3
P. 453
Chapter 14: Manipulating MySQL Data with PHP
form by calling displayForm() , passing in two empty arrays and an empty Member object. (You see
why it does this in a moment.)
The displayForm() function, as its name suggests, handles the displaying of the registration form. It
expects three arguments:
❑ $errorMessages is an array holding any error messages to display to the user
❑ $missingFields is a list of any required fields that weren ’ t filled in by the user
❑ $member is a Member object holding any data entered by the user so far, used for prefilling the
form fields if an error needs to be displayed. (This gives you an idea of the flexibility of OOP —
the script uses the Member class not only for database access, but also to hold temporary
member data between form submissions.)
The function displays the page header and, if any error messages were contained in $errorMessages ,
these are displayed at the top of the page. Otherwise a welcome message is displayed.
Next, the form itself is output. This works much like the registration.php form in Chapter 9. Each
field is displayed, calling validateField() if appropriate to highlight any missing required fields.
A field ’ s value is prefilled by calling $member - > getValueEncoded() to retrieve the previously entered
value stored in the $member object. In the case of the gender checkboxes, setChecked() is called to
pre - check the appropriate box. With the favoriteGenre() select menu, setSelected() is used
to pre - select the correct option.
The form also includes a hidden field, action , with the value of “ register . This is used by the if
”
statement at the top of the script to determine if the form has been submitted.
After the form has been displayed, the page footer is output by calling displayPageFooter() .
processForm() deals with validating and storing the submitted form data. First the function sets up a
$requiredFields() array holding a list of the required form fields, and two empty arrays:
$missingFields() to hold any required fields that weren ’ t filled in by the user, and $errorMessages
to store any error messages to display to the user.
Next, the function reads the nine form field values — username , password1 , password2 , firstName ,
lastName , gender , favoriteGenre , emailAddress , and otherInterests — from the $_POST array
and stores them in a new Member object. For each field, it looks to see if the field exists in the $_POST
array; if it does, it is filtered through an appropriate regular expression to remove any potentially
dangerous characters, and stored in the Member object. If the field doesn ’ t exist, an empty string ( “ “ ) is
stored instead.
Find out about regular expressions in Chapter 18 and input filtering in Chapter 20.
For the password1 and password2 fields, the script checks that both fields were filled in and that their
values match. If this is the case, password1 ’ s value is stored in the password field of the Member object.
Otherwise, an empty string is stored:
“password” = > ( isset( $_POST[“password1”] ) and isset( $_POST[“password2”] )
and $_POST[“password1”] == $_POST[“password2”] ) ? preg_replace( “/[^ \-\_
a-zA-Z0-9]/”, “”, $_POST[“password1”] ) : “”,
415
c14.indd 415
c14.indd 415 9/21/09 9:14:06 AM
9/21/09 9:14:06 AM
