<?php
function simpleEncode($valueArray,$maxValue) {
	$simpleEncoding = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
	$str = 's:';
	$t = count($valueArray);
	for ($i=0;$i<$t;$i++) {
		$currentValue = $valueArray[$i];
		if ((strlen($currentValue)!=0) && ($currentValue>=0)) {
    		$str .= substr($simpleEncoding,round((strlen($simpleEncoding)-1) * $currentValue / $maxValue),1);
    	}
      	else {
      		$str .= '_';
      	}
  	}
	return $str;
}
?>

You can then create the graph in a similar fashion to this:

<?php
$data = array(1,3,5,3,2,9,1,10,4);
?>
<img alt="sparkline" src="http://chart.apis.google.com/chart?cht=lc&chs=100x30&chls=1,1,0&chxt=r,x,y
&chxs=0,990000,11,0,_|1,990000,1,0,_|2,990000,1,0,_&chxl=0:||1:||2:||&chd=<?php echo simpleEncode($data,max($data)); ?>"/>

Which would output something similar to this:

First of all you have your HTML form, which then submits all the data to PHP to be validated etc. You have to write the validation rules for each form field in PHP, and then come up with a system of reporting errors back to the user. With large forms this can get extremely complicated!

Around two years ago I came across a form validator by Simon Willison. This basically let you write the entire form and it’s validation rules in the html. These rules are then read by PHP, applied to the relevant form fields and so on. It’s a very elegant solution that makes building forms much easier and faster, as well as easier to debug and maintain. I’ve been using this script for the last 2 years and have made various changes to the script along the way to suit my purposes.

However, the script does have it’s down-points. It uses the PHP 4 XML library which to be honest is rubbish! It causes the code to become extremely bloated and unable to handle certain characters such as ampersands (&). This means that as soon as a user enters an ampersand or a character like a dollar, the script would crash!

The script also only supported textfields, and didn’t provide support for radio buttons, checkboxes and select drop-down lists.

With all these positives and negatives in mind I’ve built my own PHP Form Processor from scratch, which I think does the job quite nicely. The script is open source and I’ve provided a tutorial and several example forms on how to use it.

The script also protects your forms against CSRF (Cross-site request forgery) and form manipulation. Anyway, without futher ado, here is the tutorial..

Requirements

• PHP 5 with SimpleXML support
• Session support
• Cheese on toast

Demonstration

Traditionally an XHTML form input box would look like this:

<input type="text" id="myBox" name="myBox" />

Using the PHP form processor this would be written as:

<element id="myBox">
 <input type="text" />
 <error> <strong class="error">!</strong></error>
 <compulsory message="myBox must be filled in" />
 <validate test="alpha" message="myBox must only be letters" />
</element>

At first glance it looks a lot more bloated than the traditional method, so lets take a look at what it’s doing and why it’s better.

When using the form processor all the form items are wrapped in element tags. The element tag tells the form processor that it’s a form field, and also specifies the ID. Within the element tag we define the properties and rules of the form field. In the above example we’re telling the form processor that the form field we want is a text field (<input type=”text” />), as well as defining various rules to apply to the user’s input.

The line  ’<error> <strong class=”error”>!</strong></error>’ defines what is displayed when a validation rule fails. In this case a bold exclamation mark would be displayed just after the text field.

The next few lines are the rules which we want to apply to the text field. The compulsory line states that the field must be filled in, and if it’s not present the message ‘myBox must be filled in’ to the user. The validate line states that the user input must only be letters, and if it’s not present the message ‘myBox must only be letters’ to the user.

Many rules can be applied to the form fields. They will be applied to the form field in the order that you define them (top to bottom). For example, if there are 3 rules defined for a form field and the first rule fails then the next 2 rules won’t be applied. Instead the error message for rule 1 will be shown to the user. If the 1st rule runs fine it’ll move onto the 2nd rule etc.

Here is a description of each of the rules available:

Compulsory

Checks whether the user has entered any input or not.

<compulsory message="This field is compulsory" />

Validate

Checks whether the user input matches the format specified. The format can be alpha, alphanumeric or numeric.

<validate test="alpha" message="email must be alpha" />

Regular Expression

Checks whether the user input matches the regular expression specified.

<regexp test="|^[a-zA-Z]*$|" message="email doesn't match the regexp" />

Text transform

Alters how the user input is outputted.

<text transform="upper" /> UPPERCASES THE ENTIRE INPUT
<text transform="lower" /> lowercases the entire input
<text transform="ucwords" /> Uppercases The First Letter Of Each Word

Minimum length

Checks whether the user input is of a required length.

<minLength length="4" message="This field must contain more than 3 characters" />

Maximum length

Checks whether the user input is greater than a required length.

<maxLength length="10" message="This field must contain less than 10 characters" />

Match

Checks whether the user input matches the user input in another field. Most common usage is for confirming passwords.

<match element="anotherFieldID" message="this field must match another field" />

Callback

Takes the user input and passes it to a PHP function of your choice. The function should take one parameter as a string (the user input), and return Boolean true or false. If the function returns false the error message will be presented to the user.

An unlimited number of callbacks can be defined for each form field – just place them one after another. Each callback will be run in order.. if the first one is ok then it moves onto the next one. However, if the first one fails it won’t run the other callbacks or rules.

<callback function="functionname" message="callback 1 failed" />

Summary & goodies!

The entire form and it’s rules are read in by PHP, which then goes through the form and extracts the rules. It then cleans up the form and produces strict XHTML which it outputs to the user. This means they never see the rules and just see standard XHTML markup.

It’s a difficult concept and you might be a bit confused at this point, so it’s probably best just to give you a working example. Here is a simple form which tests some of the functionality available (complete with source-code).

View example forms
Download the form processor (with examples) (version 2.01 – 24/01/2009)

As always I’d love to hear from you, so any thoughts, comments, bugs etc, please post! I’d also like to see examples of where people have used it, so feel free to drop me links!

For this reason, I would strongly suggest storing your sessions in a database. This tightens security considerably, and also allows for a wealth of new possibilities, such as running SQL queries on the database to see how many users are logged in. It is also the only logical solution if you are using multiple servers that need to access the same user sessions.

It’s quite simple to make the change to storing sessions in the database, and all you need for the following example is PHP 5 and MySQL.

First of all you will need to include the following PHP code in every page on your website that needs database or session access. It should be the very first thing included on every page.

sessions_database.inc.txt

Don’t forget to change your database details!

Secondly, you will need the following at the bottom of each page:

//You must call the following at the bottom of every page that uses sessions
session_write_close();

The last thing you need to do is to create the database table to store the sessions. Here is the SQL to do so for a MySQL database:

CREATE TABLE `sessions` (
  `id` char(32) NOT NULL,
  `data` longtext NOT NULL,
  `last_accessed` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;