HTML FORM + PHP: form action to remain on same page as login

Question

at the moment my form links to a new page with all of my php code on it. I would like for all of the code to be executed on the same page as it does in this tutorial: http://www.w3schools.com/php/php_form_url_email.asp

I'm having some difficulty understanding exactly how this tutorial manages it. I was thinking maybe it would be possible to store my add.php code in a function and then call it with form action. Is this possible? If not what would be the best way to go about this?

here is my form code:

<form action="add.php" method="post">

    <p>
           Username: <input type="text" name="Username"><br>
           Email: <input type="text" name="Email"><br>
           Password: <input type="password" name="Password"><br>
           Confirm Password: <input type="password" name="ConfirmPass">
    </p>

    <p>
           <input type="submit">
    </p>

</form>

and here is my add.php page:

<?php

$Username = $_POST['Username'];
$Password = $_POST['Password'];
$Email = $_POST['Email'];
$ConfirmPass = $_POST['ConfirmPass'];
$safeUsername = SQLite3::escapeString($Username);
$safePassword = SQLite3::escapeString($Password);
$safeEmail = SQLite3::escapeString($Email);
$safeConfirmPass = SQLite3::escapeString($ConfirmPass);
$hostName = explode('@', $Email);


$database = new PDO('sqlite:maindb.db');

$sql = "SELECT * FROM users WHERE Username = ?";
$result = $database->prepare($sql);
$result->bindParam(1, $safeUsername);
$result->execute();



    if($result->fetch()) {  
            echo "Username " . $safeUsername . " already exists";
    }
    else { 
                if (filter_var($safeEmail, FILTER_VALIDATE_EMAIL) && checkdnsrr($hostName[1]) && !empty($safeEmail)) {
                    if (preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$safeEmail)) {
                        if (!empty($safeUsername) && (preg_match("/^[a-zA-Z ]*$/",$safeUsername)) && !empty($safeUsername)) {

                            if ($safePassword == $safeConfirmPass && !empty($safePassword)) {
                                echo $Username . " was successfully added to the database.";
                                $stm = "INSERT INTO users(Username, Password, Email) VALUES(?,?,?)";
                                $stmt = $database->prepare($stm);
                                $stmt->bindParam(1, $safeUsername);
                                $stmt->bindParam(2, $safePassword);
                                $stmt->bindParam(3, $safeEmail);
                                $stmt->execute();

                                $database = null;
                            }
                            else {echo "Passwords do not match"; }

                        }
                        else {echo "Invalid Username.";}
                    }
                    else {echo "Invalid e-mail address.";}
                }
                else {echo "Invalid e-mail address.";}
        }



?>

Thanks for the help! I appreciate it.

Answer 1

In the tutorial you linked they use

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //your stuff here
    //save your form values etc.
}

to check if there has been a post to your page (this can be any page so also the same page). Basically this will check if a POST request has been send to this page. Which will if you use a from with a post method.

As an extra test they also put stuff like

if (empty($_POST["name"])) {
    //name is empty print error!
}

in it to check if a field is empty or not. all you gotta do now is change your action to the same page.