Form Validation With PHP

<!DOCTYPE HTML> 
<html>
<head>
<link href='http://fonts.googleapis.com/css?family=Lato&subset=latin,latin-ext' rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Lobster' rel='stylesheet' type='text/css'>
<title>Simple form validation with PHP</title>
<!--Adapted from http://www.w3schools.com/php/php_form_validation.asp -->
<style>
.error {color: #FF0000;}

body {
  font-family: lato, sans-serif;
  margin: 0;
  padding: 0;
  background: #bdc3c7;
}

.container {
  max-width: 900px;
  background: #ecf0f1;
  color: #2c3e50;
  font-size: 2em;
  margin: 0 auto;
  padding: 1em;
}

input {
  font-size: 1em;
}

input[type=submit] {
  background: #3a9bdc;
  color: #FFF;
  border-radius: 5px;
  border: none;
  padding: 0.25em 0.5em;
}

input[type=text] {
  border: 1px solid rgba(44, 62, 80,1.0);
  border-radius: 3px;
}

h1 {
  margin-top: 0;
}

h2 {
  font-family: lobster, serif;
  font-size: 5em;
  text-align: center;
  color: #c0392b;
  margin-top: 0.5em;
}

.testForm {
  background: rgba(44, 62, 80,1.0);
  color: #fff;
  border-radius: 0.5em;
  padding: 0.5em 1em;
  max-width: 550px;
  margin: 0 auto;
}
</style>
<script src="//code.jquery.com/jquery-2.1.1.min.js"></script>

</head>

<!--
**Caution**
This is NOT a *fully* secure way to accept data and pass it from a form to a database. 
This is intended to be used as a basic and simple explanation of *some* techniques & considerations
that can be used to make your form validation and database entries more secure. 
Consider using PHP parameters (http://blogs.msdn.com/b/sqlphp/archive/2008/09/30/how-and-why-to-use-parameterized-queries.aspx) 
or by using prepared statements (http://php.net/manual/en/pdo.query.php) to sanitize your calls to the database.

Also, this example does not make a connection to a database (for simplicity's sake)
but if you intend to make a connection, consider keeping your password secure by 
storing it in a separate includes file outside of the root directory (http://devzone.zend.com/888/php-security-tip-9/) 
or by using a config file (http://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php).

Security is an ever-evolving issue- be sure to check with up-to-date resources to ensure your 
database security. DO NOT try to create your own system- it will only work against people who 
aren't smarter than you. Rely on the prevailing best practices and it will work against people 
who aren't smarter than the smartest people contributing to these practices. 

-->

<body> 
  <div class="container">
    <?php

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
       if (empty($_POST["name"])) {
         $nameErr = "Name is required";
       } else {
         $name = test_input($_POST["name"]);
         // check if name only contains letters and whitespace
         if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
           $nameErr = "Only letters and white space allowed";
           $name = ''; //Delete the name because it uses unacceptable characters
         }
       }
    }

    function test_input($data) {
       $data = trim($data);
       $data = stripslashes($data);
       $data = htmlspecialchars($data);
       return $data;
    }
    ?>

    <h1>PHP Form Validation Example</h1>
      <div class="testForm">
        <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
           Name: <input type="text" name="name" value="<?php echo $name;?>" autofocus="autofocus" autocomplete="on">
           <span class="error">* <?php echo $nameErr;?></span>
           <br><br>
           <input type="submit" name="submit" value="Submit"> 
        </form>
      </div><!--/.testForm-->

    <?php
      if(!empty($name)){ //only run if there is a name (if deleted bc of unacceptable chars, will not run)
        echo "<h2>Hello ".$name."!</h2>";
      }
    ?>
  </div><!--/.container-->
<script>
  var height = window.innerHeight;
  $('.container').css('height',height);

</script>

</body>

</html>