WEBVTT

00:00.410 --> 00:06.020
It seems that the next sensible step is to add the handler for the form.

00:06.020 --> 00:11.780
Even in our diagram, this seems to be the next logical step.

00:12.020 --> 00:19.310
So we need one page to display the form, but another one that will handle this post request and do

00:19.310 --> 00:22.730
something with the input that is being sent to us.

00:23.300 --> 00:27.080
And I think that this should be also our next step.

00:27.080 --> 00:30.920
So let's go ahead and create a form handler.

00:32.840 --> 00:36.860
So we need the root file for this contact post route.

00:36.860 --> 00:40.250
Let's create it constant post PHP.

00:40.670 --> 00:44.540
And inside it we can handle the form submission.

00:45.050 --> 00:46.940
So what do we need to do here.

00:46.940 --> 00:50.840
First we would have to handle the CSRF token.

00:50.840 --> 00:53.420
But I just want to do it later.

00:53.510 --> 00:59.420
The next thing is to get the data from the super global called post.

00:59.420 --> 01:03.230
This will contain all the data sent through the form.

01:05.030 --> 01:06.860
So let's get our data.

01:06.890 --> 01:09.350
We need the name.

01:09.680 --> 01:11.990
This is inside post name.

01:12.020 --> 01:17.390
Or if this would be null, we just default to an empty string.

01:18.380 --> 01:21.230
Next up we need the email.

01:22.160 --> 01:29.150
Again we are taking this from the post super global or defaulting to an empty string.

01:29.690 --> 01:32.570
And finally the message.

01:34.760 --> 01:36.740
We do it the same way.

01:36.770 --> 01:38.660
Okay, now we have the data.

01:38.660 --> 01:41.960
It's time to validate it, see if it is empty.

01:41.960 --> 01:46.100
And we will only have some special cases for email.

01:46.130 --> 01:50.630
Or maybe we can also check some minimum length of the name or message.

01:51.230 --> 01:53.030
Let's think about it later.

01:54.290 --> 01:58.460
Next up, let's check if any of those values is empty.

01:58.490 --> 02:03.560
For that, we're gonna just use a simple if statement and call the empty function.

02:04.640 --> 02:15.920
So if either the name is empty or the email is empty or the message is empty, we just return the same

02:15.920 --> 02:23.390
response code and the same message for the list of possible codes that we can return.

02:24.320 --> 02:26.870
Let's check that in the MTN web docs.

02:26.870 --> 02:33.920
I think that this here is a client error, and typically when the input is incorrect, I think that

02:33.920 --> 02:38.660
this 400 is the most commonly returned status code.

02:38.750 --> 02:40.490
So let's use this one.

02:40.490 --> 02:46.220
So the code is returned using HTTP response code.

02:47.180 --> 02:48.440
This is 400.

02:48.470 --> 02:56.270
In our case we can additionally output a message saying all fields are required.

02:59.420 --> 03:03.860
And finally, we should stop the request at this point using exit.

03:03.890 --> 03:08.870
Now this looks a little bit like what we have inside the router.

03:08.900 --> 03:11.480
This not found function.

03:11.720 --> 03:19.010
That's why I think we can create another one here that will be called bad request.

03:19.910 --> 03:21.050
This is also void.

03:21.050 --> 03:25.880
And it will do those three things.

03:27.350 --> 03:30.830
So we move it because this is something reusable.

03:32.330 --> 03:37.490
So now let's jump back to the contact post handler.

03:37.490 --> 03:40.580
And here let's just call bad request.

03:41.540 --> 03:44.900
This will just return this response and just stop the execution.

03:44.900 --> 03:48.260
So we don't really have to worry about stopping the script.

03:48.290 --> 03:53.840
And then we should be verifying the email.

03:53.840 --> 04:00.530
So if the email is not empty we also need to make sure that it is correct.

04:01.010 --> 04:02.600
So there is a way for that.

04:02.600 --> 04:09.860
And we can use the filter var function passing the email to it.

04:09.980 --> 04:18.140
And the second argument is filter validate email.

04:18.140 --> 04:22.910
So this filter var function can be used for different validations.

04:22.910 --> 04:27.410
You can check emails IP addresses and a lot of other things.

04:27.410 --> 04:35.360
So if I press control space again you can see quite a lot of different examples.

04:35.360 --> 04:38.780
So in this case we actually need to verify the email.

04:38.780 --> 04:43.280
So if the email would not be correct this would return false.

04:43.280 --> 04:46.910
Which means again I can call Badrequest.

04:49.130 --> 04:56.690
So you might have noticed that I tried to provide some default values for the ones that weren't provided

04:56.840 --> 05:05.990
so that we can quickly and easily check if they are empty as they shouldn't be, and that we also don't

05:05.990 --> 05:07.940
use nested if statements.

05:07.940 --> 05:16.040
And instead, as soon as we realize that something went wrong, not according to our expectations,

05:16.040 --> 05:21.860
we stopped the execution, which can be described as defensive programming.

05:21.860 --> 05:29.780
And I think that this improves the security but also the readability of such programs.

05:30.050 --> 05:37.580
So at this point, after this line, we should be pretty sure that the input is fine.

05:37.580 --> 05:47.060
That's why I can vardump the email, the name and message and stop, because at this point, there is

05:47.060 --> 05:55.220
nothing else we can do with this input other than inserting it to our database, which is a topic of

05:55.220 --> 06:01.040
the next video, so I think we can try this out at this point.

06:01.760 --> 06:09.710
So if I send an empty form, you can see that there is an all fields are required message.

06:09.710 --> 06:14.090
So maybe I'm gonna zoom in so that it's visible.

06:15.080 --> 06:25.730
Now if all fields are provided well we've got this check that will verify the email so that now there

06:25.730 --> 06:26.720
is a success message.

06:26.720 --> 06:37.670
But for just a second, let me modify the contact template so that this field is not of type email.

06:37.670 --> 06:39.560
Instead it is of type text.

06:39.560 --> 06:43.610
So I would be able to send an invalid message.

06:43.970 --> 06:50.570
And I think we are having.

06:51.500 --> 07:00.020
Okay, so with Badrequest we are always returning the same message, which is not ideal.

07:01.310 --> 07:04.730
That means we need to provide an argument here.

07:04.760 --> 07:11.000
The message which can default to just part request.

07:11.870 --> 07:16.880
And instead we're going to echo the message.

07:16.910 --> 07:19.670
Now let me go back to the route handler.

07:20.630 --> 07:21.350
Okay.

07:22.400 --> 07:25.070
This first call should return this text.

07:25.100 --> 07:26.720
All fields are required.

07:27.650 --> 07:33.890
And this one will say email field is invalid.

07:35.330 --> 07:38.570
Now let's try again with an invalid email.

07:38.570 --> 07:41.780
And we see that email field.

07:42.290 --> 07:44.960
Field is invalid.

07:45.320 --> 07:46.970
All right that's it for now.

07:47.000 --> 07:51.530
Next up we are going to be starting working with a database.

07:51.530 --> 07:55.040
So we'll be inserting this data to a database.