SitePoint Sponsor |
|
User Tag List
Results 1 to 14 of 14
-
Jun 7, 2006, 19:12 #1
Form Validation - PHP versus Javascript
Hey guys,
I was just wondering, what is the general consensus on which programming lanugage to use when validating forms? I am more familiar with PHP than Javacript so I would like to use PHP, but I've seen more Javascript form validation tutorials than PHP.
Is it worth the time to go in more depth with Javascript or is PHP sufficient enough if not better?
-
Jun 7, 2006, 19:23 #2
- Join Date
- Oct 2005
- Location
- Brisbane, QLD
- Posts
- 4,067
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
JS pros: the user is alerted instantly that there's a problem and doesn't have to wait for the page to reload.
JS cons: if the user has js disabled, your error trapping fails so you need a fallback if that happens which probably means server side validation.
-
Jun 7, 2006, 19:28 #3
Ahh I see, so Javascript can be used for the server side, and then PHP can be used for the client side....
Is the general approach to use both languages?
-
Jun 7, 2006, 19:36 #4
- Join Date
- Aug 2005
- Posts
- 122
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
There are reasons for both, but heres how i generally look at it
I use javascript. I pretty much know PHP inside and out, and its much easier to validate in php...but heres why I use javascript.
With javascript, if the user has a problem, its shown right there. They can fix it, and they lose none of their entered information. If you let it post, then they will lost it (unless you echo out what they had posted back into values...which is more code) ...
SO either of those work...and with the PHP you could more easily make a nice error message. So why, say you, use JS, still?
That damned refresh button, thats why. If they hit refresh, not only do you get the security warning, which is bad for the user experience, you stand the chance of duplicate or orphaned data.
When i handle a post, i never just display a page without a redirect, even if its just back to $PHP_SELF...that will clear the post in the browser and prevent duplicate data chances.
I actually often use both. I use javascript to check it first, then php checks to prevent bad data if the user doesnt have JS enabled and cant read the form instructions... and when that happens, i DO reprint my form without any redirect, and fill the values with the post values.
In the end, it takes more code, but it DOES provide the best user experience...which is kinda funny, because your smart, deserving users will never notice, just the dumb onesDeveloper
Grow Interactive
-
Jun 7, 2006, 19:50 #5
- Join Date
- Jan 2002
- Location
- Australia
- Posts
- 2,634
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
which is kinda funny, because your smart, deserving users will never notice, just the dumb ones
-
Jun 7, 2006, 19:57 #6
Originally Posted by rjm1982
-
Jun 7, 2006, 20:00 #7
- Join Date
- May 2003
- Location
- London, On.
- Posts
- 1,127
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I think it best to use a combination of JS and PHP. You can never be too safe
-
Jun 7, 2006, 20:02 #8
What functions do you use for form validation? (More specifically email)
-
Jun 7, 2006, 20:11 #9
- Join Date
- Aug 2005
- Posts
- 122
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Here is my javascript (in an external js file of course...dont clutter up your page)
Code:function isValidEmail(p_strEmail) { var regexp = /^\S+\@[a-zA-Z0-9\.-]+\.[a-zA-Z0-9]{2,4}$/; return regexp.test(p_strEmail); } function isValidURL(p_URL) { var regexp = /^http\:\/\//; return regexp.test(p_URL); } function validateForm(frm) { if (frm.NAME.value == '') { alert('Please enter your first name.'); frm.NAME.focus(); return false; } if (frm.NAME_LAST.value == '') { alert('Please enter your last name.'); frm.NAME_LAST.focus(); return false; } if (!isValidEmail(frm.EMAIL.value)) { alert('Please enter a valid e-mail address.'); frm.EMAIL.focus(); return false; } if (frm.STREET.value == '') { alert('Please enter your street address.'); frm.STREET.focus(); return false; } if (frm.CITY.value == '') { alert('Please enter your city.'); frm.CITY.focus(); return false; } if (frm.STATE.value == '') { alert('Please enter your state.'); frm.STATE.focus(); return false; } if (frm.ZIP.value == '') { alert('Please enter your zip code.'); frm.ZIP.focus(); return false; } if (frm.MONTH.selectedIndex == 0 && frm.DAY.selectedIndex == 0 && frm.YEAR.selectedIndex == 0) { alert('Please enter your birthday.'); return false; } if (frm.URL1.value == 'http://' || !isValidURL(frm.URL1.value)) { alert('Please enter the URL (with a leading http://).'); frm.URL1.focus(); return false; } return true; }
Code:<form name="frmMain" action="x.php" method="post" onsubmit="return validateForm(this);">
What makes it handy, is by using "return <function>" we control whether to submit or not, if it returns false, then onsubmit returns false, which will stop the submit.Developer
Grow Interactive
-
Jun 7, 2006, 23:27 #10
Good stuff.
Ok I tried to do some PHP form handling and I have a lot more trouble than I expected....does anyone know of a good tutorial which walks through the whole form validating process using PHP
-
Jun 8, 2006, 04:27 #11
- Join Date
- Aug 2005
- Posts
- 122
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
In php, I never get complicated with it...
I generally jsut check for data, not format, as the JS should catch that...and if your one of the few that cant read and dont have JS enabled...then your submission will be bad and its your problem for being -not so smart-
i typically use the following format
PHP Code:<?
if(!$_POST['TEXT1'] || !$_POST['TEXT2'] || !$_POST['TEXT3'] || !$_POST['TEXT4']) {
//throw message
//if wanted, reprint form WITHOUT a redirect using the $_POST values to populate it.
}
?>
PHP Code:if(!isset($_POST['RADIO1'])) {
//we failed....
}
Developer
Grow Interactive
-
Jun 8, 2006, 12:36 #12
asp.net does both for you
-
Jun 8, 2006, 12:46 #13
- Join Date
- Aug 2005
- Posts
- 122
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I would rather take 5 minutes of time and setup my own code, so i can modify it and/or tweak it as needed each project without having to worry about proprietary code...plus most clients are willing to pay for .net server licenses...when you're dealing with big companies, your dealing with dedicated servers, not shared hosts, so typically whatever server software you use has to be either freee (gpl) or paid for...I would personally rather take some of the money they would have spent on .ner for myself...
Developer
Grow Interactive
-
Jun 8, 2006, 15:47 #14
Originally Posted by FCC
Although it has its limits, I find that Dynaform is suitable for most simple forms that don't require writing to a DB - meaning it is perfect if all you require is an email with the form results.
Bookmarks