SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Evangelist
    Join Date
    Nov 2005
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Real noobie question: JS form validation - what to do when JS is switched off?

    Hello. Sorry for the newbie question... I've been web programming for a couple of years, but have only started looking into using JavaScript now (i know, i know...)

    Anyhow... I've written some nice clean functions to do my form validation with (wow, really enjoy writting code in JavaScript!) - thing is that's puzzling me... I'm using 'onsubmit(return fnc_FormValidation(this)' in my form tag...

    But what if the user has JavaScript turned off? My form validation won't work at all will it?

    How do I get around this problem? Should I just use PHP validation, like I have been for years anyhow...

    Many thanks!

  2. #2
    He's No Good To Me Dead silver trophybronze trophy stymiee's Avatar
    Join Date
    Feb 2003
    Location
    Slave I
    Posts
    23,426
    Mentioned
    2 Post(s)
    Tagged
    1 Thread(s)
    I hope you are using only javascript for form validation. That is a very very very very very very very very very very very big no-no! You ALWAYS have to validate form data on the server. Because JavaScript can be turned off it is easy to defeat and should only be used a convenience to your users since it is faster then server side validation. But never ever rely on it.

  3. #3
    SitePoint Evangelist
    Join Date
    Nov 2005
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So there really is no point me using it then? I should just stick to using PHP for form validation yes?

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    JavaScript form validation is a benefit to your visitors as it can tell them about fields they have incorrectly entered as they enter them rather than having to fill out the whole form, submit it to the server, and then wait for the response to come back telling them that they entered it all wrong.

    The server side validation is the one that is there for your benefit to make sure that you don't receive invalid data.

    They serve entirely different purposes and so both are needed.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As John and Stephen said, browser-side (pre) validation should be used in conjunction with your server-side validation. Why? Well, there are two very good reasons. The first deals with convenience for the user. If the user doesn't have to wait for the server to process the form and return the errors, the faster the user can fix them and submit the proper, filled out, form.

    The second reason has to deal with the server itself. The less time it has to take processing the form, validating it and returning errors, the less CPU usage, bandwidth and other resources the computer running the server has to chew up.

  6. #6
    SitePoint Evangelist
    Join Date
    Nov 2005
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've got some pretty nice and tight JavaScript functions written now to handle the validation. Checks for required fields, email, phone, whatever. So in essence, I need to also write the same type of functions for PHP too, which will also check for the same thing... That way, if JavaScript is turned off, messages will still appear telling the user what's wrong, but it's done in PHP instead of JavaScript yes?

    Ok, I can see what you lot are saying. It does make sense.

  7. #7
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yup. Let the JavaScript check first, then let the PHP script confirm (and act as a backup if JavaScript has been disabled or isn't supported).

  8. #8
    SitePoint Evangelist
    Join Date
    Nov 2005
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, cheers. Thanks for that!

  9. #9
    SitePoint Evangelist
    Join Date
    Nov 2005
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ohh... Another thing...

    I've been starting to learn OOP in PHP. I've heard a lot of people say 'you should use OOP for everything' and others saying 'you should only use it when its a good option too' etc.

    When it comes to validation, both in JavaScript and PHP - is it really worth coding it using OOP techniques? I have some nice, tasty functions for Javascript I just stick in an external file. I'm gonna probably do the same for the PHP bit... Would it benefit me at all, and for future projects or whatever, to code the form validation using OOP techniques? How do you lot do yours?

    Many thanks.

  10. #10
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, I'm a front-end coder, so I really don't get to play around with PHP all that much (just basic includes and canned scripts is par for the course with me - for the most part).

    You might be better off asking that particular question either in the General Application Development, Web Security or PHP Application Design board.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •