SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Zealot
    Join Date
    Jun 2006
    Location
    Australia
    Posts
    189
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Form validation using JS and PHP

    Gudday all
    I have been told/read many times that forms need to be validated twice - client side using JS and server side using PHP.
    I have some form validated using JS and am now wondering how to do I the PHP validation?
    Do I wrap the form with its JS validation inside some PHP? If so what would be the best way to do this?
    Or do I need to have a JS version and then pass the output to the PHP version?

    I am a little confused.
    ========================
    Carn the Tiges!
    www.petalsandpatches.com

  2. #2
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    JS validation isn't required, but it can be useful for the user.

    PHP validation is required, because the validation is put into the hands of your server. If you rely solely on JavaScript to validate, you will be opening up your server to attack, because someone could easily disable javascript - or even send a custom form.

    So, simply validate as normal with JavaScript. Then, when the form has been posted, in the PHP file (before you do any database submission etc) run certain checks on the data:
    PHP Code:
    <?php
    $Something 
    trim($_POST['Something']);
    if(
    strlen($Something) < 1){
        
    //no value entered
    }else if(strlen($Something) > 30){
        
    //more than 30 characters.
    }
    //etc...
    $Something MySQL_Real_EScape_String($Something);
    MySQL_Query(...);
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #3
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,510
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Once the form has been submitted by the user, the form data is sent to the server and will be managed by a script (as indicated in the form's action attribute).
    Before using the form data in that script, you'll have to validate it, as any user input can't be trusted (you never know who submitted the data, and with what intent).
    Client side validation (JS) can be very useful and improve the user experience, but it can easily been circumvented, so you'll always have to do all validation server side as well (PHP or whatever scripting language you use).

  4. #4
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Filtering is a term frequently used to describe the "frisking" of incoming variables.

    For example if you have a field which allows only phone numbers, eg

    123-123-1234

    Then you would either detect something not falling within the range 0 to 9 and a dash (12 chars or less), or you would replace anything in the range 0 to 9 and a dash.

    The steps you take on the back end (PHP) might be influenced by how much effort you put into explaining the field on your GUI.

    If for example you had a form element like this:

    <p>Tel. <input type="text" id="tel" size="12" value=""> Supply numbers and dashes only please (max 12 chars)</p>

    and you even did some JS checks to enforce this, and they STILL managed to send you something out of the range, you might just dump the data as being suspect.

    Either way, as stated, you must check what is being sent before you do anything with it.

    Search for PHP Filtering if you want to know more.

  5. #5
    SitePoint Guru
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    706
    Mentioned
    4 Post(s)
    Tagged
    1 Thread(s)
    Here is a fairly nice introduction to server side validation.
    http://framework.zend.com/manual/en/zend.validate.html

  6. #6
    SitePoint Enthusiast
    Join Date
    Apr 2009
    Location
    Ljubljana, Slovenia
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    jp! but you have to use Zend. Not something for solving a novice problem.

    an very simple idea:

    PHP Code:
    $form_ok=true;
    $form_data=array('name','age');
    foreach(
    $form_data as $form_field){
        
    // store data somwhere
        
    $form_data[$form_field]=trim($_POST[$form_field]);
        if (! 
    call_user_func ($form_field.'_validator',$form_data[$form_field] )) {
            
    $form_ok=false;
            break;
        }
    }

    // $form_ok shoud tell you form status here;
    if($form_ok){
     
    // do something with your data
    }else{
     
    //// you have values storred in $form_data for returning them to form
     // but you have to think about XSS here if not valid
    }

    // create simple validator for each field
    function age_validator($var){
     
    $age = (int)$age// make sure its number
     
    return $age>=18;

    Gregor Grajzar, web developer
    http://xweblabs.com
    http://grajzar.info

  7. #7
    SitePoint Enthusiast
    Join Date
    Apr 2009
    Location
    Ljubljana, Slovenia
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smile

    ups! mistaketomake

    PHP Code:
    // create simple validator for each field
    function age_validator($age;){
     
    $age = (int)$age// make sure its number
     
    return $age>=18;

    a typing error and all users are babys ;-)))
    Gregor Grajzar, web developer
    http://xweblabs.com
    http://grajzar.info


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •