hi,
Im just wondering if javascript and php would both be used on a intermediate form?
Is it practical or can it all be done with php (mostly field validation)?
whats good industry practice?
Also this piece of code wont work any suggestions
if ($_POST[“gname”] ==“” || ==“Enter your given name”){
echo “you need to enter your given name”;
echo “<a href=‘custreg.html’>Return to details form</a>”;
}
perfect just what i was looking for thanks heaps 
Do you want to reject invalid entered names like ^&*()(!@ ?
If so, your code won’t do it.
worked a treat its just what i was looking for !!! thanks heaps.
now to figure out how to post back on itself??:goof:
Any suggestions on how to repopulate the form using POST rather than linking back?
yes, that’s easy but you haven’t yet answered
Do you want to reject invalid entered names like ^&*()(!@ ?
So what’s the point of using POST if users can enter invalid names as currently allowed by your code.
okay,
I dont need to reject invalid names like ^&*()(!@ ? but i am curious as to how?
as well as
suggestions on how to repopulate the form using POST rather than linking back?
ok, then this is obviously some sort of homework or learning exercise because in the “real world” you would never accept something like ^&*()#$! as a valid name.
You can use preg_match and [URL=“http://www.webcheatsheet.com/php/regular_expressions.php”]regular expressions to validate input data.
Of course you can’t check that if a person’s real name is Jones to reject the input if they enter Smith.
But with a regex you can reject inputs like $%^&*#@! for a name. The aim should be to maximise data integrity as much as possible.
True. There is probably a chunk of the ASCII range that shouldn’t be present in a name, and you could reject on that basis.
Yeah, but this is the same can of worms that any forum thread is vulnerable to. The advise that practical to impart here will never be enough. After we validate the characters then we get onto the DB insertion (mysqli/PDO/etc.). Then there is the application architecture, and coding conventions and it never ends.
Simplistic solutions also run the risk of false negatives. Some names have accented characters. I’m not sure how to advise dealing with those in a short-ish post.
And what if someone enters Abcdef? Do we need to code pattern recognition, or consult a DB of all known names? How?
And apparently (though I’ve never encountered it) some cultures have very unusual names. Things you might not think are valid could be. See Falsehoods Programmers Believe About Names | Kalzumeus Software
You are quite right that my 5 line snippet will not perfectly handle every input.
thanks for your replies.
Cyanide Pierce
that didn’t work either ?? any other ideas?
that didn’t work either ?? any other ideas?
What about the bit I posted?
You need to compare something to == ‘Enter your given name’
Try this
if($_POST[‘gname’] == “” AND == “Enter your given name”){
echo “you need to enter your given name”;
echo “<a href=‘custreg.html’>Return to details form</a>”;
}
You need more validation that that. What if the user entered 5 blank spaces or ‘#$%^&*(’ for the given name?
You could use a regular expression to validate the entered name.
Server side (PHP) validation is essential and JavaScript is good to have. The fast responses of client side validation improve the usability of the form a lot.
$gname = trim($_POST['gname']);
if( $gname == '' || $gname == 'Enter your given name' ) {
echo "you need to enter your given name";
echo "<a href='custreg.html'>Return to details form</a>";
}
Linking users back to the form will be pretty annoying, as they will lose all their input and have to type again.
You can have the form and validation on the same page, and repopulate the form using [fphp]htmlentities[/fphp] and the POST values to overcome this problem.
What if I entered &^t54#@!()% as my name. Your validation would accept it as valid 
You need to check that only valid chars appear in the input.
If the user inputs are going into a database and data security and integrity are an issue (which they almost always are) then server side validation is a must do.
Client side validation (javascript) is an optional extra because it can be easily bypassed by simply switching off javascript in the browser or the user could send bogus data directly to your form processing script without going to the page containing the input <form>.