By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,952 Members | 949 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,952 IT Pros & Developers. It's quick & easy.

form validation using htmlspecialchars

P: 72
hi guys,

I am writing a page to update database. I have being told to always scan every form input with functions trim(), htmlspecialchars() and stripslashes(). I don't know how to use these functions in javascript code. I have a javascript function 'checkForm'.

In the code below lines 11, 12, 13 don't work. Is it because eg stripslashes() is not a javascript function? What should I do to scan for corrupt input?

Thanks in advance



Here is my code

Expand|Select|Wrap|Line Numbers
  1. <form name="forms" method="post" onsubmit="return checkForm();" action="proc.php" id="myForm">
  2.  
  3. <script language="JavaScript">
  4. function checkForm()
  5. {
  6.   var cName;
  7.   with(window.document.myForm) {
  8.     cName = tbxName;
  9.   }
  10.  
  11.   cName.value = trim(cName.value);
  12.   cName.value = stripslashes(cName.value);
  13.   cName.value = htmlspecialchars(cName.value);
  14.  
  15.   if (some test) {
  16.     alert("invalid name");
  17.     cName.focus();
  18.     return false;
  19.   }
  20. }
  21. </script>
  22.  
  23. <input name="Name" type="text" id="tbxName" style="width:140px" class="textbox" />
  24.  
  25.  
  26. </form>
  27.  
May 14 '14 #1
Share this Question
Share on Google+
1 Reply


gits
Expert Mod 5K+
P: 5,265
the methods you want to use are php-functions. if you want to use such methods clientside for input-modification then you have to reimplement them with the replace() method or using regExp for that purpose. besides that - its not safe to do those modifications clientside if you want to ensure that its always done before updating the DB with the values - you should use those methods in the php-code on the serverside.
Jun 6 '14 #2

Post your reply

Sign in to post your reply or Sign up for a free account.