Hi
Newbie here. I have been working on creating a guestbook for my site as
practice and am learning a lot.
Do you guys validate your forms first on the client with javascript and
then on the server with PHP or just use one of the two and if yes which
one?
I don't want to reinvent the wheel too much.
Thanks a lot
Patrick 9 2698
varois83 wrote: Hi
Newbie here. I have been working on creating a guestbook for my site as practice and am learning a lot. Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one? I don't want to reinvent the wheel too much.
Javascript + PHP, or PHP alone. Never Javascript alone.
With Javascript you avoid involving the server, so it works faster. But
all the data that gets to the server MUST be validated. All and every
remote vulnerabilities come from bad validation on the server side.
If you want to code validation only once, go for PHP. Thanks a lot
Patrick
.oO(varois83) Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one?
You can use client-side validation (JS) for convenience, so the user
gets an immediate feedback if something's wrong, but nevertheless you
_must_ validate _all_ submitted data on the server. Never trust any
incoming data.
You might also want to read this:
Javascript form validation – doing it right http://www.xs4all.nl/~sbpoley/webmatters/formval.html
Micha
Hello,
on 01/04/2005 10:47 PM varois83 said the following: Newbie here. I have been working on creating a guestbook for my site as practice and am learning a lot. Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one? I don't want to reinvent the wheel too much.
In that case you may want to try this forms generation and validation
class that can perform several common types of validation on the server
side and can also generate the necessary Javascript code to perform the
same types of validation can that be performed on the client site. http://www.phpclasses.org/formsgeneration
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html
Dani CS <co************ *****@yahoo.es. quita-la-merluza> writes: varois83 wrote: Hi Newbie here. I have been working on creating a guestbook for my site as practice and am learning a lot. Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one? I don't want to reinvent the wheel too much.
Javascript + PHP, or PHP alone. Never Javascript alone.
With Javascript you avoid involving the server, so it works faster. But all the data that gets to the server MUST be validated. All and every remote vulnerabilities come from bad validation on the server side.
If you want to code validation only once, go for PHP.
Thanks a lot Patrick
Do both as much as you can. I use HTML_QuickForm which automates this
to a great extent. It has most of the basic validation rules you
could want, and will automaticly run them on both sides for you.
--Zach
"varois83" <va******@netze ro.net> wrote in message
news:11******** **************@ c13g2000cwb.goo glegroups.com.. . Hi
Newbie here. I have been working on creating a guestbook for my site as practice and am learning a lot. Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one? I don't want to reinvent the wheel too much.
Thanks a lot
Patrick
Personally, I dislike how client-side validation is usually implemented.
That is, using alert boxes.
*** dong! ***
A good approach I think is to use Javascript to check for missing fields and
use PHP to validate what's actually entered. It's more consistent, since
there could be fields that can only be validated on the server-side (e.g.
duplicated user name). The server can also consolidate and format the error
messages better.
"Chung Leong" <ch***********@ hotmail.com> wrote in message
news:VL******** ************@co mcast.com... "varois83" <va******@netze ro.net> wrote in message news:11******** **************@ c13g2000cwb.goo glegroups.com.. . Hi
Newbie here. I have been working on creating a guestbook for my site as practice and am learning a lot. Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one? I don't want to reinvent the wheel too much.
Thanks a lot
Patrick
Personally, I dislike how client-side validation is usually implemented. That is, using alert boxes.
*** dong! ***
A good approach I think is to use Javascript to check for missing fields and use PHP to validate what's actually entered. It's more consistent, since there could be fields that can only be validated on the server-side (e.g. duplicated user name). The server can also consolidate and format the error messages better.
I disagree completely. All data MUST be validated on the server (including
missing fields) regardless of any EXTRA validation performed on the client
using javascript. This prevents any checks from not being performed simply
because the client has disabled javascript.
Your remark about error messages is also rubbish as ANY message you can
create using javascript you can also create on the server. You do NOT need
javascript to create sexy error messages.
--
Tony Marston http://www.tonymarston.net
"Tony Marston" <to**@NOSPAM.de mon.co.uk> wrote in message
news:cr******** ***********@new s.demon.co.uk.. . "Chung Leong" <ch***********@ hotmail.com> wrote in message news:VL******** ************@co mcast.com... Personally, I dislike how client-side validation is usually implemented. That is, using alert boxes.
*** dong! ***
A good approach I think is to use Javascript to check for missing fields and use PHP to validate what's actually entered. It's more consistent, since there could be fields that can only be validated on the server-side
(e.g. duplicated user name). The server can also consolidate and format the error messages better.
I disagree completely. All data MUST be validated on the server (including missing fields) regardless of any EXTRA validation performed on the client using javascript. This prevents any checks from not being performed simply because the client has disabled javascript.
Your remark about error messages is also rubbish as ANY message you can create using javascript you can also create on the server. You do NOT need javascript to create sexy error messages.
Next time when you disagree with me completely, can you at least read my
post first?
"Chung Leong" <ch***********@ hotmail.com> wrote in message
news:09******** ************@co mcast.com... "Tony Marston" <to**@NOSPAM.de mon.co.uk> wrote in message news:cr******** ***********@new s.demon.co.uk.. . "Chung Leong" <ch***********@ hotmail.com> wrote in message news:VL******** ************@co mcast.com... > Personally, I dislike how client-side validation is usually > implemented. > That is, using alert boxes. > > *** dong! *** > > A good approach I think is to use Javascript to check for missing > fields > and > use PHP to validate what's actually entered. It's more consistent, > since > there could be fields that can only be validated on the server-side (e.g. > duplicated user name). The server can also consolidate and format the > error > messages better.
I disagree completely. All data MUST be validated on the server (including missing fields) regardless of any EXTRA validation performed on the client using javascript. This prevents any checks from not being performed simply because the client has disabled javascript.
Your remark about error messages is also rubbish as ANY message you can create using javascript you can also create on the server. You do NOT need javascript to create sexy error messages.
Next time when you disagree with me completely, can you at least read my post first?
Your remark "A good approach I think is to use Javascript to check for
missing fields and use PHP to validate what's actually entered" implies that
you use PHP to validate what is entered and javascript to validate what is
*not* entered. My second remark was wrong as I misread what you had written
(I mentally substituted 'client' for 'server').
Tony Marston
varois83 wrote: Do you guys validate your forms first on the client with javascript and then on the server with PHP or just use one of the two and if yes which one?
I do both. I did only serverside when I started out (mostly because my
knowledge of JavaScript was limited, at best), but soon moved to doing
both consistently. I always keep the thought "never trust the user" in
the back of my head when I develop, so in my humble opinion, validating
with JavaScript is only for convenience in that it saves time (for the
user) and bandwidth (for the site), while validating with PHP is
required to make sure the data received is indeed valid. Allowing people
to have invalid data stored just by disabling JavaScript on their client
is too much of a risk.
Roy W. Andersen
--
ra at broadpark dot no / http://roy.netgoth.org/
"Hey! What kind of party is this? There's no booze
and only one hooker!" - Bender, Futurama This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Abby Lee |
last post by:
I must confirm the user enters a value for each fund they need. I do not know
how many fund entries there will be...it's expandable to handle each users
needs. I must varify each fund they enter is six digits long. I have no
problems with the Is_In_Format function (I found it on the web and am using
it for other things).
My problem is with my validate function which I've cut down (oh it doesn't
work but you can see the direction I am...
|
by: Dave |
last post by:
I have a page which uses JavaScript to create form elements using
document.createElement('input'), etc.. Both Firefox and IE have no
problem accomplishing this and when the form is submitted all the
information is passed correctly.
I am now trying to validate the form using JavaScript when the page is
submitted. Firefox has no problems with this but IE returns
'document.form1.*THE FORM FIELD*.value is null or not an object' for
the...
|
by: __ |
last post by:
I found this article today, it shows how to valide your forms with
both javascript and php by just using a php class
http://www.codeassembly.com/Validate-your-html-forms-with-javascript-and-php-with-a-simple-php-class-that-generates-everything/
|
by: Abhishek |
last post by:
Hi this is my another validator in javascript to validate the Phone
Number :-)
<script language='javascript'>
function funcCheckPhoneNumber(ctrtxtMobile,e){
if(window.event){
var strkeyIE = e.keyCode
if(((strkeyIE >= 48) && (strkeyIE <= 57 )) || (strkeyIE >= 40) &&
(strkeyIE <= 41 ) || (strkeyIE == 32) || (strkeyIE == 46)||(strkeyIE
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |