burnedfaceless
asked on
Server side validation
My html is dirty I need to clean it. But I think I have it to where it will hide the form if JavaScript is disabled. I have a book on ajax and json which I will use to validate it.
So I guess my first question is what things could go wrong? I learned on here that server side validation is necessary always. Mainly so I understand this php validation kind of makes sense.
My second question is how should I handle an invalid form submission? The jQuery has a valid function and I'm sure there's a way I could set that to false. How would I test that though it's a catch-22...
Should I just have a DIV and use aJax to say the highlighted fields are required and highlight them with css?
This is just a very different way of thinking because it's so reliant on JavaScript. I want to do it right and maybe learn something.
Thanks
cosmetic.js
contact.php
So I guess my first question is what things could go wrong? I learned on here that server side validation is necessary always. Mainly so I understand this php validation kind of makes sense.
My second question is how should I handle an invalid form submission? The jQuery has a valid function and I'm sure there's a way I could set that to false. How would I test that though it's a catch-22...
Should I just have a DIV and use aJax to say the highlighted fields are required and highlight them with css?
This is just a very different way of thinking because it's so reliant on JavaScript. I want to do it right and maybe learn something.
Thanks
cosmetic.js
contact.php
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Both of your posts were extremely articulate and well written. Your code showed me this plugin is like anything else really. I'm not the best at jQuery but your code there's a lot I can learn from that thank you for writing that.
ASKER
I noticed that your script you have to manually enter the username and password you connect to the server.
I will read over this more, but is that contingent on manually entering passwords? I don't have anyone's passwords and I'm not going to ask them to share their passwords.
I will read over this more, but is that contingent on manually entering passwords? I don't have anyone's passwords and I'm not going to ask them to share their passwords.
Ignore the passwords. That's just if you want to send an email and the server requires authentication.
ASKER
That makes sense. Thank you.
I was going to knock up a demo for you but you're all ok now?
ASKER
Demo wouldn't hurt. If it's not a lot of work. I've been doing other stuff but today I'm going to work on the Ajax verification.
ASKER
I actually have a really dumb question. Where do I put class.phpmailer.php?
You include it at the top of your php file that needs to use it. If there's any other dependencies then you also need to make sure they're available e.g. if you use any of the perl extensions etc
ASKER
I understand that. What confuses me is where in my server do I upload the file?
Thanks for you help. I'm trying to knock this out soon.
Thanks for you help. I'm trying to knock this out soon.
It should go in your include directory. IF you need to know where it is, just create a simple page with
<?php
phpinfo();
?>
That will tell you the configuration
<?php
phpinfo();
?>
That will tell you the configuration
ASKER
It seems to be disabled, and changing the settings is beyond my abilities. It does work when I have it in the same directory.
Thanks again for your help.
Thanks again for your help.
Not so much changing settings but putting the file in the includes folder.
Did that code not work?
Did that code not work?
The two main things you have to be careful of is XSS (Cross Site Scripting) and SQL Injection (SQL Injection). I touch on this in my article on capturing data in a feedback form
The reason you need server side validation is it's easy to bypass your validation and submit malicious or nonsense data (as simple as using the development tools in any browser) as it runs on the client so the client has access. On the server, only you have access so in that respect it's secure. You do need to make sure whatever data is submitted is parsed and javascript, html tags, sql like commands etc removed. see the article above for more info.
The reasons you have client side validation are to guide the user on what data to enter e.g. a phone number in the right format, an email address in the right format etc.
Your javascript can stop the form from submitting if the data the user is submitting doesn't validate so that part's easy.
It would also help for you to read my article on Javascript Frameworks, like jQuery as jQuery is javascript, nothing more.
Yes, it is that easy but you don't even need to do that much as the plugin will insert it for you. I'll knock up a demo to show you.