CGI Form validation

baz_can_fix_it
baz_can_fix_it used Ask the Experts™
on
Hi Experts...I have a simple form and want it to validate that a user does not leave any fields blank and as well as in the phone field they put numbers only... Is there a reason why a simple java validation wont work on this... I thought maybe the fact that this file ends with .CGI any way I would appreciate your time and thoughts...

thank you



<form action='edit.cgi' method='GET'>
<input type='hidden' name='action' value='add'>
<input type='hidden' name='database' value='$input{'database'}'>
<table border='1'>
<tr><td><font size='2'>Full Name</font></td><td><input type='text' name='fname' SIZE='40' MAXLENGTH='40'></td></tr>
<tr><td><font size='2'>Phone Number</font></td><td><input type='text' name='fphone' SIZE='15' MAXLENGTH='15'></td></tr>
<tr><td><font size='2'>Vehicle Registration Number</font></td><td><input type='text' name='fvrno' SIZE='15' MAXLENGTH='15'></td></tr>
</table>
<input type='Submit' value='Add Record'>
</form>
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2007

Commented:
Don't ever rely on Javascript for form validation as it is quite often disabled or stripped out by proxy servers.

Author

Commented:
Thanx for the tip tintin... any ideas as how I should do this...

Ps how is snow white? :)

Author

Commented:
why wouldn't something like this work....

<SCRIPT LANGUAGE="JavaScript">
    <!-- Hide code from non-js browsers
    function validateForm1()
    {
        formObj = document.sample;
        if ((formObj.fname.value == "") ||
            (formObj.fphone.value  == "") ||
            (formObj.fvrno.value  == ""))
        {
            alert("You have not filled in all the fields.");
            return false;
        }
        else
            return true;
    }
    // end hiding -->
</SCRIPT>

....<form action='edit.cgi' method='GET' onSubmit='return validateForm()'>
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Top Expert 2007

Commented:
Your example will only work for browsers that support Javascript and have it enabled, otherwise if your script does no field validation, you could enter anything you like.

What does edit.cgi contain?

PS:  What's the reference to Snow White all about?

Author

Commented:
hehheheh snow white was Tintins dog.... Tintin was a commic character when i was a kid.... about 20 years ago lol

edit cgi views the flat file which data gets stored in....


Cheers
Top Expert 2007

Commented:
Snow White lived with the seven dwarfs.  Tintin's dog is called Snowy.

Do you still require any more information about validation?

Author

Commented:
Yes please as i tried so many diffrent ways...mostly failed and could't get them to work....Cheers

Author

Commented:
Ps yes thats right it was Snowy...heheheheh its been 20 years as i said lol
Top Expert 2007
Commented:
You need to show what you have tried, so I can correct it.

Something along the lines of the following is generally what's used:


#!/usr/bin/perl
use strict;
use CGI;

my $q = new CGI;
print $q->header;

error "You have not filled out your Full Name" unless $q->param('fname) ;

sub error {
  my $error = shift;

  print <<EOF;
<h2>$error</h2>
EOF
}

Author

Commented:
Well i have tried all sorts of java ones and i tried simple one like this

<INPUT TYPE=HIDDEN NAME=F_required VALUE="fname,fphone,fvrno"> which suppose to work with CGI...

Does the your code go to the sumit page or in the actual form?

Cheers
Top Expert 2007

Commented:
The checks need to go into the CGI program, in your case 'edit.cgi'

The hidden field you supplied (or any other for that matter) won't make a fig of difference if the CGI script doesn't know about it.

BTW, don't get confused with Java and Javascript.  They are two totally different beasts.  You are talking about Javascript.
well,
   if you are not using javascript for your client side validation, then i guess you can use the following script :

----------------------------------------------------
#!/usr/bin/perl
use strict;
use CGI;

my $q = new CGI;
print $q->header,
 

&errorHtml("You have not filled out your Full Name") unless $q->param('fname') ;
&errorHtml("You have not filled out your Vehicle Reg No") unless $q->param('fvrno') ;
&errorHtml("You have not filled out your phone number") unless $q->param('fphone');
if ($q->param('fphone') !~ /^\d+$/) {
   &errorHtml("You have filled your phone number correctly",$q->param('fphone'));
}

#after validation
#appropiate html code goes here
print $q->end_html;

sub errorHtml {
 my ($error,$val) = @_;

  print $q->start_html("Error Page");
 print <<EOF;
<h2>$error : $val</h2>
<a href="index.html">Go Back</a>
EOF
print $q->end_html;
exit(1);
}

---------------------------------------------------------------

I haven't optimized the code.  I hope you can do that. Also if fphone,fname is not given $val will contain nothing and hence nothing will be show along with the error message.
thanks
-manas
Dave CrossPerl programmer, author and trainer

Commented:
Here's an example that I gave in response to a question here a couple of days ago. It uses an array to define which values to extract from the CGI parameters and a hash to define which paramters are mandatory.

#!/usr/bin/perl -w

use strict;
use warnings;
use CGI ':standard';

my @missing;
my @fields = qw(Name eMail Phone Pager Message);
my % required = (Name => 1, eMail => 1, Phone => 1, Pager => 1);

my %form;

foreach (@fields) {
 $form{$_} = param($_);

 if ($required{$_} and not defined $form{$_}) {
   push @missing, $_;
 }
}

if (@missing) {
 # at least one of the fields is missing. the list of missing fields is in @missing.
 # use that data to present an error page to the user.
} else {
 # all the required fields are filled in. the form data is all in %form.
 # use that to proceed with the program.
}


Not sure why you keep mentioning Java. I can't think what relevance that has to your question. I think you might be talking about Javascript. Java and Javascript are two completely different things. Please don't get them confused.

Dave...

Author

Commented:
Thanx heaps guys I hope i was fare on the points....


Cheers

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial