Server side validation

Posted on 2013-11-20
Last Modified: 2013-11-20
Look I'm actually hoping to learn something here, so not expecting you to just write it all out and of course it would relate to the website.

I just see these instant verifications - I would like to do that on desktop and I suppose the javascript activates when you hit submit obviously.

If I'm completely wrong let me know y'all are the experts.

Many thanks
Question by:burnedfaceless
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39663646
When I write the PHP page to receive form data, one of the first things is a line like this for each form value.
if (!isset($_POST["fName"]))  $fName = ''; else $fName = substr($_POST["fName"],0,64);

Open in new window

This has two purposes.  It makes sure that there is a variable by that name to prevent silly errors later in the script.  It also limits the size of the data using 'substr' to something that you would expect to prevent crashing some later part of the script.

PHP also 'filter' functions that you can use:
LVL 58

Expert Comment

ID: 39663812
Your title says Server side validation and then you talk about javascript/instant verifications (client side).
Which is it?
LVL 53

Expert Comment

ID: 39663816
It would also help to know what type of data you need to validate, and how it is going to be used.

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.


Author Comment

ID: 39663823
Form data, contact information for now. Credit card in the future.

Here is our current site, pretty bush league. What I did with php was transfer to a new webpage but I know there has to be a way to respond on the current webpage, just as javascript can write html in getelementbyid.

My goal is to have a completely professional site up.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39663901
A "professional" site is one that works as it should.  Making it prettier is a matter of taste.

The only things really 'wrong' with that page is the missing DOCTYPE and charset.  Some other items may need to be adjusted depending on the DOCTYPE you choose.  Here is the recommended list of DOCTYPEs:

W3C validator for your page:
LVL 19

Expert Comment

ID: 39663957
You might get some ideas from my sample code

This is my field Definintion
		"length_e"=>"username must be 3 to 16 characters long.",
		"valid_e"=>"username should contain only alphanumeric characters and - _ .",

Open in new window

This is a part of the server side validation
      if ($this->length_e && (strlen($v) < $this->minlength)) {
        return $this->length_e;
      $regex = $flags = "";
      if (!empty($this->icase)) $flags = "i";
      if (!empty($this->valid_regex)) {
        $regex = "/" . $this->valid_regex . "/" . $flags;
        if (!preg_match($regex,$v)) return $this->valid_e;

Open in new window

This is what the client side looks like
if (f.elements["UserName"].value.length < 3) {
  alert("username must be 3 to 16 characters long.");
if (window.RegExp) {
  var reg = new RegExp("^[A-Z|a-z|0-9|\-|\_|\.]+$|^$","g");
  if (!reg.test(f.elements["UserName"].value)) {
    alert("username should contain only alphanumeric characters and - _ .");

Open in new window


Author Comment

ID: 39663962
What if I coded javascript to change a generic html element. I'm really trying to avoid popups here.

This would be possible, and would it entail php?

edit: didn't see sample code
LVL 53

Accepted Solution

COBOLdinosaur earned 500 total points
ID: 39664113
I am not too sure why you are so concerned with javascript validation. No matter what you do client side; you still have to validate on the server or you are open to hacking a security breaches.  If you are going to be processing credit cards the level of security required cannot be achieved with javascript.  

Beyond the partially support automatic semi-validation from HTML5 input types I don't do any client side validation.  That is a job that is more efficient and secure serverside.  The little bit of additional bandwidth is insignificant, and done right the response is fast enough that a user is not going to see any real difference in response time.  The only down side is that the whole page gets refreshed, but that can be avoided with AJAX.


Author Closing Comment

ID: 39664146
Thank you I want to leave JavaScript. Thanks for the AJAX tip. A+

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wordpress Pagination 1 47
while read ID; do 4 59
Special characters in a TCPDF 4 29
Convert php array to comma seperated list 19 36
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Introduction This article is intended for those who are new to PHP error handling (  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question