Solved

Server side validation

Posted on 2013-11-20
9
225 Views
Last Modified: 2013-11-20
Look I'm actually hoping to learn something here, so not expecting you to just write it all out and of course it would relate to the website.

I just see these instant verifications - I would like to do that on desktop and I suppose the javascript activates when you hit submit obviously.

If I'm completely wrong let me know y'all are the experts.

Many thanks
0
Comment
Question by:burnedfaceless
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
When I write the PHP page to receive form data, one of the first things is a line like this for each form value.
if (!isset($_POST["fName"]))  $fName = ''; else $fName = substr($_POST["fName"],0,64);

Open in new window

This has two purposes.  It makes sure that there is a variable by that name to prevent silly errors later in the script.  It also limits the size of the data using 'substr' to something that you would expect to prevent crashing some later part of the script.

PHP also 'filter' functions that you can use: http://php.net/manual/en/book.filter.php
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Confused
Your title says Server side validation and then you talk about javascript/instant verifications (client side).
Which is it?
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
It would also help to know what type of data you need to validate, and how it is going to be used.

Cd&
0
 

Author Comment

by:burnedfaceless
Comment Utility
Form data, contact information for now. Credit card in the future.

Here is our current site, pretty bush league. What I did with php was transfer to a new webpage but I know there has to be a way to respond on the current webpage, just as javascript can write html in getelementbyid.

My goal is to have a completely professional site up.

http://conutils.com/contact.html
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
A "professional" site is one that works as it should.  Making it prettier is a matter of taste.

The only things really 'wrong' with that page is the missing DOCTYPE and charset.  Some other items may need to be adjusted depending on the DOCTYPE you choose.  Here is the recommended list of DOCTYPEs: http://www.w3.org/QA/2002/04/valid-dtd-list.html

W3C validator for your page: http://validator.w3.org/check?verbose=1&uri=http%3A%2F%2Fconutils.com%2Fcontact.html
0
 
LVL 19

Expert Comment

by:bevhost
Comment Utility
You might get some ideas from my sample code

This is my field Definintion
    $this->form_data->add_element(array("type"=>"text","name"=>"UserName",
		"maxlength"=>"16","size"=>"25",
		"minlength"=>"3",
		"length_e"=>"username must be 3 to 16 characters long.",
                "valid_regex"=>'^[A-Z|a-z|0-9|\-|\_|\.]+$|^$',
		"valid_e"=>"username should contain only alphanumeric characters and - _ .",
                "field"=>"UserName",
		"extrahtml"=>"onblur=\"\$.get('/find.php',{UserExists:this.value},function(data){\$('#UserNameOk').html(data);})\""
                ));

Open in new window

This is a part of the server side validation
      if ($this->length_e && (strlen($v) < $this->minlength)) {
        return $this->length_e;
      }
      $regex = $flags = "";
      if (!empty($this->icase)) $flags = "i";
      if (!empty($this->valid_regex)) {
        $regex = "/" . $this->valid_regex . "/" . $flags;
        if (!preg_match($regex,$v)) return $this->valid_e;
      }

Open in new window

This is what the client side looks like
if (f.elements["UserName"].value.length < 3) {
  alert("username must be 3 to 16 characters long.");
  f.elements["UserName"].focus();
  return(false);
}
if (window.RegExp) {
  var reg = new RegExp("^[A-Z|a-z|0-9|\-|\_|\.]+$|^$","g");
  if (!reg.test(f.elements["UserName"].value)) {
    alert("username should contain only alphanumeric characters and - _ .");
    f.elements["UserName"].focus();
    return(false);
  }
}

Open in new window

0
 

Author Comment

by:burnedfaceless
Comment Utility
What if I coded javascript to change a generic html element. I'm really trying to avoid popups here.

This would be possible, and would it entail php?

edit: didn't see sample code
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 500 total points
Comment Utility
I am not too sure why you are so concerned with javascript validation. No matter what you do client side; you still have to validate on the server or you are open to hacking a security breaches.  If you are going to be processing credit cards the level of security required cannot be achieved with javascript.  

Beyond the partially support automatic semi-validation from HTML5 input types I don't do any client side validation.  That is a job that is more efficient and secure serverside.  The little bit of additional bandwidth is insignificant, and done right the response is fast enough that a user is not going to see any real difference in response time.  The only down side is that the whole page gets refreshed, but that can be avoided with AJAX.

Cd&
0
 

Author Closing Comment

by:burnedfaceless
Comment Utility
Thank you I want to leave JavaScript. Thanks for the AJAX tip. A+
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now