Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Server side validation

Posted on 2013-11-20
9
Medium Priority
?
234 Views
Last Modified: 2013-11-20
Look I'm actually hoping to learn something here, so not expecting you to just write it all out and of course it would relate to the website.

I just see these instant verifications - I would like to do that on desktop and I suppose the javascript activates when you hit submit obviously.

If I'm completely wrong let me know y'all are the experts.

Many thanks
0
Comment
Question by:burnedfaceless
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39663646
When I write the PHP page to receive form data, one of the first things is a line like this for each form value.
if (!isset($_POST["fName"]))  $fName = ''; else $fName = substr($_POST["fName"],0,64);

Open in new window

This has two purposes.  It makes sure that there is a variable by that name to prevent silly errors later in the script.  It also limits the size of the data using 'substr' to something that you would expect to prevent crashing some later part of the script.

PHP also 'filter' functions that you can use: http://php.net/manual/en/book.filter.php
0
 
LVL 58

Expert Comment

by:Gary
ID: 39663812
Confused
Your title says Server side validation and then you talk about javascript/instant verifications (client side).
Which is it?
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39663816
It would also help to know what type of data you need to validate, and how it is going to be used.

Cd&
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:burnedfaceless
ID: 39663823
Form data, contact information for now. Credit card in the future.

Here is our current site, pretty bush league. What I did with php was transfer to a new webpage but I know there has to be a way to respond on the current webpage, just as javascript can write html in getelementbyid.

My goal is to have a completely professional site up.

http://conutils.com/contact.html
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39663901
A "professional" site is one that works as it should.  Making it prettier is a matter of taste.

The only things really 'wrong' with that page is the missing DOCTYPE and charset.  Some other items may need to be adjusted depending on the DOCTYPE you choose.  Here is the recommended list of DOCTYPEs: http://www.w3.org/QA/2002/04/valid-dtd-list.html

W3C validator for your page: http://validator.w3.org/check?verbose=1&uri=http%3A%2F%2Fconutils.com%2Fcontact.html
0
 
LVL 19

Expert Comment

by:bevhost
ID: 39663957
You might get some ideas from my sample code

This is my field Definintion
    $this->form_data->add_element(array("type"=>"text","name"=>"UserName",
		"maxlength"=>"16","size"=>"25",
		"minlength"=>"3",
		"length_e"=>"username must be 3 to 16 characters long.",
                "valid_regex"=>'^[A-Z|a-z|0-9|\-|\_|\.]+$|^$',
		"valid_e"=>"username should contain only alphanumeric characters and - _ .",
                "field"=>"UserName",
		"extrahtml"=>"onblur=\"\$.get('/find.php',{UserExists:this.value},function(data){\$('#UserNameOk').html(data);})\""
                ));

Open in new window

This is a part of the server side validation
      if ($this->length_e && (strlen($v) < $this->minlength)) {
        return $this->length_e;
      }
      $regex = $flags = "";
      if (!empty($this->icase)) $flags = "i";
      if (!empty($this->valid_regex)) {
        $regex = "/" . $this->valid_regex . "/" . $flags;
        if (!preg_match($regex,$v)) return $this->valid_e;
      }

Open in new window

This is what the client side looks like
if (f.elements["UserName"].value.length < 3) {
  alert("username must be 3 to 16 characters long.");
  f.elements["UserName"].focus();
  return(false);
}
if (window.RegExp) {
  var reg = new RegExp("^[A-Z|a-z|0-9|\-|\_|\.]+$|^$","g");
  if (!reg.test(f.elements["UserName"].value)) {
    alert("username should contain only alphanumeric characters and - _ .");
    f.elements["UserName"].focus();
    return(false);
  }
}

Open in new window

0
 

Author Comment

by:burnedfaceless
ID: 39663962
What if I coded javascript to change a generic html element. I'm really trying to avoid popups here.

This would be possible, and would it entail php?

edit: didn't see sample code
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 2000 total points
ID: 39664113
I am not too sure why you are so concerned with javascript validation. No matter what you do client side; you still have to validate on the server or you are open to hacking a security breaches.  If you are going to be processing credit cards the level of security required cannot be achieved with javascript.  

Beyond the partially support automatic semi-validation from HTML5 input types I don't do any client side validation.  That is a job that is more efficient and secure serverside.  The little bit of additional bandwidth is insignificant, and done right the response is fast enough that a user is not going to see any real difference in response time.  The only down side is that the whole page gets refreshed, but that can be avoided with AJAX.

Cd&
0
 

Author Closing Comment

by:burnedfaceless
ID: 39664146
Thank you I want to leave JavaScript. Thanks for the AJAX tip. A+
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question