Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Server side validation

Posted on 2013-11-20
Last Modified: 2013-11-20
Look I'm actually hoping to learn something here, so not expecting you to just write it all out and of course it would relate to the website.

I just see these instant verifications - I would like to do that on desktop and I suppose the javascript activates when you hit submit obviously.

If I'm completely wrong let me know y'all are the experts.

Many thanks
Question by:burnedfaceless
  • 3
  • 2
  • 2
  • +2
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39663646
When I write the PHP page to receive form data, one of the first things is a line like this for each form value.
if (!isset($_POST["fName"]))  $fName = ''; else $fName = substr($_POST["fName"],0,64);

Open in new window

This has two purposes.  It makes sure that there is a variable by that name to prevent silly errors later in the script.  It also limits the size of the data using 'substr' to something that you would expect to prevent crashing some later part of the script.

PHP also 'filter' functions that you can use: http://php.net/manual/en/book.filter.php
LVL 58

Expert Comment

ID: 39663812
Your title says Server side validation and then you talk about javascript/instant verifications (client side).
Which is it?
LVL 53

Expert Comment

ID: 39663816
It would also help to know what type of data you need to validate, and how it is going to be used.

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 39663823
Form data, contact information for now. Credit card in the future.

Here is our current site, pretty bush league. What I did with php was transfer to a new webpage but I know there has to be a way to respond on the current webpage, just as javascript can write html in getelementbyid.

My goal is to have a completely professional site up.

LVL 83

Expert Comment

by:Dave Baldwin
ID: 39663901
A "professional" site is one that works as it should.  Making it prettier is a matter of taste.

The only things really 'wrong' with that page is the missing DOCTYPE and charset.  Some other items may need to be adjusted depending on the DOCTYPE you choose.  Here is the recommended list of DOCTYPEs: http://www.w3.org/QA/2002/04/valid-dtd-list.html

W3C validator for your page: http://validator.w3.org/check?verbose=1&uri=http%3A%2F%2Fconutils.com%2Fcontact.html
LVL 19

Expert Comment

ID: 39663957
You might get some ideas from my sample code

This is my field Definintion
		"length_e"=>"username must be 3 to 16 characters long.",
		"valid_e"=>"username should contain only alphanumeric characters and - _ .",

Open in new window

This is a part of the server side validation
      if ($this->length_e && (strlen($v) < $this->minlength)) {
        return $this->length_e;
      $regex = $flags = "";
      if (!empty($this->icase)) $flags = "i";
      if (!empty($this->valid_regex)) {
        $regex = "/" . $this->valid_regex . "/" . $flags;
        if (!preg_match($regex,$v)) return $this->valid_e;

Open in new window

This is what the client side looks like
if (f.elements["UserName"].value.length < 3) {
  alert("username must be 3 to 16 characters long.");
if (window.RegExp) {
  var reg = new RegExp("^[A-Z|a-z|0-9|\-|\_|\.]+$|^$","g");
  if (!reg.test(f.elements["UserName"].value)) {
    alert("username should contain only alphanumeric characters and - _ .");

Open in new window


Author Comment

ID: 39663962
What if I coded javascript to change a generic html element. I'm really trying to avoid popups here.

This would be possible, and would it entail php?

edit: didn't see sample code
LVL 53

Accepted Solution

COBOLdinosaur earned 500 total points
ID: 39664113
I am not too sure why you are so concerned with javascript validation. No matter what you do client side; you still have to validate on the server or you are open to hacking a security breaches.  If you are going to be processing credit cards the level of security required cannot be achieved with javascript.  

Beyond the partially support automatic semi-validation from HTML5 input types I don't do any client side validation.  That is a job that is more efficient and secure serverside.  The little bit of additional bandwidth is insignificant, and done right the response is fast enough that a user is not going to see any real difference in response time.  The only down side is that the whole page gets refreshed, but that can be avoided with AJAX.


Author Closing Comment

ID: 39664146
Thank you I want to leave JavaScript. Thanks for the AJAX tip. A+

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question