Server side validation

Look I'm actually hoping to learn something here, so not expecting you to just write it all out and of course it would relate to the website.

I just see these instant verifications - I would like to do that on desktop and I suppose the javascript activates when you hit submit obviously.

If I'm completely wrong let me know y'all are the experts.

Many thanks
burnedfacelessAsked:
Who is Participating?
 
COBOLdinosaurConnect With a Mentor Commented:
I am not too sure why you are so concerned with javascript validation. No matter what you do client side; you still have to validate on the server or you are open to hacking a security breaches.  If you are going to be processing credit cards the level of security required cannot be achieved with javascript.  

Beyond the partially support automatic semi-validation from HTML5 input types I don't do any client side validation.  That is a job that is more efficient and secure serverside.  The little bit of additional bandwidth is insignificant, and done right the response is fast enough that a user is not going to see any real difference in response time.  The only down side is that the whole page gets refreshed, but that can be avoided with AJAX.

Cd&
0
 
Dave BaldwinFixer of ProblemsCommented:
When I write the PHP page to receive form data, one of the first things is a line like this for each form value.
if (!isset($_POST["fName"]))  $fName = ''; else $fName = substr($_POST["fName"],0,64);

Open in new window

This has two purposes.  It makes sure that there is a variable by that name to prevent silly errors later in the script.  It also limits the size of the data using 'substr' to something that you would expect to prevent crashing some later part of the script.

PHP also 'filter' functions that you can use: http://php.net/manual/en/book.filter.php
0
 
GaryCommented:
Confused
Your title says Server side validation and then you talk about javascript/instant verifications (client side).
Which is it?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
COBOLdinosaurCommented:
It would also help to know what type of data you need to validate, and how it is going to be used.

Cd&
0
 
burnedfacelessAuthor Commented:
Form data, contact information for now. Credit card in the future.

Here is our current site, pretty bush league. What I did with php was transfer to a new webpage but I know there has to be a way to respond on the current webpage, just as javascript can write html in getelementbyid.

My goal is to have a completely professional site up.

http://conutils.com/contact.html
0
 
Dave BaldwinFixer of ProblemsCommented:
A "professional" site is one that works as it should.  Making it prettier is a matter of taste.

The only things really 'wrong' with that page is the missing DOCTYPE and charset.  Some other items may need to be adjusted depending on the DOCTYPE you choose.  Here is the recommended list of DOCTYPEs: http://www.w3.org/QA/2002/04/valid-dtd-list.html

W3C validator for your page: http://validator.w3.org/check?verbose=1&uri=http%3A%2F%2Fconutils.com%2Fcontact.html
0
 
bevhostCommented:
You might get some ideas from my sample code

This is my field Definintion
    $this->form_data->add_element(array("type"=>"text","name"=>"UserName",
		"maxlength"=>"16","size"=>"25",
		"minlength"=>"3",
		"length_e"=>"username must be 3 to 16 characters long.",
                "valid_regex"=>'^[A-Z|a-z|0-9|\-|\_|\.]+$|^$',
		"valid_e"=>"username should contain only alphanumeric characters and - _ .",
                "field"=>"UserName",
		"extrahtml"=>"onblur=\"\$.get('/find.php',{UserExists:this.value},function(data){\$('#UserNameOk').html(data);})\""
                ));

Open in new window

This is a part of the server side validation
      if ($this->length_e && (strlen($v) < $this->minlength)) {
        return $this->length_e;
      }
      $regex = $flags = "";
      if (!empty($this->icase)) $flags = "i";
      if (!empty($this->valid_regex)) {
        $regex = "/" . $this->valid_regex . "/" . $flags;
        if (!preg_match($regex,$v)) return $this->valid_e;
      }

Open in new window

This is what the client side looks like
if (f.elements["UserName"].value.length < 3) {
  alert("username must be 3 to 16 characters long.");
  f.elements["UserName"].focus();
  return(false);
}
if (window.RegExp) {
  var reg = new RegExp("^[A-Z|a-z|0-9|\-|\_|\.]+$|^$","g");
  if (!reg.test(f.elements["UserName"].value)) {
    alert("username should contain only alphanumeric characters and - _ .");
    f.elements["UserName"].focus();
    return(false);
  }
}

Open in new window

0
 
burnedfacelessAuthor Commented:
What if I coded javascript to change a generic html element. I'm really trying to avoid popups here.

This would be possible, and would it entail php?

edit: didn't see sample code
0
 
burnedfacelessAuthor Commented:
Thank you I want to leave JavaScript. Thanks for the AJAX tip. A+
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.