#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2002
    Location
    Netherlands
    Posts
    458
    Rep Power
    13

    form validation (PHP vs Javascript)


    Hi,
    I am creating a form. I was wondering which of the both is more secure(stable), a javascript version validation or PHP.

    Probably many of you will suggest PHP I assume, in that case I am also wondering if there is somewhere a good script or tutorial available that overviews many aspects of form validation(like email, 'not null', currency, integers, date etc.).

    I feel kinda stupid asking this, but I am rather new to PHP, and I did search the internet before posting this question

    cheers
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2002
    Location
    a northern town
    Posts
    74
    Rep Power
    13
    Hi,

    I am personally a fan of doing as much validation as I can using javascript for several reasons.

    It checks the data without leaving the page thereby reducing server processing, it retains the values already entered in to the form without any extra server side code plus you can often do some predictive variable processing based on user input. (such as formatting dates, prices, capitalising names etc?).

    The downside is if the user has js disabled, but you can check for this. I think it is also important to check the data after submission, even if js has sorted it out for you, for security purposes if nothing else.

    javascript has full regexp functionality, so any data verification routines can be easily interchanged between php/javascript.

    Regards, Ed.
    /* measure twice, cut once */
  4. #3
  5. Italian Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2002
    Location
    Tuscany, Italy
    Posts
    2
    Rep Power
    0
    the worst thing whit javascript is that if a user disabled it your form validator simply doesn't work.... but in other side it's nice to give a warning before a user send the form...

    Pheraps better choice is to write a validator in javascript and hope it works... but also verify data before processing it with php and if they're not good notify it...

    for the "how I validate the data" try to look harder in some scripts collection... I always found a lot of staff...
  6. #4
  7. Italian Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2002
    Location
    Tuscany, Italy
    Posts
    2
    Rep Power
    0
    acc... I'm too slow when I write in english
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2002
    Location
    a northern town
    Posts
    74
    Rep Power
    13
    Hey, it's way quicker than my Italian

    Ed.
    /* measure twice, cut once */
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2002
    Location
    Netherlands
    Posts
    458
    Rep Power
    13
    What sometimes happens with javascripts is that when a popup appears saying e.g. (username required); If I click 10 times in a row, the javascript gets ignored and the form gets posted afterall.

    Is that because of a bad script, or is it javascript in general, perhaps not being full-proof at these things?

    cheers
    Patrick
  12. #7
  13. No Profile Picture
    Huge Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2002
    Posts
    141
    Rep Power
    13

    Tutorial


    This is a nice tutorial on creating a form validaton class in PHP. There is also an option to download a .zip file with all of the code.

    http://www.devshed.com/Server_Side/P...***/page1.html
  14. #8
  15. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2002
    Location
    Galway, Ireland
    Posts
    7
    Rep Power
    0
    It's vital that you do full server-side validation, regardless of whether you do client-side or not.
    But in the interests of client friendliness, ease of use, and encouraging people not to quit half way through registering, it's always a good idea to also use client-side validation.
    Gamers Europe :: Keeping it Simple
  16. #9
  17. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2002
    Location
    Queensland, Australia
    Posts
    827
    Rep Power
    142
    Does anyone have any or know of any examples of how to use javascript to validate data before processing with PHP?

    I have a form with simple javascript function that checks that all fields are completed but I don't know how to have PHP process the information from the form once the JS function returns that the form has been completed.
  18. #10
  19. Shamans + Orc BladeMaster
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2002
    Location
    KL,Malaysia
    Posts
    34
    Rep Power
    12
    Try PHPLib OOHForm . It has built in Javascript checking engine ( popup version )

    http://phplib.sf.net

    PHP Code:
    /* User Name */
    $form->add_element(array("type"=>"text",
                             
    "minlength"=>1,
                             
    "length_e"=>"Please add your name",
                             
    "name"=>"user_name",
                             
    "value"=>$user_name,
                             
    "extrahtml" => " class='uda' ",
                             
    "size"=>"50"));

    /* User Email */
    $form->add_element(array("type"=>"text",
                             
    "minlength"=>1,
                             
    "length_e"=>"Please add your email",
                             
    "name"=>"user_email",
                             
    "value"=>$user_email,
                             
    "valid_e"=>"Syntax error in E-Mail address.",
                             
    "valid_regex"=>"^([-a-zA-Z0-9.]+@[-a-zA-Z0-9]+(\.[-a-zA-Z0-9]+)+)*$",
                             
    "extrahtml" => " class='uda' ",
                             
    "size"=>"30")); 
  20. #11
  21. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Location
    Australia
    Posts
    42
    Rep Power
    14
    Prior to submitting the Javascript will check each field and if a field doesn't pass the check it will set the focus to that field, this way it makes it very user friendly.

    Code:
    <script language="JavaScript">
    <!--
    function Form_Validator(theForm)
       {
         if (!theForm.elements['Agreetorules'].checked)
          {
            alert('You must read and agree to...............');
            theForm.elements['Agreetorules'].focus();
            return (false);
          }
    
         if (theForm.elements['Username'].value.length == 0)
          {
            alert('Username field is required');
            theForm.elements['Username'].focus();
            return (false);
          }
    
         if (theForm.elements['Age'].value.length > 3)
          {
            alert('Age field to long.');
            theForm.elements['Age'].focus();
            return (false);
          }
    
         return (true);
    }
    //-->
    </script>
    
    
    <form action="whatever.php" method="post" name="theForm" onSubmit="return Form_Validator(this)">
    Username: <input type="text" name="Username" size=20 maxlength=50 value="">
    <br>
    Age: <input type="text" name="Age" size=3 maxlength=3 value="">
    <br>
    <input type="checkbox" name="Agreetorules" value="1"> I have read and agreed to the............
    </form>
    You should also always check the variables passed with PHP. Use the HTTP post varibales to make sure the varibales passed came from a post
    ie.
    Code:
    if (isset($HTTP_POST_VARS["Username"]))
       $Username = trim($HTTP_POST_VARS["Username"]);
    else
       // Give or set error
    Last edited by Lionel; October 21st, 2002 at 02:18 AM.
  22. #12
  23. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2002
    Location
    Queensland, Australia
    Posts
    827
    Rep Power
    142
    Thanks Lionel. That's exactly what I was looking for.

    cheers

IMN logo majestic logo threadwatch logo seochat tools logo