#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    75
    Rep Power
    40

    Validate via JS or PHP??


    http://forums.devshed.com/javascript-development-115/calling-javascript-function-from-php-4718.html


    Hello again. Please check the forth post. It's true, I personally prefer it if the errors I got were placed in the areas where the error occured INSTEAD of getting a popup box for every error. It's annoying.
    HOWEVER, that very same post suggested the use of js over php for 'most' of the validation.

    So which is the better way?
    Here's my registration form:-
    I have 5 textboxes
    username: verify it doesn't exist, 4-20 chars, and no symbols except _
    password: 2 txt boxes for pass to make sure they match, no symbols, and 4-20 chars
    email: 2 txt boxes for email to make sure they match, email isn't previously registered, 8-50 chars, and no symbols except @ _ .

    verifying username and email existence will be done via php. but what about the others? I still feel php is better but at the same time, and this is just humble knowledge, why let the server do all the work when i can let the client handle it? registration is no biggy i no but honestly, i'm looking for the RIGHT way to do this

    TY.
  2. #2
  3. Autodidact
    Devshed Novice (500 - 999 posts)

    Join Date
    Mar 2008
    Location
    Canada
    Posts
    741
    Rep Power
    833
    Hi, wildheart25c

    That post did not recommend JavaScript more than it recommended PHP; if anything, in writing "most" it implied that "most, but not all" checks can be performed on the client, therefore leaning towards PHP.

    With Web form validation there shouldn't be a choice. You use JavaScript and PHP. JavaScript will be treated as the first security check, which is generally more superficial and mainly used to avoid unnecessary requests; for example, sending the form through with empty values could have been avoided with basic JavaScript, though the ten year old post framed the problem as either one or the other, as does your post. PHP would be used for the elaborate checks that require database comparisons, for example.

    There is a third option, which was relatively unknown ten years ago: use Ajax. It's a more fluid use of the two languages.

    As an aside, be sure to note the dates of articles you read online. The one you linked to wasn't necessarily outdated, but there is a lot of outdated material floating around the Web.
    Soldiers, from the height of these pyramids forty centuries look down upon you.
    ▪ Napoleon, on the eve of the Battle of the Pyramids
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    75
    Rep Power
    40
    duely noted. tho i must confess to not having the confidence to take on a third language. yes perhaps i didnt express or phrase what i learned from that post properly but i do agree with what you said about using both language and the uses of each.
    so let me rephrase. why not use javascript only? or php only? from my obviously illeterate point of view, id try to keep as much workload on the client side because it makes sense not to overwork the server.

    JavaScript will be treated as the first security check, which is generally more superficial and mainly used to avoid unnecessary requests; for example, sending the form through with empty values could have been avoided with basic JavaScript. PHP would be used for the elaborate checks that require database comparisons, for example.
    so im on the right track. checking if username and email exist via php and checking for empty values via js has been taken care of already before i created this topic. all that's left is, length of each entry, regex for username, email, pass, and see if email entries and pass entries each match together.

    now im not sure if i should take ur words literally because if i did then the above 3 tasks are to be taken care of via js. but i just cant imagine alert boxes popping up the entire time to a user. im looking back at when i registered in a site or forum and i recall that the errors always appeared right above the form. mayb they do everything with php. or mayb its ajax that does this. ack what should i do >.<


    EDIT: i decided ill go all out on php. except the empty values. this is the 3rd time i edit this post. cant make up my mind. but i really do believe that seeing error messages printed on the screen next to the errors is a lot better than constant alerts popping up on the screen. someone back me up here or telling exactly what to do. gotta do it right..
  6. #4
  7. No Profile Picture
    Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,008
    Rep Power
    2791
    Just check all of the values with both languages. Check it with Javascript for the user experience and for bandwidths sake. Check it with PHP as some users will have Javascript disabled or restricted, others will be actively attempting to thwart your security.
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [ANSI C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

    W3Fools - A W3Schools Intervention.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    75
    Rep Power
    40
    wow for real? u want me to do all the checks with both languages? im not complaining. just making sure. u want me to do all the checks with both languages
    ill do it. ty again for the help.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    75
    Rep Power
    40
    EDIT:
    i had the values verified via js and php. question is, how do i tell the app to verify via php IF js was disabled? I found the noscript tag but i dont think it helps enough.
    login page has the button FORGOTPASS. when i click it, forgotpass.php gets included in login.php. when i enter my email in forgotpass.php and press submit, getpass.php gets included in forgotpass.php.
    the noscript tag displays the same content that a js enabled browser does for a user. but i also read something about cloaking and how google banned it. SO, im thinking the only solution would be to write this:

    <noscript> window.location="getpass.php"</noscript>

    or is that cloaking too? -_-

    HONESTLY? im kinda thinking i ignore the fact that some users dont have js enabled, delete the verifying functions of php and just include getpass.php where it looks for it in the db then returns result.

    comments?
  12. #7
  13. No Profile Picture
    Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,008
    Rep Power
    2791
    Originally Posted by wildheart25c
    i had the values verified via js and php. question is, how do i tell the app to verify via php IF js was disabled?
    You don't, you validate with both regardless.

    Forget about JavaScript for a moment. You always validate with your server-side language. Done. Now add JavaScript validation for the user experience, i.e. not having to load the page again because they have made a typo or left a field blank. Secondly, if the user has made an error the Javascript validation will save you some bandwidth.
    Last edited by Winters; November 22nd, 2010 at 05:55 AM. Reason: typo
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [ANSI C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

    W3Fools - A W3Schools Intervention.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    75
    Rep Power
    40
    ok im at the part where i upload a pic. i performed the usual pic checks via php. tried looking for a way to do it with js and this is the first result i found site

    i dont want to use ajax. asp.net is irrelevant here. so all thts left is php which i already did. does this mean i can proceed with my project or i must find a way to do it? because here's the second result i found which provided me with code that claims it can workhttp://www.kidslovepc.com/javascript...age-size.shtml

    the html code is missing. had to open source file. i copied it. didnt work. this line confuses me ==> onChange="onchange="img.src=document.form1.image.value">

    anyways when i try it on the site it works. but after copying the code and trying it out, it didnt work. what am i missing here? i think it's that line thats messing it up for me. but if thts the case, whyd id it work for the site and not me?


    EDIT: fixed it. check this out. changed the code a tiny bit http://www.chestysoft.com/jpegresize/jscfdemo.asp
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    75
    Rep Power
    40
    Ok i'm having a problem with the size/height width. first of all, whats the relation between the size and the dimensions? is there a formula or both are completely unrelated?


    second question. this code always returns the height and width of w/e image i choose as 0. why?

    Code:
    <html>
    <head>
    <title>Uploading an image with a Javascript preview.</title>
    <SCRIPT LANGUAGE="JavaScript">
    <!-- Begin
      function CheckUpload()
      {
        var filename = document.form1.filesent.value;
        var extension;
        var valid = true
        var Img1 = new Image()
        if (filename == '')
        {
          valid = false;
          alert("Please include a file.");
        }
        else
        {  
          extension = filename.substring(filename.length - 3, filename.length);
          if (extension.toUpperCase() != 'JPG')
          {
            valid = false;
            alert("The file must be a JPG.");
          }
          else
          {
            Img1.src = filename;
            if ((Img1.height == 0) || (Img1.width == 0))
            {
              valid = false;
              alert("The file is invalid.");
            }
            else
            {
              document.form1.height.value = Img1.height;
              document.form1.width.value = Img1.width;
            }
          }
        }
        return valid
      }
    // End -->
    </script>
    </head>
    
    <body>
    <form method="post" enctype="multipart/form-data" name="form1" onSubmit="return CheckUpload()">
    <input type="hidden" name="height" value="0">
    <input type="hidden" name="width" value="0">
    <input type="file" name="filesent">
    <input type="submit" value="Send File">
    </form>
    </body>
    </html>

IMN logo majestic logo threadwatch logo seochat tools logo