• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Form Validation Javascript+PHP

B

bigoh5

n00b
Joined
Mar 19, 2009
Messages
12
Hi all,

I am working on a web page in which a user enters form information, and the idea is that javascript will validate all the form entries and if its all valid, then a PHP script will insert it into a MySQL db. How should I go about doing this? I currently have the form, and a JS function that runs onclick. Now how do I have the PHP script take over from here? I would also like to be able to go to a thank you page if all is okay, else I want to reload the page with an error message.

Any help is appreciated.
 
Be sure to do the validation in the PHP as well. Javascript can be disabled, and GET/POST data can be spoofed. Use AJAX (or just plain old Javascript, whatever) to populate a div tag with an error message if the Javascript catches an error. If the PHP catches an error, have it display an error page.
 
Arainach, thanks for your reply. How can I get the PHP script to run/validate after Javascript validates?
 
Have you done any PHP programming before? When the form submits, it sends its data to a PHP script.
 
Check out this link: http://www.tizag.com/phpT/postget.php

That, and the many other great tutorials you can find there, will get you started if you are just learning PHP.

Use JS validation to help the user, such as dynamically highlighting mistakes by adding and removing text from divs and spans. So, if the user enters "_me@/sample/.com" you could dynamically add to a span "Invalid e-mail address" and temporarily disable the submit button until the user fixes the error.

Use Server-side PHP validation to strip harmful SQL or bad characters from form inputs, check for correct values, and either process the form or rebuild the form with errors. Ideally, your program should not care if the user has java script enabled or disabled.

What Arainach said is very important and can be summed up like this: NEVER TRUST USER INPUT, which means anything coming to you from a POST or GET even if it's been validated via JS on the clients end.
 
you might consider making the form work without javascript first, ensuring the php validation works correctly, then implement the javascript validation since you need to do the first part regardless
 
You must log in or register to reply here.
Back
Top