Form Validation

M

Mabrito

Supreme [H]ardness
Joined
Dec 24, 2004
Messages
7,004
I am designing a website composed of HTML and PHP. I have a couple forms that I would like to add validation too. I know I need to use Ajax to do the validation but don't know where to begin on implementing it. I am very new to Ajax, so if anyone has any good sites they can direct me to or examples that would be great.

Basically all I am validating is no empty text boxes when the submit button is clicked and some of the text boxes only contain number values.
 
Don't know, just assumed Ajax was the thing to use for the form validation? What else do you suggest?

HTML/PHP is all new to me, im used to ASP.NET in web design, just the client of mine got a web hosting package that doesn't support .NET, so im basically learning a new language which isn't all that hard, just different syntaxs.
 
I don't develop in php, but I would assume that you can use the same model as I would in .net:

Validate client-side with javascript
Validate server-side with php
Have punch and pie
 
With a bit of extra work you can 1 write set of validation that works without javascript enabled but also works with javascript (ajax). It would be written in PHP.

The end result is you only need to write your validation logic once, and then call your validation logic with a specific return type parameter.

Example... in my production level validation class the validation methods have a $json param. If this is set to true then I return the validation error content in json format, otherwise it returns it in HTML.

This way I can report the error with ajax (using jQuery) or just have it come up when the page is loaded normally. The only thing I have to do is call the validation in the PHP code and have a javascript file which also calls the validation.

This way it falls back like:

If javascript is enabled, validate in real time with ajax.
otherwise do the validation on form submit.
 
Validating forms in Javascript is optional. Validating them server-side in PHP (i.e. validating data that's been submitted, not just AJAX) is not.
 
maw said:
No, no, no!!!!! Never, EVER rely solely on javascript for form validation. If I disabled javascript in my browser, then your validation script immediately becomes useless and I could enter whatever I wanted causing all kinds of intended or unintended mayhem.
Click to expand...

Kind of forgot about that aspect ha. How would you suggest going at this then?
 
There's no real auto-magical approach to this because to get the best of both worlds (real time validation that also falls back to work server side) requires mixing and matching 2 different languages.

Google for:
"PHP form validation"
- Get this working 100%.

"Ajax form validation"
- Get this working by itself.

Now use your skills as a programmer to figure out a way to tie them together in such a way that you only have to write the code once yet it'll work in both methods.
 
Alright can do. Would the Ajax for validation count as what I have now with the javascript method I have or totally scratch what I have now?
 
No, because the validation code is written in javascript. It's up to you really. If you want to get ultra lazy and end up with unmanageable spaghetti code then you can keep your working javascript validation and then re-validate it with PHP validation on form submit.

It will work and likely be secure but it'll be a mess.
 
ShoeLace said:
No, because the validation code is written in javascript. It's up to you really. If you want to get ultra lazy and end up with unmanageable spaghetti code then you can keep your working javascript validation and then re-validate it with PHP validation on form submit.

It will work and likely be secure but it'll be a mess.
Click to expand...

No I will definitely change it. For right now, I am going to keep the Javascript code. Get the person who I am designing this website for a working version and then modify it down the road. This website isn't anything major, just mostly a website with a tons of information and documents and a couple forms for survey's. Its not a big deal if I change it down the road once a running version is going.
 
It's a big deal not to change it right away. Server side (PHP) validation is 10000000x more important than having an alert box (the most annoying thing in the universe) come up and tell you right away that you forgot your first name.

Imagine inputting all of that information and documents and then some douche bag goes to your site and injects a truncate on that table? Then *poof*, it's gone forever unless you happen to be running backups.
 
I would not recommend putting anything out on the Internet that does not have server-side validation in place first.

And don't forget to sanitize your input using mysql_real_escape_string at the very least. I would also recommend looking into the PHP filter_var functions for additional help with the number field input validation.
 
Actually I am not using any database for this site. The forms are a Contact Us form, where it will use the PHP mail function to send out a email and then two surveys, where once the submit button is clicked on either survey, it is parsed into a readable text file and sent to via the PHP mail functions.

But I am looking into the form validation. PHP is new to me and I am used to the ASP.NET ways of doing things since they have built in form validation tools or its really easy to create a label and have it triggered, etc. Im a quick learner so I will have this ironed out by tomorrow or Wednesday....hopefully haha.
 
maw said:
No, no, no!!!!! Never, EVER rely solely on javascript for form validation. If I disabled javascript in my browser, then your validation script immediately becomes useless and I could enter whatever I wanted causing all kinds of intended or unintended mayhem.
Click to expand...

If you have Javascript disabled, the XMLHttpRequest he's using wouldn't run either. Regardless, I always validate client-side and server-side. On the client-side, I make sure the data being transmitted is complete, safe and in the proper format. On the server-side, I check to make sure the data is valid and again make sure it's safe.
 
You must log in or register to reply here.
Back
Top