FORUMS


The Form Tools forums are no longer active, but the old posts have been archived here. Please see the Help page on how to get help / report issues.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
3 Different Validation Methods - Why?
#1
Hey there,

i took the Demo 3 (Something with Flight/Travel Registration) as Template for my own Form.
I rewrote the code using some of the code already present.
This is where i discovered that you are using three types/methods of Validation.

1. Client-Side Validation with JS and rsv.js.
e.g.
Code:
<script type="text/javascript" src="rsv.js"></script>

  <script type="text/javascript">
  var rules = []

  // Attendee / work information
  rules.push("required,name,Please fill in your name.");

  </script>

2. Server Side Validation with PHP using validate_fields();
e.g.
Code:
$rules = array();
  $rules[] = "required,name,Please fill in your name.";
  $errors = validate_fields($_POST, $rules);


3. Server Side Validation with PHP filling the Error Array by yourself.
e.g.
Code:
if (isset($_POST) && !empty($_POST))
{
  if(!empty($_POST['name']))
        $errors[] = "Please fill in your name.";
}

Is there an advantage in using two or all three Methods at the same time? Or should i choose only one method?
Is the second Method more reliable because Client-Side is JavaScript?
Is the third for checking more complex conditions like the following?
Code:
if(!empty($_POST['a']) && empty($_POST['b']))
        $errors[] = "Please fill in B when providing A.";

Thanks in advance for replies, asgaroth
Reply
#2
Hi Asgaroth,

Sorry for not responding to this sooner.

There are really only two methods: client-side (JS with RSV) and server-side (with the PHP version of RSV). Both validation libraries come bundled with Form Tools for your use. Depending on your requirements, you can use one, both or neither.

RSV
Using the Really Simple Validation JS has it's advantages. First, it lets the user know what the problems are right away - right at the moment they submit the form. From a usability perspective, client-side validation is terrific. However, there are drawbacks: maybe the user doesn't have javascript enabled in his/her form, or maybe you're dealing with someone Evil who wants to hack your form by submitting dud values: this is all too easy for hackers, so the security-conscious can't rely on client-side validation.

PHP Validation
This is done on the server and is immutable. Provided your logic is tight, hackers won't be able to get around it. However, from a usability perspective it's kind of crumby: users would submit the form, wait, then the page would reload showing whatever errors were detected by the server.

So most times, I use both methods. That's pretty much the difference!

The third point you raised is actually just syntactic. Javascript and PHP are very different languages and work differently. The rules.push("if:condition,...") syntax of RSV was written to allow for conditional logic to be applied to your validation rules, but on the server, you don't need anything so fussy (though if memory serves, it still supports that syntax...).

Anyway, hope this info helps! Big Grin

- Ben
Reply
#3
Validation Vs Sanization Validation means the string format is exactly what you want Validated String can't be assumed 'Secure' Can't know if validated string might have malicious characters meaningful for various back-end systems That's why, validated one needs to be sanitized!
Reply
#4
I need a function or a few lines of code that will check whether a password that has been entered contains 2 numbers and 2 letters and checks that they DONT contain characters like < > ? & $
Can any one help me out.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)