royalkin — 2011-09-04T07:54:29-04:00 — #1
Greetings. I have been trying to learn the proper way to validate a webform using best practices and methods. I've learned that to do this properly, both server-side and client side must be used to ensure proper data submission and for security issues.
The benefits the user gains by a designer using client-side validation seem to fly right out the window if server-side validation is used also. It seems to defeat the whole purpose of client-side validation? :mad:
In case some of you are confused as to my problem, here is an example.
- User inputs data, and submits.
- If errors are found, an error div or multiple prompts direct the user to correct the errors on the same page near the form, otherwise the data is submitted, and success div is displayed.
- Correct data is submitted to php file (if validation exists, how do I handle the errors, and in a manner that doesn't make the client-side error correction pointless) and sent to the website owner's email.
I seriously need help, and any suggestions or tutorials or other information would be greatly appreciated. Please remember though I'm a programming noob, and very right-brained.
guido2004 — 2011-09-05T05:33:19-04:00 — #2
You can have PHP echo out anything you want.
Error messages, codes, complete divs, whatever.
It depends on what you need to have the JS on the client side display what you want.
royalkin — 2011-09-05T05:30:55-04:00 — #3
Could you explain (at least briefly) how to do this with PHP?
guido2004 — 2011-09-05T05:26:48-04:00 — #4
otherwise the data is submitted, and success div is displayed.
I guess the data is submitted using AJAX?
If so, don't just display the success div, but have the PHP script return the result and use that to decide what to display (a success div, an error, whatever).
royalkin — 2011-09-05T03:59:45-04:00 — #5
I guess I'm not being clear, if so I apologize.
What I need to know since I have a single page site, is there a way to use PHP server-side validation without requiring separate pages for errors and success?
system — 2011-09-04T23:26:11-04:00 — #6
Then why did you ask
if you already knew the answer?
royalkin — 2011-09-04T21:33:01-04:00 — #7
Thanks for the reply, however I already knew this. What I want to know is what do you do with the errors that might be generated when using server-side validation. Normally when using a simple echo, the PHP spits out black text on a white background, or when using nothing, you simply get a blank page?
Is there a way to validate without the user knowing they've submitted errors, especially since they have already dealt with error correction during the client-side validation?
goldensona — 2011-09-04T08:25:48-04:00 — #8
system — 2011-09-04T08:40:43-04:00 — #9
2) submitting bogus data using either GET or POST directly to the page processing the form data without using the input form at all.
You cannot stop users from doing 1 and/or 2 above.
So in summary, if data integrity/security is an issue (whether user inputs are going into a database or not) then you must do server side validation and client side validation is used solely to optionally provide instant feedback to users.
mattmac — 2011-09-22T22:07:56-04:00 — #10
I really hate making forms. I've been using Wufoo.com for the past couple years instead of hacking together my own forms. I use Wufoo for the contact form on rocket web for example.
royalkin — 2011-09-23T05:38:05-04:00 — #11
It's a gigantic pain, if and when the people at Microsoft pull their heads out of their ***** and make Internet Explorer HTML5 compliant as far as the built in validation support, we will all be better off. Internet Explorer is constantly holding back web design and development.
I will take a look at Wufoo, but I really like being self-sufficient which is why I'm trying to learn this stuff.
guido2004 — 2011-09-23T05:59:56-04:00 — #12
Because you have a 1 page site, and don't want to show separate pages for errors and succes, you have two options:
- send the form to the same page and add the php code that validates the form data, sends the mail (if no errors are found) and displays the entire page again with succes message or error messages at the right places.
- use AJAX: send the form data to a php script using ajax, and then act upon the result sent back by the php script. The easiest way would be (IMO) to have the php script return the entire form including succes message or error messages and change the innerHTML of the form element that contains the form.
If you need it, here's an intro in the basics of AJAX.
If you need help with the first option, just post your code and we'll surely be able to point you in the right direction.