Form Validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

Form Validation

Post by Ree »

which form validation method do you prefer - PHP or Javascript? both have cons and pros, but which do you use?
paulng
Forum Commoner
Posts: 28
Joined: Mon Jul 11, 2005 9:31 am

Post by paulng »

I prefer JavaScript as it is done on the client and reduces the work that the server has to do. But PHP would be more secure in terms of not revealing information such as email addresses on the web. 8)
User avatar
bokehman
Forum Regular
Posts: 509
Joined: Wed May 11, 2005 2:33 am
Location: Alicante (Spain)

Post by bokehman »

Javascript is client side. This means super fast validation and that the form will definately be valid when submitted. PHP validation is done on the server so It will validate input which was not validated because the client had javascript disabled. It also has the advantage of being able to use certain resources like MySQL and others.

Lastly even if you are successfully using javascript for validation you must still validate with PHP for security reasons.

What I don't like is when people do javascript validation with tacky pop up alerts. Personally I would use a hidden div. Then at least it is part of the page.
paulng
Forum Commoner
Posts: 28
Joined: Mon Jul 11, 2005 9:31 am

Post by paulng »

bokehman... well explained!! and I agree about the pop up alerts :)
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

Post by Ree »

What I don't like is when people do javascript validation with tacky pop up alerts. Personally I would use a hidden div. Then at least it is part of the page.
just could you please explain this part? you don't like popup messages telling 'Email address is invalid'? why? also, how do you use that div?
User avatar
bokehman
Forum Regular
Posts: 509
Joined: Wed May 11, 2005 2:33 am
Location: Alicante (Spain)

Post by bokehman »

Ok Ree! I hate pop up messages because it makes me feel like the webserver is controlling my browser and I am not the one in control. Have a look at my email validation test page. Enter an email address and then jump to the next cell. It checks the email address (onblur) but without a pop up alert. Try it to see what I mean but remember this is only a test so the layout is very basic.
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

Post by Ree »

yeah now i see, nice stuff you did on that email validation.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

As already posted, you ALWAYS have to do server-side validation.
1. Users may have JavaScript turned off
2. Malicious attackers could be directly feeding your server bad data, etc.

The number one rule of defensive web-programming: Never Trust the User! (Or things under his/her control.)

After you have your server-side validation working properly, if you can add on a client side one, that will help responsiveness concerns and is therefore a good thing, just don't rely on it.
Post Reply