Page 1 of 1

Form Validation

Posted: Wed Nov 07, 2007 9:25 am
by monkeymafia
Hi

I am trying to validate my form. Ive read a few books and none tell you how to validate a form before it gets sent to a database. how would I go about validating my form.

I want to it to be client side validation using javascript. this is the code i have for inserting data into database via form:

Code: Select all

<?php

if (!isset($_POST['submit'])) {
?>

  <?php
}
 else {
          $userid = $_POST['username'];
          $subject = $_POST['subject'];
          $cat = $_POST['category'];
          $subcat = $_POST['subcat'];
          $priority = $_POST['priority'];
          $tel = $_POST['telno'];
          $email = $_POST['email'];
          $message = $_POST['message'];
          
mysql_query("INSERT INTO technicalproblems (fk_memberid2, subject, cat1, cat2, priority, tel, email, message) 
VALUES ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($subject) . "', '" . mysql_real_escape_string($cat) . "', '" . mysql_real_escape_string($subcat) . "', '" . mysql_real_escape_string($priority) . "', '" . mysql_real_escape_string($tel) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($message) . "')");      
  header('Location: http://www.test.com?fk_memberid=' . $userid);
  }

Code: Select all


<FORM name="drop_list" action="useraccount.php" method="POST" >



<table width="660" cellpadding="0" cellspacing="0"><tr><td align=left>

<input type="hidden" name="action" value="tickets"><input type="hidden" name="id" value="new">
<table width="660" cellpadding="4" cellspacing="1" bgcolor="#3366CC">
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Username</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="username" type="text" size="50" readonly value="<?php echo $_GET['memberid']?>"</td>
  </tr>
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Subject</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="subject" type="text" size="50"></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Category</strong></td>
    <td bgcolor="#FFFFFF">
    
<SELECT  NAME="category" onChange="SelectSubCat();" >
<Option value="">Category</option>
</SELECT>&nbsp;
<SELECT id="SubCat" NAME="subcat">
<Option value="">SubCat</option>
</SELECT>

	</td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Priority</strong></td>
    <td bgcolor="#FFFFFF"><select name="priority">
      <option value="QUERY" selected>QUERY</option>
      <option value="LOW">LOW</option>

      <option value="MEDIUM">MEDIUM</option>
      <option value="HIGH">HIGH</option>
    </select></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Tel No. </strong></td>
    <td bgcolor="#FFFFFF"><input name="telno" type="text" id="telno" size="20"></td>

  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>E-Mail address</strong></td>
    <td bgcolor="#FFFFFF"><input name="email" type="text" id="email" size="40" value="<?php echo $row['email'] ?>" /></td>
  </tr>
  <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF">
    <br><b>Message</b><br><textarea name="message" cols="100" rows="10" class="message"></textarea><br></td>
      </tr>
      <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF"><b>Attachment</b><br>
    <br><input name="attach" type="file" id="attach"></td>
  </tr>
  <tr>

    <td colspan="2" align="center" bgcolor="#FFFFFF"><input type="submit"  value="Create ticket" name ="submit" onClick="return validate_form()" class="submit2";></td>
  </tr>
</table>
<br><br>
</td></tr></table><br>	</td>
  </tr>
</table>
<br /></td>
              </tr>
            </table></td>
          </tr>

          <tr>
            <td height="13" background="page_bottom.gif"></td>
          </tr>
        </table></td>
      </tr>
    </table>
    </td>
  </tr>

      </table>
  </form>


  ?>
any help and advice is greatly appreciated. thanks

Posted: Wed Nov 07, 2007 9:39 am
by aceconcepts
Why not try searching for "javascript form validation" in a search engine.

Posted: Wed Nov 07, 2007 9:58 am
by monkeymafia
its okay i figured it out. thanks :lol:

Posted: Wed Nov 07, 2007 10:30 am
by CoderGoblin
Validation on the server side is always necessary even if you perform validation through javascript.

The server is the only place where you can be certain of the information you are processing. Remember bypassing javascript validation is achieved simply by switching javascript off. Either your form won't work or you may get incorrect information. Even if you insist on validation (javascript changes hidden field for instance before submitting), as it is based on the client's machine it can be bypassed.