Hi there, first post on devnet - just got done reading the board rules so lets give this a go.
Two parts to it - Javascript validation then Server side validation and keeping things sanitary if they're writing to a DB.
Your Javascript validation part is pretty simple... there's hundreds of great scripts out there that do a fine job on this one - my personal favorite being "Really easy field validation" by Dexagogo :
http://www.tetlaw.id.au/view/javascript ... validation
This script uses some nice AJAX referencing classes in order to validate on all sorts of things. Also - you can set up your own validation rules (which I have found immensely valuable) without much trouble at all. The article has plenty of great examples as well as all functionality outlined in a easy to implement way.
Server side validation is a bit more difficult as there is two issues there - database sanitization as well as basic validation.
Checking to see if there is values there is a simple if conditional, example :
(let us assume both fielda and fieldb are required inputs)
Code: Select all
//Grab posted values
$fielda = $_POST['fielda'];
$fieldb = $_POST['fieldb'];
//If theres something in both fielda and fieldb show success, if not show failure
if($fielda && $fieldb)
{
echo "Success<br />";
}
else
{
echo "Failure<br />";
}
Now that'll make sure that there's values in BOTH variables thanks to the && operator.
The next link in the bucket is a validation plugin for Smarty - this one has some good regular expression based validate functions at the end of it that I've borrowed for my server side. The three are "is the variable really empty?", "is the variable only letters?" (good for username validation), and the most valuable one "is this a valid email address?".
http://www.phparchitecture.com/script_show.php?id=6
So basically my server side validation ends up looking very similar to this (with renamed functions and what not...)
Code: Select all
require_once("validation.php");
//grab your values from the post
$email = $_POST['email'];
$fname = $_POST['fname'];
//test if email is a valid email address, if not assign error
if(!isEmail($email))
$error = "Not a valid email address";
//test if the name consists of letters, if not assign error
if(!isLetters($fname))
$error = "Not a valid name";
//if there's an error - print out the error - if not carry on my wayward son
if($error)
echo "$error <br />";
else
{
//Success on the validation of the email and the name, put server post here/any code you need to process the form.
echo "Success <br />"
}
validation.php example
Code: Select all
//Functions for validation kindly borrowed from :
//http://www.phparchitecture.com/script_show.php?id=6
function isLetters($value)
{
$value = ereg_replace(" ", "", trim($value));
if (!preg_match("/^[a-zA-Zs.-]+$/i", $value)) {
return false;
}
return true;
}
function isEmail($value)
{
$value = trim($value);
if (!preg_match(
'/^[-!#$%&'*+./0-9=?A-Z^_`{|}~]+'. // the user name
'@'. // the ubiquitous at-sign
'([-0-9A-Z]+.)+' . // host, sub-, and domain names
'([0-9A-Z]){2,4}$/i', // top-level domain (TLD)
trim($value))) {
return false;
}
return true;
}
PHP also has a built in function for checking numerics: is_numeric($value)
which adds two more simple functions (I'm honestly writing this by the hip so I may screw up)
Appending validation.php example
Code: Select all
//uses the is_numeric function to see if value is numeric or not - there's plenty of different methods
//such as assigning an int (but if number is too big weird things happen) to using a regular expression on 0-9
function isNum($value)
{
if(is_numeric($value))
return true;
return false;
}
//function to test numerics and string length of a zipcode (5 digits on my side of the world)
//uses strlen to test the length of the string
function isZip($value)
{
if(is_numeric($value) && strlen($value) == 5)
return true;
return false;
}
Now - with all of that said - there's still the sanitizing the DB query... which I don't feel like getting into - but hop over to the security board as there's always plenty of articles about that. No matter what you do - sanitize the query if something is going to have anything other than A-Z a-z and 0-9 in the string.
Sorry its a long response - but its a really general question.
Hopefully this helps.
Take care
-John[/b][/url]