Forms - How to check for all required fields are filled out

JavaScript and client side scripting.

Moderator: General Moderators

WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

Still There?
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

??? help ??
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

I'm gonna steal a quote from Feyd here:

"I can only show you the path, you must walk it".

hint: try alerting your msg.length and see what it is....
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

The alert msg length is at 9999 characters. Im still getting unwanted characters through

a-z
A-Z
0-9
@#,.

are the only ones that should be allowed.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

WizyWyg wrote:The alert msg length is at 9999 characters. Im still getting unwanted characters through
that's your problem....
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

??? i dont understand.
Please explain
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

ok figure out the length of this string

Code: Select all

The following fields were either left blank or contained special characters, please fix and resubmit. \n\n
then add a few chars (for padding and insurance), and change your number in your 'if' condition to match that number. Then if the string length is greater than that number, it will throw the alert and the submit will fail.

you will probably need to escape your '-' in your pattern as well....
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

i've set it at 140

% is being allowed (also an unwanted character)
& is being allowed
* is being allowed
( ) are being allowed
+ is being allowed
' is being allowed
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

Now, if i dont complete the State field, it'll submit without the warning message (so if you froget the zip code, it submits without it)

If I complete up to the City field, the warning messages pops up.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

Wow, Burrito you may have a whole point of your total posts just in this thread...

Couple comments. If you are being so AR with the exact validation of these forms then why are you leaving the validation up to javascript? Also, bumping with ??? help ? or Still there? is not appropriate. If you have to bump after a couple days please bump with something more useful, such as "OK, I've tried this but..."
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.

And the bump is after two days, of it not working. I wouldn't bump if it didn't work after testing out what is not working. I figured the last post already stated that certain characters were still being allowed through was more than enough to know that something is still not working, right?

If it were up to me, i'd be working with a database on the server, but that is a luxury that we dont have and will never implement.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

WizyWyg wrote:We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
You understand that client side validation is only to improve the user experience and reduce traffic. If you are saving data into a database you need to filter it on the server side. Hackers don't need you use your page to submit data -- they can make their own with no validation and pass whatever they want. That is why server side filtering and escaping is always mandatory (ok "always mandatory" is redundant, but this is an inportant point).
(#10850)
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

arborint wrote:
WizyWyg wrote:We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
You understand that client side validation is only to improve the user experience and reduce traffic. If you are saving data into a database you need to filter it on the server side. Hackers don't need you use your page to submit data -- they can make their own with no validation and pass whatever they want. That is why server side filtering and escaping is always mandatory (ok "always mandatory" is redundant, but this is an inportant point).
can't filter it on the database server. the server is not a 'generic' database, and the only thing it can do is receive email. takes each email and stores it as its own message. the content of each email must be "clean" so that a dump of all the messages will not be impeded. So, whatever I can do on the interface side to reduce the amount of work on the database side ( i dont have access, control or any way of seeing what / how the information received looks) the better it is.

So, now, why is the form submitting without the State field being filled out?
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

**grumble*** stupid cache.

the form now works as it should

Thanks burrito for your help.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

WizyWyg wrote:
arborint wrote:
WizyWyg wrote:We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
You understand that client side validation is only to improve the user experience and reduce traffic. If you are saving data into a database you need to filter it on the server side. Hackers don't need you use your page to submit data -- they can make their own with no validation and pass whatever they want. That is why server side filtering and escaping is always mandatory (ok "always mandatory" is redundant, but this is an inportant point).
can't filter it on the database server. the server is not a 'generic' database, and the only thing it can do is receive email. takes each email and stores it as its own message. the content of each email must be "clean" so that a dump of all the messages will not be impeded. So, whatever I can do on the interface side to reduce the amount of work on the database side ( i dont have access, control or any way of seeing what / how the information received looks) the better it is.

So, now, why is the form submitting without the State field being filled out?
Makes me want to write a Greasemonkey script :) :) :) :)
Post Reply