Forms - How to check for all required fields are filled out
Moderator: General Moderators
ok figure out the length of this string
then add a few chars (for padding and insurance), and change your number in your 'if' condition to match that number. Then if the string length is greater than that number, it will throw the alert and the submit will fail.
you will probably need to escape your '-' in your pattern as well....
Code: Select all
The following fields were either left blank or contained special characters, please fix and resubmit. \n\nyou will probably need to escape your '-' in your pattern as well....
Wow, Burrito you may have a whole point of your total posts just in this thread...
Couple comments. If you are being so AR with the exact validation of these forms then why are you leaving the validation up to javascript? Also, bumping with ??? help ? or Still there? is not appropriate. If you have to bump after a couple days please bump with something more useful, such as "OK, I've tried this but..."
Couple comments. If you are being so AR with the exact validation of these forms then why are you leaving the validation up to javascript? Also, bumping with ??? help ? or Still there? is not appropriate. If you have to bump after a couple days please bump with something more useful, such as "OK, I've tried this but..."
We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
And the bump is after two days, of it not working. I wouldn't bump if it didn't work after testing out what is not working. I figured the last post already stated that certain characters were still being allowed through was more than enough to know that something is still not working, right?
If it were up to me, i'd be working with a database on the server, but that is a luxury that we dont have and will never implement.
Yes Im AR about it because we cant have those cahracters pass through.
And the bump is after two days, of it not working. I wouldn't bump if it didn't work after testing out what is not working. I figured the last post already stated that certain characters were still being allowed through was more than enough to know that something is still not working, right?
If it were up to me, i'd be working with a database on the server, but that is a luxury that we dont have and will never implement.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
You understand that client side validation is only to improve the user experience and reduce traffic. If you are saving data into a database you need to filter it on the server side. Hackers don't need you use your page to submit data -- they can make their own with no validation and pass whatever they want. That is why server side filtering and escaping is always mandatory (ok "always mandatory" is redundant, but this is an inportant point).WizyWyg wrote:We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
(#10850)
can't filter it on the database server. the server is not a 'generic' database, and the only thing it can do is receive email. takes each email and stores it as its own message. the content of each email must be "clean" so that a dump of all the messages will not be impeded. So, whatever I can do on the interface side to reduce the amount of work on the database side ( i dont have access, control or any way of seeing what / how the information received looks) the better it is.arborint wrote:You understand that client side validation is only to improve the user experience and reduce traffic. If you are saving data into a database you need to filter it on the server side. Hackers don't need you use your page to submit data -- they can make their own with no validation and pass whatever they want. That is why server side filtering and escaping is always mandatory (ok "always mandatory" is redundant, but this is an inportant point).WizyWyg wrote:We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
So, now, why is the form submitting without the State field being filled out?
Makes me want to write a Greasemonkey scriptWizyWyg wrote:can't filter it on the database server. the server is not a 'generic' database, and the only thing it can do is receive email. takes each email and stores it as its own message. the content of each email must be "clean" so that a dump of all the messages will not be impeded. So, whatever I can do on the interface side to reduce the amount of work on the database side ( i dont have access, control or any way of seeing what / how the information received looks) the better it is.arborint wrote:You understand that client side validation is only to improve the user experience and reduce traffic. If you are saving data into a database you need to filter it on the server side. Hackers don't need you use your page to submit data -- they can make their own with no validation and pass whatever they want. That is why server side filtering and escaping is always mandatory (ok "always mandatory" is redundant, but this is an inportant point).WizyWyg wrote:We need the validation on the submission because its all being sent by email to a database server that can't accept certain characters.
Yes Im AR about it because we cant have those cahracters pass through.
So, now, why is the form submitting without the State field being filled out?