Best Way To Do Extra Validation

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Best Way To Do Extra Validation

Post by JakeJ »

I'm using a validation class that works great for sanity checking my input fields but I need a little bit of extra checking done that this class just isn't capable of and I'm trying to decide the best way and thought I'd ask for input from you guys.

Mostly these extra checks are related to whether or not some numbers entered make sense.

The way I was considering doing this is having a some php code in the form that is only activated if a session variable is returned to it when redirected back to the form.

Is there a better way?

I'm interested in Feedback.
User avatar
mecha_godzilla
Forum Contributor
Posts: 375
Joined: Wed Apr 14, 2010 4:45 pm
Location: UK

Re: Best Way To Do Extra Validation

Post by mecha_godzilla »

I would think that you'd want to do your extra validation after the values had been sanitised, otherwise you're trying to validate data that is "doubly" wrong (IE it doesn't pass the first set of validation rules, so it certainly won't pass the second set.) By extra validation, I'm assuming you mean things like checking phone numbers for correct format - is this right?

Where you put this validation depends on how often its going to be called and what it needs to do. Does your class trap all the $_POST values received from the form or do you 'send it' the values you want validated? If it traps all your $_POST values automatically then you probably do need to think about using session variables to tell the script to "run the phone number check" or whatever else is required.

If possible, can you post up some code that shows what the validation class does, or how you call it, or what sort of extra validation you need to do?

HTH,

Mecha Godzilla
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: Best Way To Do Extra Validation

Post by JakeJ »

The first set of validation is checking phone numbers, etc. The second set of validation does stuff like check to see if a loan payment is at least enough to cover the interest due on the loan and other such calculations.

I'm using vdaemon for my initial validation class.

The other validation is not class based.

I am doing all of this in sessions. I turn the $_POST data in to $_SESSION data and read it back in to the form when there is an error and it's resubmitted for validation all over again.

Code: Select all

$errors = 0;
	
	foreach($_POST as $k=>$v) {
		$_SESSION[$k]=$v;
	}
	
	
	If ($min_pay < $balance * divcheck($apr,12)) {
		$_SESSION['mortgage_payment_error'] = '***The payment you have entered is less than 
		minimum amount required to at least pay the interest. In the event that you are
		currently paying less than the minimum required, we realize this is a temporary
		situation and request that you enter the minimum payment required. This will
		assist us in making the best long range forecast for your Equity Creator Blueprint.';		
		$errors ++;
				
	}
	
	If ($current_pay < $min_pay) {
		$_SESSION['mortgage_current_payment_error'] = '***Your Current Payment Should be equal to or higher
		than your Minimum Payment.'
		$errors ++;
	}
	
	If ($balance OR $originalbalance OR $originalterm OR $min_pay OR $current_pay or $apr or $escrow <0) {
		$_SESSION['negative_number'] = '***You have entered a negative number in one of your fields, please correct it and resubmit.;
		$errors ++;
	}
	
	If ($original_term > 50 or < 5) {
		$_SESSION['mortgage_term_error'] = '***Your Original Mortgage term must be a number between 5 and 50. Please correct and resubmit.';
		$errors ++:
	}
What I'm thinking about is submitting all of the session errors to another session variable that is an array and then looping through them on the form page.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Best Way To Do Extra Validation

Post by Christopher »

JakeJ wrote:I am doing all of this in sessions. I turn the $_POST data in to $_SESSION data and read it back in to the form when there is an error and it's resubmitted for validation all over again.
It seems strange to assign post data into the session and then read it back again. It seems like you could just keep passing it in the form. And if one of your basic checks fails and then one of your custom checks fails you can just gather up the error messages and display them as necessary.
(#10850)
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: Best Way To Do Extra Validation

Post by JakeJ »

The reason I'm assigning $_POST data back in to the session is so that it will be there for the user to correct the mistakes. Otherwise, the form would be blank again.

I'm using vdaemon as my initial validator but it doesn't do some things I want it to so I go through a second round, that's my custom validator.

I had never written my own validator before and maybe after I'm done with this project, I'll turn it in to a class and extend it out to some more functionality.

When the user is returned to the form after validation and submits again, I completely unset the array I've created to hold all the validation messages as well as the error messages themselves. It frees up memory and starts the process over fresh again.

When the post data goes back to the action page, it's read in yet again and goes through the checks. It seems like a clean system to me and I couldn't think of a better way to do it on short notice. If you have a better way though I'm all ears.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Best Way To Do Extra Validation

Post by Christopher »

I guess I am confused. Is the form posted to a second page and then the user is sent back to the form? The usual practice is for the form to post to itself until validated, and then redirect to a success page. And since the form posts to itself, you can just repopulate the form with the filtered/escaped values from the previous submission.
(#10850)
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: Best Way To Do Extra Validation

Post by JakeJ »

Yes, the form is posted to a second page and then back to itself if there is an error or continues on to another page after some database inserts, etc. if there are no errors. Don't ask me why I did it that way to start with, it seemed to make sense to me at the time. I haven't done much with forms and I think I didn't realize that a form could post to itself or that it would even make sense.

Even so, I need the $_POST data as $_SESSION data because users might have to step back through several forms to do it.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Best Way To Do Extra Validation

Post by Christopher »

JakeJ wrote:Even so, I need the $_POST data as $_SESSION data because users might have to step back through several forms to do it.
Even with multiple steps you can post to yourself. You just need to wrap the forms in some control code to deal with tracking the step you are on (what can be saved in the session). Technically it is called an Application Controller.
(#10850)
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: Best Way To Do Extra Validation

Post by JakeJ »

Is there any disadvantage to using $_SESSION data instead of $_POST?. In come cases I might need $_SESSION data on a later page and I don't want to keep posting it all through just to maintain it from once include file to another. That seems a bit unwieldy.

What I am doing though is destroying all of the Session error variables upon submit.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Best Way To Do Extra Validation

Post by Christopher »

No, nothing wrong with using the session for holding data that is needed on more than one page. That is what it is for.
(#10850)
Post Reply