Advanced Form Validation

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

Not sure what you mean by "old ways". I don't see how a credit card input form is more complicated. A RuleCreditCard class would be straightforward to write. And, if you add a new field you will have to add HTML and PHP code and Javascript to display and manage that field -- no way around that.
Well , then let take an other example : you have to fill a customer form or order form , you will have to enter :

- Name , Lastname , Mid Name
- D.O.B
- Your address
- Credit card number
- Your name on credit card
- Bill address
- etc , so many things to tell :oops: 8O

What i want to mention is the number of form fields , your code may look like

Code: Select all

$pool->add(rule);
$pool->add(morerule);
$pool->add(moremorerule);
$pool->add(moremoremorerule);
$pool->add(moremoremoremorerule);
$pool->add(moremoremoremoremorerule);
$pool->add(moremoremoremoremoremorerule);
8O :oops: :evil:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

All this stuff just reinforces my use of "controls." A US Phone Number control, date control, datagrid control, or address control for example. Each may contain zero or more form elements in HTML rendering. Each has helper Javascript to quickly validate, with an optional Ajaxed validation and enforced server validation on final submit (Ajaxed or standard posted, based on degradation.)

The server knows when and where each control is supposed to be in the submission data based on the layout dictated by the "page" template used.


I can't post code for this yet, as I'm in the middle of creating this type of codebase again for open sourcing.
User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

All this stuff just reinforces my use of "controls." A US Phone Number control, date control, datagrid control, or address control for example. Each may contain zero or more form elements in HTML rendering. Each has helper Javascript to quickly validate, with an optional Ajaxed validation and enforced server validation on final submit (Ajaxed or standard posted, based on degradation.)
Sound interesting . Hope you can share your code :)

I'm very interested in your opnion about this , please share with us !
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

quocbao wrote:Well , then let take an other example : you have to fill a customer form or order form , you will have to enter :

- Name , Lastname , Mid Name
- D.O.B
- Your address
- Credit card number
- Your name on credit card
- Bill address
- etc , so many things to tell :oops: 8O

What i want to mention is the number of form fields , your code may look like

Code: Select all

$pool->add(rule);
$pool->add(morerule);
$pool->add(moremorerule);
$pool->add(moremoremorerule);
$pool->add(moremoremoremorerule);
$pool->add(moremoremoremoremorerule);
$pool->add(moremoremoremoremoremorerule);
8O :oops: :evil:
I am really not sure I understand. How do you propose dealing with form fields if you don't have some code for each form field? The point of a Validator is to have each line be a clear description of what you are validating. Do you have an alternative. The Chris Campbell examples spreads the data all over the place.
(#10850)
User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

Do you have an alternative
I'm trying to do that :) . i don't have one till now , just one from Chris

Code: Select all

<input type="text" name="name" tabindex="1" id="name" required="true" message="namemsg"/>
<input type="text" name="zipcode" tabindex="2" id="zipcode" validate="zip" message="zipcodemsg"/>
<input type="text" name="emailaddress" tabindex="2" id="emailaddress" required ="true" validate="email" message="email"/>
Don't you think , it's easier for designer to do this :) , and by somehow we can fetch the information from these attributes and validate data on both server and client base on these data .
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

too bad those'll fail validation.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Plus, it's trusting the client waaay too much (why should the client tell the server how to validate the data?)
User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

too bad those'll fail validation.
Why ?
it's trusting the client waaay too much
I don't trust the client
by somehow we can fetch the information from these attributes
Of course , not client way
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Why? Because you added non-standard attributes to the elements. That fails validation immediately.
User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

Ok , let me show you an example
This is one of form validation system i built before . But i can't complete it because i have some problems with array value (test[0] , test[1] , test[2] :cry: , and listbox , and i aslo confused with field id and field name , :oops: ) . This is some kind of template engine
<html>
<body>
<form id=myform action=test.php method=post validation="both">
Hello <input type=text name="test" validation="range:5-10;range-type:string"><br>
Hello <input type=text name="test2" ><br>
<input type=submit>
</form>
</body>
</html>
Will output

Code: Select all

<html>
<body>
	
<script language=javascript>
function validate_f5c31ba3f53a0b351f422cb01ea4dd2c(form) {
if (!form.getcontrol) form.getcontrol = function(id) {
	var ctrl = null;
	if ((ctrl = this[id]) || (ctrl = this.all[id])) {
		return ctrl;
	} else {
		return null;
	}
}
if (obj = form.getcontrol("test")) {
	if (obj.value.length < 5) 
	{
		alert("This field length must be larger than 5 and smaller than 10.");obj.focus();return false
	}
	if (obj.value.length > 10) 
	{
		alert("This field length must be larger than 5 and smaller than 10.");obj.focus();return false
	}
}
return true;
}
</script>
<form id="myform" action="test.php" method="post" onSubmit="return (validate_f5c31ba3f53a0b351f422cb01ea4dd2c(this));" >
<input type=hidden name="__ID__" value="f5c31ba3f53a0b351f422cb01ea4dd2c" />

		Hello <input type="text" name="test" id="test" /><br>
		Hello <input type="text" name="test2" /><br>
		<input type="submit" />
	</form>

</body>
</html>
The PHP code

This is the debug version , it looks like a mess :(

Code: Select all

<?

error_reporting(E_ALL);

session_start();

require "smartValidator.php";
$smartValidator = new smartValidator;
//smartvalidator::initialize();

if ($smartValidator->validate($form))
{
	print_r($form);
}
else echo $smartValidator->error();
$smartValidator->set("myform",$form);

$text = <<<EOF
<html>
<body>
	<form id=myform action=test.php method=post validation="both">
		Hello <input type=text name="test" validation="range:5-10;range-type:string"><br>
		Hello <input type=text name="test2" ><br>
		<input type=submit>
	</form>
</body>
</html>
EOF;

echo smartValidator_output($text);
//echo $text;

?>
In a released version , it should be

Code: Select all

<?

smartValidator::initialize();

$form = array();

if (smartValidator::validate($form,"formid"))
{

//validate ok


}
else
{

//invalid value

smartValidator::set('formid', $form); //set data back to user , and call him to re-enter value

echo "You got error : " . smartValidator::error();

}

?>
	<form id=formid action=test.php method=post validation="both">
		Hello <input type=text name="test" validation="range:5-10;range-type:string"><br>
		Hello <input type=text name="test2" ><br>
		<input type=submit>
	</form>
And what we gonna do is something similiar to this (we can't use mine , because when i found problem with ID and Name , i tried to fix it and it's a mess now :lol: , but we can reuse some function)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

I'd like to see the code for your SmartValidator class.

Because the form has to be validated on the server side, the PHP code has to know all about the form and the fields. That means that the designer should be able to create the simplest HTML form possible that just uses the same names and let's PHP generate all the form specific validation code. I am looking for something more like this for the HTML template:

Code: Select all

<html>
<body>
<script language=javascript>
{insert_generated_php_code_here}
</script>
<form id="myform" action="test.php" method="post" onSubmit="return (validateForm(this));" >
        Hello <input type="text" name="test" id="test" onChange="validateField(this);" /><br>
        Hello <input type="text" name="test2" id="test2" onChange="validateField(this);" /><br>
        <input type="submit" />
</form>

</body>
</html>
(#10850)
User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

arborint wrote:I'd like to see the code for your SmartValidator class.

Because the form has to be validated on the server side, the PHP code has to know all about the form and the fields. That means that the designer should be able to create the simplest HTML form possible that just uses the same names and let's PHP generate all the form specific validation code. I am looking for something more like this for the HTML template:

Code: Select all

<html>
<body>
<script language=javascript>
{insert_generated_php_code_here}
</script>
<form id="myform" action="test.php" method="post" onSubmit="return (validateForm(this));" >
        Hello <input type="text" name="test" id="test" onChange="validateField(this);" /><br>
        Hello <input type="text" name="test2" id="test2" onChange="validateField(this);" /><br>
        <input type="submit" />
</form>

</body>
</html>
You got the point ;)

This is what i mean the new way :) , designer just insert some attributes to input , and PHP will do the rest .
<input type=text name="test" validation="range:5-10;range-type:string">
He can also decide this form will be handle on server or client or both .
<form id=myform action=test.php method=post validation="both">
And what PHP do ( how SmartValidator work ) :

1) Parse for form
2) Parse for field in this form
3) Generate information about this form ( client validation javascript , server validation rule )
4) Enjoy !

I'll post my code soon but i must say this code is not clear (it's my and my friend's fault :cry: , i changed the code alot and forgot to back up the orginal version , too bad)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

quocbao wrote:He can also decide this form will be handle on server or client or both .
<form id=myform action=test.php method=post validation="both">
I would want the server side to control things rather than the client. Maybe if the templates were compiled into view and template code. But a client can completely circumvent the validation by just doing:

<form id=myform action=test.php method=post validation="none">
(#10850)
User avatar
quocbao
Forum Commoner
Posts: 59
Joined: Sat Feb 04, 2006 2:03 am
Location: HCM,Vietnam
Contact:

Post by quocbao »

As i mentioned , this is a template engine (a specular one) . It parses the template designed by designer , this template contains some addition attributes like "validation" or "message" added by designer to control validation system .
After parsing the template , the template engine will generate javascript for clientside or remeber validation rules for serverside by session or cache .

This is what client get :) , no "validation" attribute
<script language=javascript>
function validate_f5c31ba3f53a0b351f422cb01ea4dd2c(form) {
if (!form.getcontrol) form.getcontrol = function(id) {
var ctrl = null;
if ((ctrl = this[id]) || (ctrl = this.all[id])) {
return ctrl;
} else {
return null;
}
}
if (obj = form.getcontrol("test")) {
if (obj.value.length < 5)
{
alert("This field length must be larger than 5 and smaller than 10.");obj.focus();return false
}
if (obj.value.length > 10)
{
alert("This field length must be larger than 5 and smaller than 10.");obj.focus();return false
}
}
return true;
}
</script>
<form id="myform" action="test.php" method="post" onSubmit="return (validate_f5c31ba3f53a0b351f422cb01ea4dd2c(this));" >
<input type=hidden name="__ID__" value="f5c31ba3f53a0b351f422cb01ea4dd2c" />

Hello <input type="text" name="test" id="test" /><br>
Hello <input type="text" name="test2" /><br>
<input type="submit" />
</form>
If he want to disable validation system , he will have to change template content , and of course , he can't do this expect he's a system admin or someone who has permission .

You will understand clearly about this when i post the class :)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

quocbao wrote:You will understand clearly about this when i post the class :)
I look forward to seeing it. And I will try to hack something up to show doing it without the "f5c31ba3f53a0b351f422cb01ea4dd2c" and having to do code generation.
(#10850)
Post Reply