Form validation

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
jurriemcflurrie
Forum Commoner
Posts: 61
Joined: Wed Jul 06, 2005 7:14 am
Location: Den Haag, the Netherlands

Form validation

Post by jurriemcflurrie »

Hey all, I'm writing some kind of a framework and I'm doing the form-validation now. There's not much to it, but I wonder how to check if a username or id already exists in the db for example.

Do I have to include some data access in the Validation object, or do I have to write some checking in the Model? Does anyone have an example or tip?
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

Depends on the framework.. When using an MVC framework I generally have the framework test for authorisation (normally testing simply if the user_id exists in the session). Other validation (such as ensuring an email is valid etc) I have in a separate Validate class called like

Code: Select all

if (!Validate::email($email)) echo ("Email not valid whatever");
User avatar
jurriemcflurrie
Forum Commoner
Posts: 61
Joined: Wed Jul 06, 2005 7:14 am
Location: Den Haag, the Netherlands

Post by jurriemcflurrie »

Yes but what if you have a database with users, you don't want two users with the same username. You can't check that with regex..

Edit: I'm using the MVC pattern, witch still gives me a lot of head-aches. Everything has to be in the right place it seems..
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

The "Login page" is responsible for setting up the session variable $_SESSION['user_id'] using SQL directly without calling the Validate class to do it (unless you simply want to check for allowed characters.

Every page also uses an Authorisation class to simply check the value of the $_SESSION['user_id'] and is used to redirect if necessary.

The validation class itself is designed to be reusable whereas the Login page, due to SQL may have to be different for each project.
User avatar
jurriemcflurrie
Forum Commoner
Posts: 61
Joined: Wed Jul 06, 2005 7:14 am
Location: Den Haag, the Netherlands

Post by jurriemcflurrie »

I'm talking about a user creating an account, not about logging in. Sorry if I was not clear ;)
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

For registration the same principle applies...

In registration.php or whatever I normally process the $_REQUEST/$_POST results and normally first pass them through the validation class methods to check for illegal characters/lengths etc (also normally automatically trim). The registration.php then performs specific SQL to ensure no duplicates exists. In this way you are again keeping "common reusable" components away from project specific code.

If registration is sucessful you could also set the $_SESSION['user_id'] and redirect if necessary.
Post Reply