...

View Full Version : Form validation



peteraub
01-07-2004, 05:37 AM
I have a simple script with one form field which needs to be validated. The problem is that if the validation script proves true the alert box comes up but once OK is clicked the form keeps on going to the next page as stated in action parameter.

Here is the script. If anyone can see my mistake and point it out to me that would be great.

<head><title> Page title</title>
<SCRIPT LANGUAGE="JavaScript">
function validate() {
if(document.form1.choose.selectedIndex == "") {
alert("Please select either cancel or confirm.");
return false;

}
return true;
}
</SCRIPT>
</head>

<form name="form1" method="post" action="process_cancel_confirm.php" >
Please choose your option from the list.
<select name="choose">
<option selected>-Select-</option>
<option>Cancel</option>
<option>Confirm</option>
</select><br />
<input type="submit" value="Submit" onClick="validate();"/>
</form>

glenngv
01-07-2004, 05:57 AM
<html>
<head>
<title> Page title</title>
<SCRIPT LANGUAGE="JavaScript">
function validate(f) {
if(f.choose.selectedIndex < 1) {
alert("Please select either cancel or confirm.");
f.choose.focus();
return false;

}
return true;
}
</SCRIPT>
</head>
<body>
<form name="form1" method="post" action="process_cancel_confirm.php" onsubmit="return validate(this)">
Please choose your option from the list.
<select name="choose">
<option selected>-Select-</option>
<option>Cancel</option>
<option>Confirm</option>
</select><br />
<input type="submit" value="Submit" />
</form>

</body>
</html>

glenngv
01-07-2004, 06:05 AM
But why not make it simpler?

<html>
<head>
<title>Confirmation Page</title>
</head>
<body>
<form name="form1" method="post" action="process_cancel_confirm.php">
Please click Confirm or Cancel. <br />
<input type="submit" name="btn" value="Confirm" />
<input type="submit" name="btn" value="Cancel" />
</form>
</body>
</html>

Then in your php page, check the value of "btn" to know which button was clicked.

peteraub
01-07-2004, 07:56 AM
thanks for your help guys.
It works fine

Kor
01-07-2004, 09:39 AM
But why not make it simpler?


I guess most of the time is better to let a client-side application to do the simple validation. I always do that, to avoid unecessary calling the server for the server-side application (which means sometimes a longer time to reload/reconnect for the client).

Caffeine
01-07-2004, 10:03 AM
I guess most of the time is better to let a client-side application to do the simple validation.

No no no!

Neither way is better; both should be implemented if you ask me,
client-validation for those who have support for it, and the server-sided validation as the final step to ensure there were no attempts to bypass the clientsided validation, and for those that for whatever reason have the js-support disabled.

Never skip the server-sided validation when data is to be validated/saved/processed!

glenngv
01-07-2004, 10:18 AM
But in this particular case, the 2nd solution I posted is the simplest way to do it. No more validation (client-side or server-side) and user-friendlier. Don't you agree?

BTW, I agree with Caffeine.

Kor
01-07-2004, 10:43 AM
Glenn - yes in that particular case it might be so but I was just pointing theoreticaly.

Caffeine - yes, of course, that supposed to have been already known. Always double the essential validations with a server-side application. Not mainly for those who might have disabled javascript (they must have known that disabling it will narrow their surfing capabilities) but to avoid malicious attacks on server (for instance is better to limit any input entrance to 255 characters, to avoid a 256 lenght code able to flood a server, or other unpleasent attacks)

glenngv
01-07-2004, 11:00 AM
...and to avoid bypassing javascript validations, that is, even javascript is enabled. For example, we can reset onsubmit handler where the validation occurs by typing javascript codes in the address bar or executing a bookmarklet.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum