Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,007
    Thanks
    59
    Thanked 10 Times in 10 Posts

    clients side and server side form validation in the same form

    I just wanted to check if it was possible to do clients side and server side form validation in the same form. I think it should be ok, but it may be a bit complex. The reason it my forms a so big that I want the user experience to be a best as possible. So when all the client side validation is done I wil move on to server side validation.

    Is this a good idea?


  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,853
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Ajax ?
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,007
    Thanks
    59
    Thanked 10 Times in 10 Posts
    That would be good I guess,although I've got a bit of a learning curve there!


  • #4
    Senior Coder
    Join Date
    Jan 2005
    Location
    Memphis, TN
    Posts
    1,785
    Thanks
    8
    Thanked 131 Times in 129 Posts
    mootools has a fairly simple validation script you can use. Here's a nice example to show how easy it is. You should be able to do client side validation on the fields with this and then pass it to the server from there.

    http://zend.lojcomm.com.br/fvalidator/
    Stop making things so hard on yourself.
    i is tugbucket :: help raise tugburg :: Whitehaven Kiwanis

  • #5
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,639
    Thanks
    0
    Thanked 649 Times in 639 Posts
    You do the client side validation using JavaScript. Ajax is only required if a server side lookup is required as a part of that validation - most of the time it wont be necessary.

    The server side validation is then done AFTER the form is submitted.

    Each serves a different purpose. The client side validation reports errors to the person filling out the form to allow them to fill it out correctly before they try to submit it. The server side validation is the essential one which makes sure that the form content is valid regardless of whether the person filling it out had JavaScript enabled or not.

    You can't do the server side validation via Ajax as that then places it under your visitors control and they can turn it off and submit anything at all in the form.

    Make sure that the server side validation is thorough and doesn't allow anything through that is not acceptable data. The client side validation does not need to be as thorough since the server side validation will still catch any errors that the client side missed. Testing client side for situations that will rarely occur and which require a huge amount of code to test will detract from rather than enhance visitor experience.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #6
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,853
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Some server-side validations like "Check the username/email are already taken" can be done by ajax if there is Javascript support.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #7
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,037
    Thanks
    2
    Thanked 316 Times in 308 Posts
    No, you cannot trust any data that is submitted to the server. It must be validated after it has been submitted.

    A bot script could send http requests that satisfies your AJAX server side script (assuming that your script is keeping track if validation was successful) with a single valid email address and then submit a list of email address or a list containing an html encoded BCC:... to the actual form processing code.

    The form processing code is the last and most important line of defense. It must check all input it receives.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #8
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,007
    Thanks
    59
    Thanked 10 Times in 10 Posts
    OK, ill just keep my server side stuff the way it was then. However even Yahoo registration form looks like it uses ajax for registration


  • #9
    Senior Coder gnomeontherun's Avatar
    Join Date
    Sep 2007
    Location
    Houston
    Posts
    2,846
    Thanks
    10
    Thanked 238 Times in 229 Posts
    Yahoo has also developed a large library of code called YUI, including Ajax functions. So yes they use Ajax, but they don't abandon server side validation. Its true, if someone doesn't have JS on, Ajax fails and you have to make sure things are validated on the server. You can have a hybrid of a page which when JS is on will do the validation through Ajax while its inputted and when JS is off does it all at the end. Depends on server load and such.
    jeremy - gnomeontherun
    Educated questions often get educated answers, and simple questions often get simple answers.

  • #10
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by abduraooft View Post
    Some server-side validations like "Check the username/email are already taken" can be done by ajax if there is Javascript support.
    But you would want to re-run that check on the server once the form has been submitted anyways.
    OracleGuy


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •