PHP or Javascript validation

ethought

I am sure this question has been asked before, so a link to those discussions would be good enough.

But I am wondering if anyone has any recommendations on whether you should use javascript to validate form data or use PHP to validate the form data.

My initial thought is that client side validation would be quicker, but I am looking for others views on this.

Thanks

dalecosp

The absolute best approach, IMHO, would be to use both types. JS to avoid "luser" mistakes ("that doesn't look like an email address to me", etc.) and PHP for re-validation to make sure you're not being SQL injected, HTML tagged to disrupt output appearance or attempt system calls, etc. That said, I know much less of JS than PHP, so I tend to do it all server-side; however, some folks around here have pointed out that you save the users time and bandwidth by alerting them to the foibles before the form is actually submitted....

I wish I could remember a good thread, but I imagine you can press the "search" button as well as I can ...

HTH, 🙂

ethought

Thanks for the quick answer. So if I can ask, how do you handle error messages using server side validation?

For example, if I had a textfield and just to the right of that I wanted to display the error message associated with that field, how do I do that using server side validation? I know that in my php code, I just need to call that same page again, but what HTML element can you use to store messages like that and can be blank when needed?

If this isn't an appropriate question for this forum, I can have it moved.

Thanks.

dalecosp

I suppose there'd be lots of ways.

//form.php:
<?php
if ($_GET['error']=="name") {
   $error1="You didn't enter your name!!</font>";
   }
echo "<html>\n<form action=\"handler.php\" method=post>";
if ($error1) {
   echo "<font color=red>\n";
   }
echo "\nEnter your name: ";
echo "<input type=text name=uname>";
echo $error1."\n<br>\n";
echo "<input type=submit value=\"Submit\">\n";
echo "</form>\n</html>";
?>

//handler.php:
<?php
if ($_POST['submit']) {
   $name=$_POST['uname'];
   if (!$name) {
      header("location: form.php?error=name");
   }
   else {
      header("location: members.php");
   }
else {
   header("location: form.php");
   }
?>

Extremely elementary example, I guess....

HTH,