validation PHP vs JAVASCRIPT

buzzby

which is best. javascript seems to be real easy to implement while my experiences with php havent been fruitful at all. javascript validation can be in a HTML file aswell as in a PHP file. so will turning the javascript off affect the PHP or HTML file or neither. i know that when you view source in a php file it returns exactly what you would see in a html file.

is there a simple php validation out there? someting to validate the fields irrespective of how the php file is. ie if the php file actually redirects to itself after the form is sent (the action is the same php file as the form)

sorry to sound confusing to some but i amreally not having a good day of it and i need some good sound validation that will not blank out my form upon submission which is what has been happening via php validation and javascript validation.

barand

If the validation can be done purely on the contents of the form(eg field cannot be blank, if a is one value then b can/not be another value, must be numeric etc) then javascript is good.

What it can't do is validate contents against a db (eg valid username) so then you need to do the check serverside.

If your form redirects to itself, set the values of the fields to <?=$_POST['fieldname']?> so they are refreshed with posted values.

hth

Pig

Javascript is generally a poor choice because it is client side, and can be easily disabled. It's rare that you should do something client side that you can do server side.

As far as easy validation, I find validating using PHP to be very easy. There serveral ways to do it, depending on your circumstances.

drawmack

I usually validate in both javascript and php.

This way if the user has javascript turned on then they get the error messages imediately without having to wait for a page reload (actually they can't leave the form field until the contents validate). So it's more user friendly and costs less on server load that way.

However I back it up with php testing so if the person get's around the javascript validation the data is still validated before I use it. Sometimes my php validation is also stricter because I can use the database and such.

For example in javascript I'll make sure the username and password are the correct lengths and contain valid characters then in php I'll redo those tests and also validate against the database.

buzzby

ok then. what is a good clean validation both in php and javascript that can be used on a form that is php and has sql coding and a confirmation script in it. what php javascript can be put into that one?

if it helps i will post up the actual php form code so you can see what i am dealing with

Foo

You use Javascript to perform any validation you trust the client themselves to do. Things such as, checking that they've selected the right number of boxes, checking they've entered an email address that is in the right format (has an @ sign somewhere in it, etc) and so forth.

You use PHP to perform all of that checking AGAIN, and additionally perform things like password validation (comparing it with the database) and other critical input validations that require accessing 'secret' information.

Why? Javascript is VISIBLE TO THE USER. Hence if you used javascript to compare a users given password with his real password, all he has to do is View Source, and he gets the real password anyway. Not smart.

However, we DONT just use PHP and forget about javascript. Why? Because there is a lot of basic validation which can be performed by the client's machine. The main advantage of this being that server traffic is reduced by not needing to revalidate the form continuously and transfer it across.