Cory Duchesne Posted October 17, 2009 Report Share Posted October 17, 2009 (edited) Here's a demo of my site: www.ahiweb.ca/demo1/book.html ^ I have a php script which processes the info that is inputed into the form elements of my html page. How much extra work and knowledge is it to tack on whatever code is required for server side validation? Can anyone recommend me any tutorials that can help me with this? I did google searches, but the tutorials I've found are very opaque, and none of them have any videos. Edited October 17, 2009 by Cory Duchesne Quote Link to comment Share on other sites More sharing options...
fazlionline Posted October 18, 2009 Report Share Posted October 18, 2009 Server side validation will take more time; instead you can use JavaScript to reduce the time and validate the form locally Or see the links bellow, it may help you. http://webdesign.about.com/od/forms/a/aa031599_2.htm http://javascript.about.com/od/validatingforms/Validate_Form_Content.htm Quote Link to comment Share on other sites More sharing options...
jlhaslip Posted October 18, 2009 Report Share Posted October 18, 2009 Or you can use javascript to do local checking before submitting the form in order to avoid incomplete data submissions and then use the Server side validations to confirm the results as a double check. Do not depend solely on local javascript checks. Server side validation will be the better route to take as a security precaution. Quote Link to comment Share on other sites More sharing options...
Cory Duchesne Posted October 20, 2009 Author Report Share Posted October 20, 2009 Or you can use javascript to do local checking before submitting the form in order to avoid incomplete data submissions and then use the Server side validations to confirm the results as a double check. Do not depend solely on local javascript checks. Server side validation will be the better route to take as a security precaution. So how much xtra work and knowledge will it be to add server side validation? I don't mind learning new stuff, but I'm looking for a good walk through tutorial. Can anyone recommend me one? The reason I want server side validation is because for the past year I used Dreamweavers client side validation tools (which I assume generates java script), but it hasn't worked very well, I get nonsense form submissions way too often. Some program fills in a bunch of nonesense in my fields, and then somehow bypasses the validation and I get a bunch of crap. I want to avoid this. Quote Link to comment Share on other sites More sharing options...
jlhaslip Posted October 21, 2009 Report Share Posted October 21, 2009 Just looking at your Form and many of those fields are simply text, like names and addresses so they will be hard to validate. Emails and Telephone numbers can be done using regex, but name, address and company names will be nearly impossible to validate. If they are spam submissions, adding a captcha to the script might work to reduce some of the faulty submissions. Or, another method is to add a "hidden" form field. If a Bot is filling out the form, they will complete the hidden input, but real people will not, so check to see if the hidden field is filled out and drop the form submission if it is completed. Quote Link to comment Share on other sites More sharing options...
BeeDev Posted October 21, 2009 Report Share Posted October 21, 2009 Welcome to the Web Developer dilemma! We face this "Bot" related issues everyday. Best way is to add a Captcha which validates using Server Side scripts like PHP or ASP or .NET. And as an added security what I do regularly is put a hidden form field which contains the SessionID as value. SessionID is generated on each new "session" a user creates. That ID will be the same until that person closes the window/tab with your website. So how does SessionID help? It prevent XSS (Cross Site Scripting) so when you process the form fields, just compare the SessionID with the hidden form field, which should be same, if not just die() or response.end() Sorry if it's a bit hard to understand, but do a bit of research and u should find the answer. I use RECaptcha as my captcha tool. http://www dot recaptcha dot net Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.