Jump to content

How to set up server side validation in my submission form


Cory Duchesne

Recommended Posts

Here's a demo of my site:

 

www.ahiweb.ca/demo1/book.html

 

 

^ I have a php script which processes the info that is inputed into the form elements of my html page.

 

How much extra work and knowledge is it to tack on whatever code is required for server side validation?

 

Can anyone recommend me any tutorials that can help me with this? I did google searches, but the tutorials I've found are very opaque, and none of them have any videos.

Edited by Cory Duchesne
Link to comment
Share on other sites

Or you can use javascript to do local checking before submitting the form in order to avoid incomplete data submissions and then use the Server side validations to confirm the results as a double check. Do not depend solely on local javascript checks. Server side validation will be the better route to take as a security precaution.

Link to comment
Share on other sites

Or you can use javascript to do local checking before submitting the form in order to avoid incomplete data submissions and then use the Server side validations to confirm the results as a double check. Do not depend solely on local javascript checks. Server side validation will be the better route to take as a security precaution.

 

So how much xtra work and knowledge will it be to add server side validation? I don't mind learning new stuff, but I'm looking for a good walk through tutorial. Can anyone recommend me one?

 

The reason I want server side validation is because for the past year I used Dreamweavers client side validation tools (which I assume generates java script), but it hasn't worked very well, I get nonsense form submissions way too often. Some program fills in a bunch of nonesense in my fields, and then somehow bypasses the validation and I get a bunch of crap. I want to avoid this.

Link to comment
Share on other sites

Just looking at your Form and many of those fields are simply text, like names and addresses so they will be hard to validate.

Emails and Telephone numbers can be done using regex, but name, address and company names will be nearly impossible to validate.

If they are spam submissions, adding a captcha to the script might work to reduce some of the faulty submissions.

Or, another method is to add a "hidden" form field. If a Bot is filling out the form, they will complete the hidden input, but real people will not, so check to see if the hidden field is filled out and drop the form submission if it is completed.

Link to comment
Share on other sites

Welcome to the Web Developer dilemma! :P

 

We face this "Bot" related issues everyday. Best way is to add a Captcha which validates using Server Side scripts like PHP or ASP or .NET.

 

And as an added security what I do regularly is put a hidden form field which contains the SessionID as value. SessionID is generated on each new "session" a user creates. That ID will be the same until that person closes the window/tab with your website. So how does SessionID help? It prevent XSS (Cross Site Scripting) so when you process the form fields, just compare the SessionID with the hidden form field, which should be same, if not just die() or response.end() :D

 

Sorry if it's a bit hard to understand, but do a bit of research and u should find the answer.

 

I use RECaptcha as my captcha tool. http://www dot recaptcha dot net

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...