minimum validation required on forms?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am re-working my html/php forms, and am finding a lot of
semi-contradictory information on validation.

Heres the way I intend to handle forms:

1 - display form
2 - accept submission and validate
3 - redisplay indicating errors and populating form fields
     with data previously submitted
4 - repeat as needed
5 - process data

I'm doing everything in php as I can't rely on users having javascript

In the validation phase I can create routines to check for digits,
alpha, empty etc.  I am using htmlentities() on data to be redisplayed,
and html_entity_decode() to clean data up for e-mailing, processing, or
storing.  I should mention I'm using session variables to prevent
spoofing, but is there some extra step I should perform to prevent
malicious mischief?

While were on the subject, can anyone give me any good arguments on
using ereg or preg functions?

Re: minimum validation required on forms?

Quoted text here. Click to load it

Regular expressions are by far the most effective way to ensure your
input matches a template - thats why nearly every programming language
implements them. You play with regexes in PHP, Perl, Awk, C, C++,
Visual BASIC, Javascript, Java, SQL, Python, Ruby and more.

You don't even need to be brilliant at understanding the syntax - you
can also google for what other people have published to find more
complex things like UK national insurance numbers, email addresses,
ISBN's a fairly complete example for checking an email


I'd suggest sticking with preg - it's nearer to the regexes used in
Javascript and almost the same as Perl and awk. The regex language it
uses has reater functionality than Posix regexes (something to do with
negative look-ahead assertions). ISR reading something about ereg's
days being numbered as part of PHP.


Re: minimum validation required on forms?


on 04/10/2008 11:28 AM William Gill said the following:
Quoted text here. Click to load it

You may want to take a look at this forms generation and validation class:

It works as you describe, but it can perform both client side and server
side types of validation by generating the necessary Javascript to
validate the form before submitting, and do the same validations with
the class code. Here is a generic example:


Manuel Lemos

PHP professionals looking for PHP jobs /

PHP Classes - Free ready to use OOP components written in PHP /

Re: minimum validation required on forms?

William Gill wrote:
Quoted text here. Click to load it

You are correct not to rely on JavaScript for form validation. What I do
however is use JavaScript to do a "preflight" check, but rely on the PHP
to validate. JavaScript is not required but if it is available it can
alert the user of their mistake right away and not have to wait until
they post the form have it thrown back at them with a "do over".

Take care,

Site Timeline