TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   how to do form handling(validation and security) in php (http://www.talkphp.com/absolute-beginners/4605-how-do-form-handling-validation-security-php.html)

planepixel 06-25-2009 05:31 AM
how to do form handling(validation and security) in php
 
Hi

form handling is little bit confusing. what is the best way to handle form data and make sure it is valid.
i read couple of tutorial which state that some method break if hosting company does not have some settings enabled.
how i design form and handle data independent of host specific setting.

thanks

Salathe 06-25-2009 10:30 AM
There are many ways to do this and there wouldn't really be any point in showing you one way or another because in the end individual examples don't teach the ideas behind techniques. The basic idea is to be able to take some data input into the system (by a form, etc.) and through some method screen, filter, examine it to verify that it is something you are willing to allow into the application. There is no "best way".

With regards to host settings getting in the way of scripts, did your tutorials give any examples of individual settings which might be a problem?

planepixel 06-26-2009 05:38 AM
Thanks for reply

tutorial warned about register_globals and magic_quotes.

i came across html purifier and it solved the purpose for the time being and another thing i tested is PEAR html quick form 2. i read documentation and went through code and whenever i got stuck i refereed php manual. it seems difficult task at start but as i followed i got the idea of it.

now my situation is much better. but i will keep reading and playing till i am able to understand it completely and create my own class to validate code to learn.

cecilia 06-26-2009 04:27 PM
I do almost all of my form validation using javascript, I only use php when it has to check something on the database, record comparisons or collisions. Isnt it better to check it without leaving the form page if possible? Im supposed to use AJAX for the database check too, but ive beeen assigned to do some other thing argh.

Wildhoney 06-26-2009 05:03 PM
It's fine to use JavaScript, and better for usability. However, to use ONLY JavaScript to validate forms is very bad. JavaScript is a client-side scripting language and can therefore be manipulated, and disabled.

If you're going to validate using JavaScript, then you still need the validation in PHP.

Village Idiot 06-26-2009 08:52 PM
NEVER use javascript for data processing, its use should be strictly stylistic. As Wild pointed out, javascript can be edited or disabled since the browser runs it.

cecilia 06-27-2009 12:20 AM
Well, yeah, and I guess you can just make it submit to itself as an option to reduce the pages if you have to(some people just keep on making it a big deal). Thanks, Ive been trying to relearn a lot of bad ways that I picked up really so this helps, and redo what I did before too.

Village Idiot 06-27-2009 01:19 AM
Quote:
Originally Posted by cecilia (Post 26153)
Well, yeah, and I guess you can just make it submit to itself as an option to reduce the pages if you have to(some people just keep on making it a big deal). Thanks, Ive been trying to relearn a lot of bad ways that I picked up really so this helps, and redo what I did before too.
Use this theory and you will do well:
If it is handled by the browser it can be modified, if it is sent from the client it can be played with.

HTML, HTTP (GET, POST and Referrer to name a few) and Javascript are all client side.


All times are GMT. The time now is 02:32 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0