Hi

form handling is little bit confusing. what is the best way to handle form data and make sure it is valid.
i read couple of tutorial which state that some method break if hosting company does not have some settings enabled.
how i design form and handle data independent of host specific setting.

thanks

There are many ways to do this and there wouldn't really be any point in showing you one way or another because in the end individual examples don't teach the ideas behind techniques. The basic idea is to be able to take some data input into the system (by a form, etc.) and through some method screen, filter, examine it to verify that it is something you are willing to allow into the application. There is no "best way".

With regards to host settings getting in the way of scripts, did your tutorials give any examples of individual settings which might be a problem?

Thanks for reply

tutorial warned about register_globals and magic_quotes.

i came across html purifier and it solved the purpose for the time being and another thing i tested is PEAR html quick form 2. i read documentation and went through code and whenever i got stuck i refereed php manual. it seems difficult task at start but as i followed i got the idea of it.

now my situation is much better. but i will keep reading and playing till i am able to understand it completely and create my own class to validate code to learn.

I do almost all of my form validation using javascript, I only use php when it has to check something on the database, record comparisons or collisions. Isnt it better to check it without leaving the form page if possible? Im supposed to use AJAX for the database check too, but ive beeen assigned to do some other thing argh.

It's fine to use JavaScript, and better for usability. However, to use ONLY JavaScript to validate forms is very bad. JavaScript is a client-side scripting language and can therefore be manipulated, and disabled.

If you're going to validate using JavaScript, then you still need the validation in PHP.

__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.

NEVER use javascript for data processing, its use should be strictly stylistic. As Wild pointed out, javascript can be edited or disabled since the browser runs it.

__________________

Well, yeah, and I guess you can just make it submit to itself as an option to reduce the pages if you have to(some people just keep on making it a big deal). Thanks, Ive been trying to relearn a lot of bad ways that I picked up really so this helps, and redo what I did before too.

Use this theory and you will do well:
If it is handled by the browser it can be modified, if it is sent from the client it can be played with.

HTML, HTTP (GET, POST and Referrer to name a few) and Javascript are all client side.

__________________