Confirmation of user input, on the client side or on the server side? [PHP / JS]

Question

Confirmation of user input, on the client side or on the server side? [PHP / JS]

Is it better to check user input before sending it to the server using JS or a server with PHP? Or maybe it's worth doing both, to be safe?

I am creating a site (very simple at the moment) in which there is a member area / admin area / etc. At the moment, I only have user input of the user name and password, in the future there will be more (email address, address, etc.), But what is the best practice of data verification?

Do I need to impose "if ... else" instructions on it until the user corrects it? Or maybe there are separate variables for each value entered by the user and set it to true or false if it is correct or incorrect? (e.g. checking email to make sure it is in email format)

There are many ways to do this, but which ones would you suggest? I don't want to write 50 lines of code when I could do the job in 10 lines ... if that makes sense: p

Any help would be appreciated, thanks! :)

+5

input php validation client-side-validation

Shogun Jan 08 '12 at 19:17

source share

6 answers

.

, .

, PHP , , ASP.NET MVC .

+5

Daniel A. White 08 . '12 19:18

.

, , . . .

+4

Robin 08 . '12 19:19

, . . .

, , "" . .

0

user827080 08 . '12 19:20

, JavaScript, , - ? JavaScript , . , !

0

youngcouple10 08 . '12 19:20

. . . , , AngularJs. , Angular - .

http://angularjs.org/

http://docs.angularjs.org/#!/cookbook/advancedform

:

<input type="text" name="form.address.line1" size="33" ng:required/> <br/>
    <input type="text" name="form.address.city" size="12" ng:required/>,
    <input type="text" name="form.address.state" size="2" ng:required ng:validate="regexp:state"/>
    <input type="text" name="form.address.zip" size="5" ng:required
  validate="regexp:zip"/>

, , . . , .

PHP:

:

$formData = array (
    array(
     'ID' => "name",
     'validate' => '/.+/',
     'label' => 'Your name',
     'errorMsg' => "This field is required",
     'type' => 'text' 
    ),
 array(
         'ID' => "Phone number",
         'validate' => '/^[0-9+ ]+$/',
         'label' => 'Numer telefonu',
         'errorMsg' => "Please provide proper telephone number",
         'type' => 'text'
        )
);

Validator and form generator (sorry for the simple and dirty code here):

$s = '';
foreach ($formData as $input){
    $s .= sprintf('<label for="%s">%s</label>',$input['ID'],$input['label']);
    if (isset($_POST[$input['ID']]) && !empty($input['validate']) && !preg_match($input['validate'],$_POST[$input['ID']])){
        $error = true;
         $s .= sprintf('<div class="formErrorValidate">%s</div>',$input['errorMsg']);
    }
    if (isset($_POST[$input['ID']])) $htmlMsg = str_replace('%'.$input['ID'].'%',$_POST[$input['ID']],$htmlMsg);
    if ($input['type'] == 'textarea'){
        $s .= sprintf('<textarea name="%s" id="%s">%s</textarea>',$input['ID'],$input['ID'],(isset($_POST[$input['ID']])?$_POST[$input['ID']]:''));
    } else {
        $s .= sprintf('<input type="%s" name="%s" id="%s" value="%s"/>',$input['type'],$input['ID'],$input['ID'],(isset($_POST[$input['ID']])?$_POST[$input['ID']]:''));
    }

}

0

kaz Jan 08 '12 at 19:21

source share

Joseph Silber · Accepted Answer · 2012-01-08T19:18:51+0000

Server side validation should , client side validation plus .

, , - . .

, , , , . , .

, , . / , , , . - !

Confirmation of user input, on the client side or on the server side? [PHP / JS]

More articles: