• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Help with php code

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,147 (2.96/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
just wanted to throw the library mentions in there, before people try building something out of html 5 validation

Very true. JQuery will work on more browsers than HTML5 will, that's for sure. :toast:
 
Joined
Feb 8, 2012
Messages
3,012 (0.68/day)
Location
Zagreb, Croatia
System Name Windows 10 64-bit Core i7 6700
Processor Intel Core i7 6700
Motherboard Asus Z170M-PLUS
Cooling Corsair AIO
Memory 2 x 8 GB Kingston DDR4 2666
Video Card(s) Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s) Dell P2414H
Case Corsair Carbide Air 540
Audio Device(s) Realtek HD Audio
Power Supply Corsair TX v2 650W
Mouse Steelseries Sensei
Keyboard CM Storm Quickfire Pro, Cherry MX Reds
Software MS Windows 10 Pro 64-bit
not to be a dick here but html5 already does a lot of your more basic form validation. you don't need to spend time coding something up to cover for empty fields or numbers where letters should be. just fyi to the OP.

Client side validation is more for the client's sake than for the server's. It makes more sense to stop a user prior to POSTing the form when validation fails and telling the user as opposed to only carping if data wasn't passed forward properly by the time you get to PHP, but regardless of client side validation you want to make sure data is correct by the time it enters the server.

Example for what Aquinus said are username and email fields on the registration form.
  • On client side you should check if username is long enough, has only allowed characters and for email if it's right format.
  • On server side you should check if username or email already exist in the database users table.
Some user registration forms may do all validation on server side, but none can do all validation on client side.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,957 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
On client side you should check if username is long enough, has only allowed characters and for email if it's right format.
On server side you should check if username or email already exist in the database users table.

and also check on server side that it's long enough, has allowed characters etc. javascript is very easy to bypass
 
Top