Form validation

[Andy Haskins]

Does anyone know of any quick to implement yet effective form validation? Whether it be PHP or JS.

For some reason I always seem to choose a different solution when validating my forms but really need to look at streamlining the process...

 

[valuleadsnick]

Andy,

jQuery is always nice for Form Validations. There are a few out there that you could "Rip" from. I would show you a link but since my post count is only at 7 I cannot. Hopefully when I hit that post count of 10 it will work or just google "jQuery Form Validation" It's great to use jQuery it is user friendly!

 

[ljads_jerrold]

I second JQuery and wanna Add in HTML5 into the mix. HTML5 has some built in form validation that may suit what you need. just by adding the 'required' keyword to your input tag will force html5 to notify the user that field is required if they try and submit it.

Example

<form>
    <input type="text" name="first_name" id="first_name" required>
    <input type="submit" value="submit">
</form>

if you need regex validation as well you can add another 'pattern' parameter to the input object


Example (only accepts Letters, Spaces)/B]

<form>
    <input type="text" name="first_name" id="first_name" pattern="[A-Za-z-0-9]+\s[A-Za-z-'0-9]+" required>
    <input type="submit" value="submit" >
</form>

Wow I guess I necro'd the hell outta this post (facepalm)

 

[vnairabhinand]

Yes No need to validate each elements via code as jquery provides a plugin named jquery validate which is effective and will let us do the validation with minimum code and no need to think about the logic of validation at all.

Andy, the html5 validation is good but if the client side browser is not having that support it may cause db dumping hence the effective method is to use jquery validate and surveys shows that also.

Thanks

 

[PiQano]

i am always using Javascript to make it so fast

 

[laniii]

If your form interracts with database, you NEED to always use backend to validate form.
Javascript and jQuery is code that anybody can modify while browsing your site, never trust your visitors.

There is always that one who is looking exploits at your website.

Javascript is good with pre-validating form but its useless if there is that one guy looking for vulnerabilities.

I know this is old thread, but hope this post helps those who is thinking this same thing.

 

[church]

Andy how important is field validation?

 

[ljads_jerrold]

If you are using mysql I sugest looking into using PDO with field tokens.

$query = "SELECT * FROM admin WHERE password='$password';";

is just ripe to be taken advantage of with a sql injection. of course you can use mysql_real_escape_string() to help with that however a more elegant solution is the following...

$query = "SELECT * FROM admin WHERE password=:pass";			
			$stmt = $sql->prepare($query);
			$stmt->bindParam(':pass', $_POST['password'], PDO::PARAM_STR);						
			$stmt->execute();
			$stmt->setFetchMode(PDO::FETCH_ASSOC);
			$result = $stmt->fetch();

By using PDO you tokenize your variables and the bindParam function sets those variables to the proper TYPE (ie. string) and will escape any weirdness the user tries to send through. Plus this way you are not forgetting to every escape and sanitize any user input which is far more safer then trying to do it yourself.