client and server side validation

Question

Hi guys I wanted to know how to validate 3 things both server and client side.

database table product

my database looks something like this but they are over 400 data in it.

pid   name   size            
1     grey   12 inch          
2     blue   16 inch     
database table category

pid    category
1        vans
2        nike
database table itemised

pid      price
1        30.00
2        50.00

I have some fields I need to verify. I have already done a validation to check that it is not empty.

One of the field in my table looks like this

  <select id="Category" name="Category">
<?php
        dbconnect(); 
        $stmt = $conn->prepare("SELECT Name FROM Category WHERE pid=:id");
        $stmt->bindParam('id',$id);
        $stmt->execute();
        $i = 0;
         $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 
          foreach ($rows as $row) { 
        if ($i == 0) {

        echo '<option SELECTED value="'.$row['Name'].'">'.$row['Name'].'</option>
        ';
        }
        else {
        echo '<option value="'.$row['Name'].'">'.$row['Name'].'</option>';
        }
        $i++;
        }
    ?>
      </select>

it is not in a form rather a table. If you notice the size as number and letter it in.

My question More or less everyone familiar with developer tools to change posted value. I want to validation both client(JS) and client(php) to make sure that no one as mess up the value.

I did this to check that not of it is empty for an example if have normal

<option value="blue vans">blue vans</option>

not-normal

<option value="">blue vans</option> // in this one the value is `BLANKET` 

The js below check this

function isEmpty(aTextField,errormessage) //null may be used for errormessage to only change the colour of matching fields
{
    if (aTextField.value.length<=0)
    {
        if (lfield != aTextField || lfield === null) { fields[fields.length] = [aTextField,false]; } else { fields[fields.length-1] = [aTextField,false]; }
        lfield = aTextField;
        if (errormessage !== "")
        {
            if (counter < error_count || error_count == 0) { errors += errormessage+'\n'; } counter++;
        }
        return true;
    }
    else
    {
        if (lfield != aTextField || lfield === null) { fields[fields.length] = [aTextField,true]; }
        lfield = aTextField;
        return true;
    }
}

in php

function notEmpty($inputname,$error_message)
    {
        $this->js.='if (!isEmpty(formname.'.$inputname.',"'.$error_message.'")) return false;';
        if ( isset($_POST[$inputname]) && ( strlen($_POST[$inputname]) <= 0 ))
        {
            if ($error_message != null)
            {
                $this -> error_message .= $error_message.'<br>';
            }
        }
    }

Now you see how I have validate for blanket value for all of the options in my table How can i verify both in js and php

for the size it will be kinda simple if i didnt have inch at the end but changing over 1000 data in a database will be a pain.

Any idea how I can do this please???

I hope I have explain this clearly and if not please leave a comment and I will try and rephrase the question.

Thanks

Answer 1

I would use regular expressions for both Javascript and php. You can use the same pattern in both languages, so u don't have to write it twice.

php-check for the size:

<?php
if(!preg_match("/^[0-9]+ (inch|othervalue1|othervalue2)$/",$_POST[$inputname]){
    $this -> error_message .= 'Wrong Value<br>';
}
?>

For JS, you can take a look at this: http://www.w3schools.com/jsref/jsref_obj_regexp.asp

This might do the trick in JS, but not tested yet:

function checkSize(value){
    var patt=new RegExp("^[0-9]+ (inch|othervalue1|othervalue2)$");
    return patt.test(value);   //returns false for wrong value
}

Furthermore I would suggest to make 2 columns for both value and unit. It would give you several advantages.

Answer 2

您可以使用intval将字符串大小转换为整数，例如intval('12 inch')将返回12。

Answer 3

Try preg_match("/(\\d+) inch/", $input_str) or similar to test whether your desired regular expression matches.

You should also be escaping (html special entities) all variable to your HTML output. Otherwise angle-brackets will break the page.

At least you're using prepared statements on the DB side.. thank God. One out of three seems to be good for a PHP "application".

Answer 4

Just to provide you with an alternative way of validating.

You could also post the form via ajax so you only have to validate server-side:

$('#myForm').ajaxForm({
    dataType: 'json',
    success: function(response) {
        if (response.error) {
            alert(response.error);
        } else {
            $('#myForm').text(response.message);
        }
    }
});

(This is assuming you're using the jQuery plugin http://malsup.com/jquery/form )

Then in you're PHP you should check whether the current request is ajax:

function isAjax() {
    return !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && 
        strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'
}

...
if (isAjax() {
    $response = array();
    if (!empty($this->error_message)) {
        $response['error'] = str_replace('<br>', "\n", $this->error_message);
    } else {
        $response['message'] = 'Form submitted';
    }
    header('Content-type: application/json');
    echo json_encode($response);
    exit;
}