Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 9 of 9
  1. #1
    Junior Member
    Join Date
    May 2012
    Posts
    4
    Member #
    31609
    Hi everyone,

    I have designed contact form with following values:

    First Name (Mandatory)
    E-mail (Mandatory)
    Phone (Optional)
    Message (Mandatory)

    I have validated this contact form using SpyValidation in Adobe Dreamweaver. Now, I would like to create server side validation, so it is validated if all mandatory fields are filled in, and check if any value is typed into optional text field before sending it off, and if successful next webpage called thankyou.html should appear where Thank you message appears. I have created both xhtml docs, but I'm struggling with PHP. Can anyone please help me? I have visited some links on forums, but unfortunately I'm not so good at it.

  2.  

  3. #2
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    If you have a JavaScript validation in place ... Why do a server side validation ?

    Typically... You would do one or the other... Not both...

    The benefit of client side validation over server side validation is on visitors with slow connections, they get almost immediate feedback if something is not filled in correctly... Server side may take a while...

    The only real benefit to server-side validation is if you're wanting to validate something against something they may bad submitted in the past ( compare )... Or if what you are asking them to submit is a particular format... JavaScript format validation can be quite complex....

    Not sure what you're trying to do here...

    Perhaps some more detail will help us understand

  4. #3
    Junior Member
    Join Date
    May 2012
    Posts
    4
    Member #
    31609
    I have done it few years ago, as I have lynda.com training, but now I don't have it and forgot how to do that. Basically I used to validate contact form by JavaScript first, and then by PHP on the server side as well, to make sure that all the information is filled in etc. I used to have spy validation on the client side, and php on server side, so action of the form was PHP file. Can't say much as I forgot most of it.
    For instance, what action do I need to assign to contact form if I want to have this validated only by JavaScript? So it gets validated, and then when clicked on submit, it is sent off to my email?

    The biggest downside of using javascript only is that user can have javascript disabled.

  5. #4
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    Use the post option

    And if they have JavaScript turned off... Perhaps I don't want to communicate with them... ?

    I guess it depends on the target audience... Perhaps a site about Internet security... A % of users may have JS turned off... But a general info or product site... You're gonna have very few that are that paranoid...

  6. #5
    Member
    Join Date
    Apr 2012
    Posts
    45
    Member #
    31415
    Liked
    13 times
    Quote Originally Posted by Webzarus, post: 235605
    If you have a JavaScript validation in place ... Why do a server side validation ?

    Typically... You would do one or the other... Not both...
    What? No. That's very wrong.

    Validation isn't just to inform a user when they did something wrong. It's also the first line of security for any site. A web developer should never inherently believe that the person accessing their site is:

    1. A person at all
    2. Is accessing the site with good intentions

    JavaScript validation is useless as a security measure because it can be turned off. That doesn't mean that JavaScript validation is entirely useless. It has value as a nicety to end users, but it should never, ever be the only validation layer.

    It's by far more common to employ both client and server side validation than it is to only use one. And if one is used, it needs to be server side.
    AlphaMare likes this.
    Moderator at PHPFreaks

  7. #6
    Member
    Join Date
    Apr 2012
    Posts
    45
    Member #
    31415
    Liked
    13 times
    @OP, to make something mandatory, simply check if it's empty. If it is, nothing has been sent in that field, which would be an error:

    Code:
    if (empty($_POST['name'])) { // if the name is empty
        // error
    } else {
        $name = mysql_real_escape_string($_POST['name']); // remember to ALWAYS escape incoming string data if it's going to be passed into a db
    }
    Moderator at PHPFreaks

  8. #7
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    I guess it depends on what info you are submitting ( or at least that is my opinion )...

    On a simple web form... JavaScript is all I use... For form validation... But from the back end... I check the path the user had before coming to the page... Any direct request for the contact page are bounced to the from page... Also, I have extensive filters in place for bots... Bot traps on the site... And a new thing I've been trying with a lot of success... A couple of "hidden" text area ( CSS visibility:hidden )... Bots don't look at the actual field... They just try to fill in anything that it sees as a form element... Any submission with anything in the hidden fields is automatically dumped into a junk.txt file for later review... And thei ip address is added to the bot filter...

    I have applications that require a lot of data entry... And I do use BOTH on them... But they are behind corporate firewalls or require a login just to get to those pages... Server side is required on most of those...

    I had many headaches using server side validation on just general web forms... If they are on a slow connection... They think by clicking the submit button several times will speed things up... Like visitors from Europe, Asia, etc... Most were probably on dial up too...

    He fix was... JavaScript validation ... They get immediate feedback on slow connections...

    Again, yes server-side validation is necessary for many things... But for the OP original request ( 4 fields)... I personally don't think it's a requirement... But if he doesn't have the ability to create bot trap or can't limit exposure to spammers and such... A captcha script will limit most of the garbage...

  9. #8
    Member
    Join Date
    Apr 2012
    Posts
    45
    Member #
    31415
    Liked
    13 times
    I'm just worried about a directed attack. After having the 'fun' of securing a Postfix mail server myself, I get kinda paranoid about someone trying to hijack a mail server.
    Moderator at PHPFreaks

  10. #9
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    That's why I send all "form submission" mail through a "relay" instead of submitting directly to the mail server...

    Relays have the ability to "limit connections"... And I can "authorize" only mail submitted from a particular IP address be "relayed"... Denies any outside request...

    Since my web servers and relay servers have internally mapped addreses...

    My timer script keeps mail coming from the web server limited to 1 per minute... ( best case , it takes 2 minutes to fill out and submit a form )... If more than 1 a minute comes from the same session... The session is killed, user ip added to the block filter...


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

contact form server side
,
dreamweaver php server side validation
,
how to use server side form validation registration php
,
php date validation dreamweaver
,
php server side validation in dreamweaver
,
server side form validation in php
,
server side validation in php
,
simple server side validation in php
,

user registration form with server side validation using php

,
validate a form using php server side
Click on a term to search for related topics.
All times are GMT -6. The time now is 12:54 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com