We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Data Form Validation


thegreypanther

Likes # 0

I am designing a website where the user enters data in a form, and this data is then used to access / retrieve records.
The data is simple, - forenames and surname.
I am trying to find a data validation routine (using Javascript) such that
a) the surname can't be blank
b) the surname must be alphabetic, - plus a wildcard symbol
and c) the surname must be more than 3 characters long.
Can anbody PLEASE recommend a routine that WORKS.
I have tried one in "Learning PHP & MySQL" by Davis and Phillips which DOESN'T work and trying to make it work is driving me nuts.

Like this post
Kemistri

Likes # 0

You should never validate form data by JavaScript. Depending upon how it is coded, around 10% of your visitors will find either a form that fails to function or a form that is not subject to any validation. If the latter is the case, it obviously presents a very easily utilised and serious security flaw to any malicious user, who simply needs to disable JS....

If you don't want to or cannot write your own PHP program that includes validation, that's understandable, but there 'net is full of resources for off-the-shelf PHP form processors. A few of which are actually very good. click here for one of them or search through Hot Scripts, etc. Even a basic array check that exits the program when bad words* are found is better than nothing. I have posted that before but I can do so again if you wish.

*Bad words, in PHP, does not refer just to foul language but to any content that you wish to block.

Like this post
thegreypanther

Likes # 0

Many thanks, Kemistri.
I'll give it a try, but I have a feeling that the suggested form (the Green Beast form) may be just a bit more exotic than I need.
All I am after is that the user enters a Surname (or part surname) with forename or an initial, and the input data is used to retrieve entries from a database.
I think that I'll think things out overnight, and see id there is a simple option somewhere.

Like this post
Kemistri

Likes # 0

It still needs to be secure no matter how simple the form fields may be. Otherwise, it's a bit of an open invite really. If you've ever seen a hacked site, you'll know what I mean. Security is partly down to good form data validation and partly down to tight programming that has no loopholes. As above, a bad words array is the absolute bare minimum fix, not perfect but better than nothing, so if you need that, let me know.

Like this post
Kemistri

Likes # 0

Oh, and I forgot to add that I think there are probably more digestible books than the O'Reilly title that you mentioned. Sitepoint has a good one that is more accessible, though I can't recall the title, and there are others that you can find on Amazon.

Like this post
thegreypanther

Likes # 0

You have me worried, Kemistri.
I've seen what can happen when a Guest Book gets attacked by spammers,and that was certainly incredibly unpleasant, - hundreds of entries, each crammed with links to Viagra / Cialis / gambling websites.
But is it possible to hack into a server simply by making an enquiry of a database by entering a surname / forename?
In my ignorance, I was simply hoping to prevent the user (making an enquiry)from getting a nil response, or too many records being returned.

Like this post
Kemistri

Likes # 0

"But is it possible to hack into a server simply by making an enquiry of a database by entering a surname / forename?"

Obviously not. But that's not exactly what hackers, or their bot programs, do. They enter code with the intention of testing for holes in the PHP program that runs the form and/or the PHP server itself. PHP has some powerful functions, which are necessary for one use or another, but can be used maliciously if left uncovered. Block that code at its source and it is pretty much secure, particularly if you set the program to exit when bad words are found. The fact is that anything that allows data to be written to or called from a server needs to be handled with a certain degree of care. The server can be made a tighter by configuring the php.ini file (or writing one if it doesn't exist).

The practice of inserting hundreds of unsavoury spam links, as you describe, is on the increase.

But it is not all that difficult to prevent it even if you have to use an off-the-peg script, just as long as whatever you choose is highly rated and you cross-check it against specialist PHP forums or security databases such as Secunia, which highlight flaws in many things, PHP scripts included.

I don't want to put you off -- just leave you forewarned.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV setup advice: Apple TV hacks to help you create the ultimate Apple TV hub in your home