I was wondering what actually the best way for a solid form validation is.
JavaScript does a quite good jon, but it is not a base for a solid validation, because it can be manipulated or even disabled.
If you check the data with PHP and re-populate a form when an error occurrs, there are several problems with a post form.
- If the form is displayed without redirecting, then F5 will show a confirm box if the user wants to re-send the data, this is not really beautiful.
- If the user gets redirected to the form again, the data must be submitted by
GETorPOST. WithPOST, there is again the F5-Problem as mentioned above. WithGET, a problem exists when transferring values with a&inside (PHP guesses another parameter after the sign) - A third way would be to store the data in a database, e.g. SUBMITTRIALS or something like that. But then you’d actually have to clear the data after redirecting.
Another problem comes along with re-populating of the form itself: A code like this:
echo "<input type='text' value='".$val."' />";
is quite a problem if the variable $val contains a value containing apostrophes, this generates invalid HTML.
As you can see, there are quite much possibilities of failure in a form validation scenario. What would be the most reliable way to handle form-validation as described at top?
Server side languages are the only way to validate your form. You can store your form data in session or cookies for the same purpose. You can flush them once you are done with your validation. If you are having a problem with the quotes in your data then you can use PHP inbuilt function
addslashes()andstripslashes()to avoid them.