 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / HTML, CSS, Scripts / HTML / July 2008what is <form> useful for?
hello guys, I've got a curiosity... If I want to do a form with plain HTML and a scripting server-side (such as php) I'd write something like this: <form name="input" action="plain_html_form.php" method="post" > Username: <input type="text" name="user"> <br /> Email: <input type="text" name="email"> <br /> <input type="submit" value="Submit"> <br /> </form> and then from php I'll get the parameters as $_POST['user'] and $_POST['email'] and that's alright... BUT, if instead, I want to check the parameters before to send them to the server, as I usually I do, I would use javascript... With javascript I usually check if the fields are filled up correctly and then I let javascript send them to the server, so I don't use the form tag becuase I don't need it. Is this method wrong? Are there any downside I don't know? thank you in advance, Andrea > hello guys, > [quoted text clipped - 25 lines] > > Are there any downside I don't know? And when JavaScript is disabled?  SignatureTake care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com > And when JavaScript is disabled? Then it breaks and the visitor has a decision to make... >> And when JavaScript is disabled? > > Then it breaks and the visitor has a decision to make... Poor choice of design implementation. SignatureTake care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com > >> And when JavaScript is disabled? > > > > Then it breaks and the visitor has a decision to make... > > Poor choice of design implementation. Actually, where Travis is concerned, good on you, Jonathan, in getting the good message out there. He is hoping we will tire and he will get his post-modernist/free-market/each-to-his-own take on objectivity to swamp the battlefield. Signaturedorayme > Actually, where Travis is concerned, good on you, Jonathan, in getting > the good message out there. He is hoping we will tire and he will get > his post-modernist/free-market/each-to-his-own take on objectivity to > swamp the battlefield. There you go again dorayme, telling someone what I was thinking. You haven't a clue what I am thinking. I simply stated that when a visitor comes to a page that is not configured for their browser, they have to make a choice. Change the browser, or go away. -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travie Newbury <http://travisnewbury.blogspot.com/> Flash Crap >> Actually, where Travis is concerned, good on you, Jonathan, in getting >> the good message out there. He is hoping we will tire and he will get [quoted text clipped - 5 lines] > visitor comes to a page that is not configured for their browser, they > have to make a choice. Change the browser, or go away. And my point is there is and|or should be a certain level of competency in web design. Sure you can find an autobody shop that employ duct tape and spray-paint repairs, but doesn't make them competent, and I certainly you not advocate the methodology. SignatureTake care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com > And my point is there is and|or should be a certain level of competeny > in web design. Sure you can find an autobody shop that employ duct > tape and spray-paint repairs, but doesn't make them competent, and I > certainly you not advocate the methodology. One man's "competent" is another man's fool. Someone you may see as an expert, I might see as an amateur. It completely depends on what your viewpoint of an expert is. The web is way to big to have rules on how we present content to the visitor. Yes, have syntax rules for HTML. Have syntax rules for CSS. But don't have rules about how someone might put the two together. I think people (self included) get so focused on the leaf that they completely miss the forest. -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap >> And my point is there is and|or should be a certain level of competeny >> in web design. Sure you can find an autobody shop that employ duct [quoted text clipped - 10 lines] > think people (self included) get so focused on the leaf that they > completely miss the forest. Depends on what the leaf is covering... > -- > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap ^ Childish indulgence. SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds On Jul 25, 3:23 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ fliam.php> wrote: > > -- > > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > ^ Childish indulgence. actually playingt with usenet and on google ranking. > On Jul 25, 3:23 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ > fliam.php> wrote: [quoted text clipped - 6 lines] > > actually playingt with usenet and on google ranking. If you actually want to increase your "GR", I have a easy, sure-fire, ironically-apt way. When the spammers spam my formmail, their spam is really pretty easy to id. In such cases, I redirect the form page to my site, increasing my hits-per-day. Ergo, spam can be beneficial after all. SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds In article <721c93c1-4bea-40e7-9d26-ed93dccfdb4d@a2g2000prm.googlegroups.com>, > One man's "competent" is another man's fool. Someone you may see as an > expert, I might see as an amateur. Yes, of course, there is no fact of the matter, everything is relative to everything else. That you see something one way does not in any way mean you are wrong or superficial or uninformed or biased. Any attempt to show otherwise is easily parried by you with more of the same garbage. W hat is like to live in such an intellectual closed loop that is in no way able to be influenced by anything outside? Is it an interesting sort of vacuum? Signaturedorayme > What is like to live in such an intellectual closed loop that > is in no way able to be influenced by anything outside? Is it an > interesting sort of vacuum? It's like being on the lesser side of a killfile... :) SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds On Jul 25, 10:55 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ fliam.php> wrote: > It's like being on the lesser side of a killfile... Kill files are meaningless to the message poster. -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > On Jul 25, 10:55 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ > fliam.php> wrote: [quoted text clipped - 7 lines] > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap On the contrary, I believe that the killfiler is much more adversely affected by his action than is the killfilee. Frustrated, self-limiting people are generally their own worst enemies. SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds On Jul 26, 3:34 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ fliam.php> wrote: > > Kill files are meaningless to the message poster. > On the contrary, I believe that the killfiler is much more adversely affected > by his action than is the killfilee. Frustrated, self-limiting people are > generally their own worst enemies. I think we are saying the same thing. -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > On Jul 26, 3:34 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ > fliam.php> wrote: [quoted text clipped - 12 lines] > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Um, okay. Sounded kinda different, but hey, I know you've been intercoursing recently with dorayme. SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds I've just been following this rilly *rilly* useful thread. So tell me: just how many angels *were* there on that pinhead? > I've just been following this rilly *rilly* useful thread. > > So tell me: just how many angels *were* there on that pinhead? 16 In article <91fa1180-f4f2-4e22-bcf3-d52a5dd02c6c@s50g2000hsb.googlegroups.com>, > > I've just been following this rilly *rilly* useful thread. > > > > So tell me: just how many angels *were* there on that pinhead? > > 16 Ah, such wit! Such economy! Compressed e e cummings himself! Mr Newbury should go far, we feel. A seat in Parliament beckons (doubtless for the district of Great Cobblers), with a house in the country. > > 16 > Ah, such wit! Such economy! Compressed e e cummings himself! Hardly e e cummings, but it was an appropriate response to your post. > Mr Newbury Just Travis, not need for formalities we are all friends here. > should go far, we feel. We? We? > A seat in Parliament beckons f.ck Parliament, or politics in general. > (doubtless for the district of Great Cobblers), with a house in the > country. 3 homes actually, my primary home in Atlanta, one in San Diego, and a condo in Orlando (3 miles from Disney) Though I must admit the home in San Diego was inherited from my father in-law. -- Travis Flash Crap: http://travisnewbury.blogspot.com >>> 16 >> Ah, such wit! Such economy! Compressed e e cummings himself! [quoted text clipped - 19 lines] > condo in Orlando (3 miles from Disney) Though I must admit the home in > San Diego was inherited from my father in-law. Inheritance is much maligned, though I don't know why. Wealth ought to be able to be conveyed. I find the notion that the government thinks that it ought to be entitled to wealth earned to be absurd. I mean, ok, I worked for it, I earned it, as long as I have it while I'm alive I can (pretty much) own it. But, when I die? The government gets it to re-distribute to those who just sit on their a.ses waiting? Nah, can't get my head around that concept. You want wealth? Go work for it. Otherwise, well, sorry. Life isn't fair. Those who can do, those who can't wait for the government to take it away and give it to them. Lovely freaking formula for success. SignatureEd Mullen http://edmullen.net It feels so good, knowing the watchman's gone. - Gordon Lightfoot > Wealth ought to be able to be conveyed. I find the notion that the > government thinks that it ought to be entitled to wealth earned to be > absurd.... Don't even get me started! -- Travis Flash Crap: http://travisnewbury.blogspot.com >> Wealth ought to be able to be conveyed. I find the notion that the >> government thinks that it ought to be entitled to wealth earned to be [quoted text clipped - 5 lines] > Travis > Flash Crap: http://travisnewbury.blogspot.com Yeah, me too. Sorry about that! ;-) SignatureEd Mullen http://edmullen.net If an orange is orange, why isn't a lime called a green or a lemon called a yellow? In article <bf4a840a-1017-4c00-addb-8f60af480edb@n33g2000pri.googlegroups.com>, > > Actually, where Travis is concerned, good on you, Jonathan, in getting > > the good message out there. He is hoping we will tire and he will get [quoted text clipped - 5 lines] > visitor comes to a page that is not configured for their browser, they > have to make a choice. Change the browser, or go away. Given the constancy of your postings on this sort of thing, you are meaning to make a more general point than simply telling us what is blindingly obvious. Why would you simply be telling everyone the bleeding obvious? O wait, of course, I nearly forgot, you are demonstrating your continuing role as Chief Guardian of the motherhood statement. Signaturedorayme > Why would you simply be telling everyone the bleeding obvious? O wait, > of course, I nearly forgot, you are demonstrating your continuing role > as Chief Guardian of the motherhood statement. Apparently it is not so obvious to everyone or I would not find the need to state it. -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap In article <bbd13452-2bfb-48c1-b069-f8cd0e00a949@c58g2000hsc.googlegroups.com>, > > Why would you simply be telling everyone the bleeding obvious? O wait, > > of course, I nearly forgot, you are demonstrating your continuing role > > as Chief Guardian of the motherhood statement. > > Apparently it is not so obvious to everyone or I would not find the > need to state it. Care to be more specific? Do you think Jonathan Little is such an idiot that he cannot see the bleeding obvious? He may be a guy who likes to be 'on message' at all times and not one to dissect your insinuations in detail, but you must be living in a bubble if you don't know that he knows that a surfer can either suck it or leave it with a webpage. Can't you see that he pays you a compliment and is arguing against what he thinks are deeper assumptions or positions? He does not know what I know about you. You have no position, that what we see is what we get, impossible-to-disagree-with motherhood statements. He sees only your statements here. But I have men all over the show reporting back to me and they tell me that you walk the streets with sandwich boards, on the front of which is stuff like, "the world will end tomorrow" and on the back of which there is stuff like "the world will not end tomorrow". You have been seen at the races betting on horses and quickly covering your bets on the same horses. And grimly being happy to pay for the slight loss in bookie rewards for the pleasure. You have up 4 shrinks chasing after you at any one times begging you to return to their couches... You can't fool me Travis. But good luck with the others. Signaturedorayme > Do you think Jonathan Little is such an idiot > that he cannot see the bleeding obvious? Nope not at all. But I do think that some of readers of the thread that don't post are. They need to hear more than the party line on web development paradigms. > Can't you see that he pays you a compliment and is arguing against what > he thinks are deeper assumptions or positions? Yes, and so? > He does not know what I know about you. So, we are the resident Newbury expert are we? > You have no position, that what > we see is what we get, impossible-to-disagree-with motherhood > statements. For a Newbury expert you seem to lack understanding about me and what I think. Perhaps you are not the expert you say you are... -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap >> Why would you simply be telling everyone the bleeding obvious? O wait, >> of course, I nearly forgot, you are demonstrating your continuing role [quoted text clipped - 8 lines] > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap It ain't obvious to me. What's the "motherhood statement"; -everyone who ain't cool to the implicit observer is a mutha or what? SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds On Jul 25, 10:58 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ fliam.php> wrote: > It ain't obvious to me. What's the "motherhood statement"; -everyone who > ain't cool to the implicit observer is a mutha or what? What dorayme is trying to say is that I make a statement like "Use the technology that brings you the most business" She thinks that a a no- brainer and there is no need to even mention it in the group. The "Motherhood statement" there is no real argument to the statement. You can't come back with "No you should do things that make you less money" If I did not state the "obvious" then silent readers would only be give the party line "flash is evil", "don't use javascript","fixed width sucks" bla bla bla... Newbees and the silent type need to understand that there is another line of thought when comes to web development. -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap >> It ain't obvious to me. What's the "motherhood statement"; -everyone who >> ain't cool to the implicit observer is a mutha or what? ... > If I did not state the "obvious" then silent readers would only be > give the party line "flash is evil", "don't use javascript","fixed > width sucks" bla bla bla... Newbees and the silent type need to > understand that there is another line of thought when comes to web > development. So is this my cue to complain about your broken sig separator and your intentionally obnoxious sig? You know, lest the "silent readers" fail to understand that there is another line of thought when it comes to netiquette? > -- > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap SignatureJohn Yes, I know you're using GoogleGroups and, yes, I know GG breaks sig separators. Doesn't make it right. The UIP: http://improve-usenet.org/ On Jul 26, 3:17 pm, John Hosking <J...@DELETE.Hosking.name.INVALID> wrote: > So is this my cue to complain about your broken sig separator and your > intentionally obnoxious sig? You know, lest the "silent readers" fail to > understand that there is another line of thought when it comes to > netiquette? I believe you are right... -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > On Jul 25, 10:58 pm, Neredbojias <me@http://www.neredbojias.net/_eml/ > fliam.php> wrote: [quoted text clipped - 20 lines] > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap > Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap I agree with you. What is obvious to some will invariably not be obvious to others. One can't assume that even what may seem blatantly apparent to all from one's own point of view is _the_ universal point of view for all cultures and societies. Hell, nowadays lots of human tribes even cross traditional lines by espousing jerkisms like trust your politicians and women are equal. SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds In article <51a9a657-f04e-4cbe-9b20-eaaf5237467d@79g2000hsk.googlegroups.com>, > If I did not state the "obvious" then silent readers would only be > give the party line "flash is evil", "don't use javascript","fixed > width sucks" bla bla bla... Newbees and the silent type need to > understand that there is another line of thought when comes to web > development. The average silent type is not so stupid as to suppose everyone thinks that flash is evil, they would not get just that message from this group. If a particular silent type was so stupid as to get that idea, along with the idea that all tables are bad, then you should show a bit of respect for the general intelligence and wait for such incredible misunderstanding to surface. Where the hell do you really think you are, Travis? Kindergarten? I teach babies CSS/HTML (I am fully qualified at this level but no higher) and don't talk to them like this. And don't you be telling me about the silent type. Deep inside of me is a very strong silent type bursting to get out. I am perfectly well acquainted with it. It wants to get its hands around Boji's schmuck neck. I repress and condemn it to silence. Signaturedorayme > Where the hell do you really think you are, Travis? Kindergarten? Actually sometimes I do... > And don't you be telling me about the silent type. Jeeze has it been 29 days already? -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap >> Where the hell do you really think you are, Travis? Kindergarten? > [quoted text clipped - 3 lines] > >Jeeze has it been 29 days already? How funny coming from a 'guy' who has a driving need to boast about his huge ego. SignatureEd Jay (remove 'M' to reply by email) Win the War Against Breast Cancer. Knowing the facts could save your life. http://www.breastthermography.info >>> Where the hell do you really think you are, Travis? Kindergarten? >> [quoted text clipped - 6 lines] > How funny coming from a 'guy' who has a driving need to boast about his > huge ego. Travis is a natural marketing-type who learned how to sell short in his teenage years. SignatureNeredbojias http://www.neredbojias.net/ Great sights and sounds > How funny coming from a 'guy' who has a driving need to boast about his huge > ego. you misspelled penis.. But huge ego still works for me. And on a side note.... Who would have guessed, there is actually a website to help someone name their penis (but when your packing something like Beefy McManstick, the name just comes naturally) -- Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap Travis Newbury <http://travisnewbury.blogspot.com/> Flash Crap >>> And when JavaScript is disabled? >> >> Then it breaks and the visitor has a decision to make... > >Poor choice of design implementation. Ok, so ....you can you check if the fields are filled up correctly - (before - treating the form in php) without using javascript ? On Jul 25, 11:17 pm, Raymond.Sch...@pircarre.be (Raymond SCHMIT) wrote: > On Thu, 24 Jul 2008 23:04:14 -0400, "Jonathan N. Little" > [quoted text clipped - 7 lines] > Ok, so ....you can you check if the fields are filled up correctly - > (before - treating the form in php) without using javascript ? Javascript OFF: you send the data directly to the server because the js event can't start, the browser doesn't even notice the event... Javascript ON: you check the fields with js and then, if everything is ok, you send the data to the server... Cheers Sherman!!! Andrea Gazing into my crystal ball I observed "^AndreA^" <andrea.bola@gmail.com> writing in news:1b2e5674-0c32-4743-9b8e- aa66593b05b5@n33g2000pri.googlegroups.com: > hello guys, > [quoted text clipped - 23 lines] > > Is this method wrong? You still need the form element. Certain elements, eg. input, cannot exist without being wrapped in a form element. Javascript is nice as an enhancement. As you know, you have to validate server side, especially before you put anything in a db. > Are there any downside I don't know? Yes, users with javascript disabled will submit to the value of the action attribute. If you do not use the form element, there is no place to submit to. Again, it is very important to check everything server side, especially when the data is going into a db. You might want to look into SQL injection. > You might want to look into SQL injection. I dunno... I still prefer sipping Jack Daniel's to injecting SQL. I have this thing about needles... > With javascript I usually check if the fields are filled up correctly > and then I let javascript send them to the server, so I don't use the > form tag becuase I don't need it. An html compliant browser will not allow any input/textarea tags it encounters if it has not already seen a form opening tag. >> With javascript I usually check if the fields are filled up correctly >> and then I let javascript send them to the server, so I don't use the >> form tag becuase I don't need it. > > An html compliant browser will not allow any input/textarea tags it > encounters if it has not already seen a form opening tag. Not so: <!ENTITY % formctrl "INPUT | SELECT | TEXTAREA | LABEL | BUTTON"> <!ENTITY % inline "#PCDATA | %fontstyle; | %phrase; | %special; | %formctrl;"> Input and textarea tags can appear anywhere inline data can appear (or flow data, because flow includes inline), with the exception of inside a button (because of <!ELEMENT BUTTON - - (%flow;)* -(A|%formctrl;|FORM|FIELDSET) ). very good discussion guys, thank you to everyone... So, I have understood that I need the form tag even though I choose not to support users with javascript off. I've also understood that is a good practice guarantee access to people with javascript off (about 5% now, http://www.w3schools.com/browsers/browsers_stats.asp). I "lost" the whole morning surfing the web trying to understand what other people think about js on or off... ;-) I usually check client-side for all of this stuff: !@#$%^&*()+=[]\\\';,/{}|\":<>?~`.- _£ and then, if everything is fine, I send the data to php and I do just: $_something = htmlentities($_POST['something']); and then it's ready to be stored on the db. Wasn't it enough? Anyway It's useless to have a double check (client-side and server- side), so, following your ideas I should do just a server side check but it isn't as cool as AJAX... Or maybe I could; CLIENT-SIDE: check if the fields are filled up correctly (so who has js on can find it usefull) and SERVER-SIDE: check again all the fields and, above all, look for some characters for security reasons. What do you think? Cheers, Andrea > very good discussion guys, thank you to everyone... > [quoted text clipped - 26 lines] > SERVER-SIDE: check again all the fields and, above all, look for some > characters for security reasons. You should always check everything on the server side because clicking a button on an unaltered page provided by you is not the only way someone can submit data to your PHP process, so you can't be 100% certain that the data that arrives at your server has already been checked. If the AJAX is cool, great, but then to be on the safe side you should check in both places. > I usually check client-side for all of this stuff: > !@#$%^&*()+=[]\\\';,/{}|\":<>?~`.- _£ It's safer to test for what you'll explicitly allow rather than what will explicitly reject. For example, if you know that there's no reason for a particular input to contain anything except [a-zA-Z0-9] then explicitly allow only those rather than explicitly reject everything you can think of that's not those things. > Or maybe I could; > CLIENT-SIDE: check if the fields are filled up correctly (so who has js [quoted text clipped - 3 lines] > > What do you think? Sounds about right, but again permit only safe characters rather than hoping to block all the bad ones. great answers, I understood a lot of things... My topic has been wholly satisfied!!! cheers, Andrea > very good discussion guys, thank you to everyone... > [quoted text clipped - 9 lines] > I usually check client-side for all of this stuff: > !@#$%^&*()+=[]\\\';,/{}|\":<>?~`.- _£ If it's client-side that means that I can make my own page up, that's client side too, and circumvent any protections that that you put in place in your JavaScript. > and then, if everything is fine, I send the data to php and I do just: > $_something = htmlentities($_POST['something']); > > and then it's ready to be stored on the db. > > Wasn't it enough? Well, yes and no. Ever think of checking the size of the field for starter? What would happen if a hacker dumped a terabyte or so into that zipcode field? > Anyway It's useless to have a double check (client-side and server- > side), so, following your ideas I should do just a server side check [quoted text clipped - 5 lines] > SERVER-SIDE: check again all the fields and, above all, look for some > characters for security reasons. Yes, proper procedure. You still need a FORM element. SignatureTake care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com > With javascript I usually check if the fields are filled up correctly > and then I let javascript send them to the server, so I don't use the > form tag becuase I don't need it. > > Is this method wrong? Yes. Your script should only stop the form submission if there's something wrong with the input. Keep in mind that some users will disable JS, so your server-side script should be prepared to handle a plain form submission that hasn't been "approved" by the JS. > Are there any downside I don't know? Not everyone allows JavaScript, of course. And you *will* get input from hacked pages and/or bots - count on it. "Never trust the client" should be the mantra of *every* network programmer. So, checking input in the client is a great way to add a convenience for users who allow it - but then check the input again, on the server, in case the client can't or won't do the job. sherm-- SignatureMy blog: http://shermspace.blogspot.com Cocoa programming in Perl: http://camelbones.sourceforge.net > > With javascript I usually check if the fields are filled up correctly > > and then I let javascript send them to the server, so I don't use the [quoted text clipped - 21 lines] > My blog:http://shermspace.blogspot.com > Cocoa programming in Perl:http://camelbones.sourceforge.net Sherman how can I control the form with javascript? I mean, I write this: <form name="input" action="plain_html_form.php" method="post" > Username: <input type="text" name="user"> <br /> Email: <input type="text" name="email"> <br /> <input type="submit" value="Submit"> <br /> </form> and then I tie a js event to the submit button. So, when the user presses the button the js function starts, but also the data is sent to the server... because pressing the button you active two things simultaneously. I'm sure there is a workaround... Basically the question is: how can I tie a js function to the form without breaking it? how can I prevent the form to send data if js "says" there is something wrong? Actually were two questions, but they mean the same thing... ;-) Andrea In article <6053a854-e078-4e39-a0c0-741f394bf463@j7g2000prm.googlegroups.com>, > > > With javascript I usually check if the fields are filled up correctly > > > and then I let javascript send them to the server, so I don't use the [quoted text clipped - 51 lines] > > Andrea Don't use a submit button, use an ordinary one. Do your validation, and if all is OK do the submit from within js. > In article > <6053a854-e078-4e39-a0c0-741f394bf...@j7g2000prm.googlegroups.com>, [quoted text clipped - 57 lines] > Don't use a submit button, use an ordinary one. Do your validation, and > if all is OK do the submit from within js. yeah, but we have just said that js could be disabled... >> > With javascript I usually check if the fields are filled up correctly >> > and then I let javascript send them to the server, so I don't use the [quoted text clipped - 28 lines] > how can I prevent the form to send data if js "says" there is > something wrong? Tie an onsubmit handler to the form, instead of an onclick on a button. If JS is allowed and the form handler returns false, the form isn't sent. If the handler returns true, the form data is sent to the action URL. If JS is disabled, the form behaves just like any other non-JS form, and sends its data to the action URL. sherm-- SignatureMy blog: http://shermspace.blogspot.com Cocoa programming in Perl: http://camelbones.sourceforge.net |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.