Server-Side Validation Jayden Bryant
What is Server-Side Validation? u Validation of form input done on the server, not the web browser program //Validate the Surname If ($surname == “”) print( “The surname field cannot be blank. ”);
Differences between Client and Server Side Validation u Client-Side • No round trip to server = quicker validation, instant feedback to user • User may skip client-side validation by turning off java script u Server-Side • Ensures 100% validation of input even if front end validation fails • User cannot skip server-side validation • Ensures that improper data sent will be filtered correctly, a detailed error message can be sent back to user • Takes longer time to vaildate – information must do a round trip to the server.
What we shall Discuss u Methods used when validating different form data u Number validation u URL validation u Email Validation
Common Validation functions u ereg () function To example u <? php $username = (jayden 2); If (ereg ('[^A-Za-z]', $username)){ echo "Usernames must contain only letters. "; } else {echo "$username is a valid username. "; } ? > !ereg () function if ($validate) { $text = ($n); print "email entered is $text. "; To example if (!ereg("[@]", $text)) echo ("email must conatain the symbol '@'. "); else echo ("Good job, email contains an '@'"); }
Validating Numbers u is_numeric() function • Checks to see if input is numeric • is_numeric allows: • Integers e. g. 998878 • Scientific notations e. g. 15 e 4 • Floating points e. g. 10. 25 • Hexadecimal e. g. 2 xff • Negative numbers e. g. -56 if (!is_numeric($n)) print “Does not conform to function"; else print "Validation passed!! Input was: $n"; Example
Validating URL’s u Parse_url: function parses a URL and returns an associative array containing any of the various components of the URL that are present. u scheme - e. g. http host port user pass path query - after the question mark ? u fragment - after the hashmark # u u u Example: http: //www. webdatabasebook. com/test. php? statuse=F#me ssage parse_url
Validating URL’s u function_exists: Return TRUE if the given function has been defined u checkdnsrr: Check DNS records corresponding to a given Internet hostname or IP address type may be any one of: A, MX, NS, SOA, PTR, CNAME, AAAA, A 6, SRV, NAPTR or ANY. The default is MX. URL code
URL Validation Code u <? php u $bits = parse_url($url); u u u u u if ($bits["scheme"] != "http") print "URL must begin with http: //. "; elseif (empty($bits["host"])) print "URL must include a host name. "; elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], 'A')) print "Host does not exist. "; else echo ("URL: $bits Exists"); ? > URL Example
Validating Email u Empty (var) – u strlen - Get string length Determines whether a variable is empty • Returns the length of the given string u Getmxrr – u Gethostbyname - Get the IP address corresponding to a Check if there is a record of the email domain as a mail exchanger (MX) given Internet host name
![Validating Email u substr ( string, int start [, int length] ) • Returns](https://present5.com/presentation/657f77e279748c8b2ef7759250ace41c/image-11.jpg "Validating Email u substr ( string, int start [, int length] ) • Returns")
Validating Email u substr ( string, int start [, int length] ) • Returns part of a string • returns the portion of string specified by the start and length parameters. u string strstr ( string haystack, string needle ) • Finds the first occurence of the string • Returns part of haystack string from the first occurrence of needle to the end of haystack • If needle is not found, returns false Code
Email Validation code u u u u u { $valid. Email. Expr = "^[0 -9 a-z~!#$%&_-]([. ]? [0 -9 a-z~!#$%&_-])*". "@[0 -9 a-z~!#$%&_-]([. ]? [0 -9 a-z~!#$%&_-])*$"; if (empty($email)) { print "The email field cannot be blank"; $print. Flag = false; } elseif (!eregi($valid. Email. Expr, $email)) { print "The email must be in the name@domain format. "; $print. Flag = false; } elseif (strlen($email) >30) { print "The email address can be no longer than 30 characters. "; $print. Flag = false; }
Email Validation code u u u elseif (function_exists("getmxrr") && function_exists("gethostbyname")) { $maildomain = substr(strstr($email, '@'), 1); u if (!(getmxrr($maildomain, $temp) || gethostbyname($maildomain) !=$maildomain)) { print "The domain does not exist. "; $print. Flag = false; } else $print. Flag = true; } if ($print. Flag == true) { print "email address: $email exists"; } } u ? > u u u u u Example
Class Quiz u When using is_numeric function, what are the 5 legal number formats? • Integers e. g. 998878 • Scientific notations e. g. 15 e 4 • Floating points e. g. 10. 25 • Hexadecimal e. g. 2 xff • Negative numbers e. g. -56 Question 2
Class Quiz: Qu 2 u What is a major difference between client-side and server-side validation? Question 3
Class Quiz: Qu 3 u What does the function parse_url do? • Returns the different components of which the URL is made up of e. g. • • scheme - e. g. http host port user pass path query - after the question mark ? fragment - after the hashmark # Question 4
Class Quiz: Qu 5 u What does the function strstr return? • Finds the first occurence of the string • Returns part of haystack string from the first occurrence of needle to the end of haystack • If needle is not found, returns false Question 5
Class Quiz: Qu 6 u What does the function empty check? • If the variable is empty
Validation Complete
Скачать презентацию Server-Side Validation Jayden Bryant What is Server-Side
657f77e279748c8b2ef7759250ace41c.ppt