General discussion

Locked

Expert opinion on Types of validation

By Arati ·
Good Day!

Can any one give an expert opinion as to how many types of Form validation one hase to take care when developing a form where an user will input the data.
I am interested in all possible important validations as
- client side,
- server side,
- Security,
- check during input (example user may type Arati's instead of Aratis and similar
type of other checks which backhand or other language will not permit....etc

Thanks to you all
Arati

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Expert opinion on Types of validation

by Jay Eckles In reply to Expert opinion on Types ...

One thing you might do is take a look at the security section of my CGI tutorial at http://www.jayeckles.com/cgi/security.html. Although it talks specifically about CGI, the validation information applies just as much to any other form of server-side processing. Basically it says that 1. when validating input characters, don't search for characters that should be excluded and include all others, search for characters that should be included and exclude all others (i.e., come up with a set of "safe" characters like 0-9, a-z, A-Z, and selected punctuation. What you definitely want to avoid are shell metacharacters. 2. Even if you validate your input on the client side, you MUST validate it on the server side as well. Users can turn off Javascript or VBScript, they can interact with your program via telnet or a non-standard browser, etc.

In general, I do the following:
Don't allow a form to be submitted without Javascript; this is NOT foolproof, but it prevents a lot of problems. It is a convenience measure, not a security measure!
Use Javascript to validate that all required questions have been answered and that formats are correct. You can do this two ways: 1. onChange, where as soon as a user makes a change to a fieldit is validated. 2. onSubmit or onClick (of the "submit" button or link) where you validate all fields when the link or button is clicked.
Use Javascript to submit the form.
In the server side script, strip any character that's not in the "safe" set, then re-validate all fields using same rules as you used to validate with Javascript.

Good luck.

Jay Eckles
www.jayeckles.com

Collapse -

Expert opinion on Types of validation

by Arati In reply to Expert opinion on Types ...

Poster rated this answer

Collapse -

Expert opinion on Types of validation

by Arati In reply to Expert opinion on Types ...

This question was closed by the author

Back to Web Development Forum
3 total posts (Page 1 of 1)  

Related Forums