NSSC09-ValidateAndCookies

8/13/2019 NSSC09-ValidateAndCookies

1/8

Validating data and handling cookies page 1

Validating data / Handling Cookies (Ch. 14.2 - 14.3)

HTML Form

Collect information from visitors

Begin with the tag and end with the tag

The tag contains several attributes, such as name, methodand action.

Usage

i. Registration

ii. Questionnaire

iii. Login

Example

i. The name of the form is " f r m_i nput "

ii. The form value will be sent to ht t p: / / www. ktgss. edu. hk/ user i nput . php

iii. The FORM Method attribute is either

Met hod = POST or Met hod = GET

iv. Sending with Method GET

a. The form value is sent via a browser URL, like

ht t p: / / www. kt gss. edu. hk/ user i nput . php?name=Bi l l &gender =mal e

b. The part after the question mark is the value sent to useri nput . php .

c. Multiple values are separated with an ampersand (&).

d. In the above example, two values, name=Bill and gender=male are sent toht t p: / / www. ktgss. edu. hk/ user i nput . php .

v. Sending with Method POST

a. The form value is sent without displaying on browser URL.

b. POST is the preferred method for sending protected data,such as password.

Flow of Form Process ing1. Visitor inputs the HTML form and clicks submit button

2. Form value is submitted to server

3. Server program, such as PHP script, will get and processthe form data

4. Server program gives appropriate response to the visitorafter the data are processed.

Note: HTML Form Input Types

(Please refer to n otes on H TM L )

Text box

Text area

Selection box

Drop down box

Radio Button

Check box

Button (submit, reset)

Internet

1

2

3

4


2/8


Example1 : Checking the Password

The inputted password is sent and processed by a PHP script, checkpasswor d. php .

checkpassword.htm checkpassword.phpChecki ng Password

Pl ease ent er your passwor d:

General Flow of Data Validat ion

After a form has been filled in, there can be single item validation, and logical data validation.

Single item vali dation

i. Verifying if the input is in the correct domain

ii. Verifying if the input is in the correct range or length

Logical data validation

i. It can be related to a single data item or multiple data items. For examples:

a. Validation of student ID

b. Suppose Item A is Age and Item B is Class. If the value of A is 14 while B is of class Form 6, thereis a high possibility of data entry error.

For m vali dation

i. Checking if the form has been filled correctly before it is processed.

ii. Server-side validation

a. Using PHP script, ASP, Servlet, etc

b. More secure

c. Program coding is more complicated

iii. Client-side validation

a. Commonly using JavaScript

b. Easier to implement

c. Faster response


3/8


Exam ple: Validate an inp ut HK ID (PHP)

Validation Rules:

i. All fields should be filled

ii. The first field of HKID (hkid_letter_in) should be a letter

iii. The middle field of HKID (hkid_number_in) should be digits with the length of 6.

iv. The last field of HKID (hkid_letter_bracket) should be a letter or digit.

v. Gender (gender_in) should be selected.

vi. HTML codes:

Here is the codes of the HTML form:

Name:
HKI D: - ( )
Gender : Mal e

Femal e

Here are the PHP codes:


4/8


Client-sid e Validation (JavaScrip t)

The tag is changed as follows:

The form is given a name of f r m_r egi st er and onSubmi t attribute is added to the tag. AJavaScript function val i dat e_f or m( ) is added and the JavaScript function will be called when theSubmit button is clicked.

The re turn allows the JavaScript function returns either true or false.

i. return the value t rue means submit the form to server

ii. return the value f al se means DO NOT submit the form

JavaScript codes to validate:

val i d = t r ue;nums = / [ 0- 9] *$/ ;l et t er s = / [ a- zA- Z] *$/ ;

i f ( f r m_r egi st er . name_i n. val ue == "" ){

al er t ( "Pl ease f i l l i n t he ' Name' box" ) ;val i d = f al se;

}i f ( ( f r m_regi s ter. hki d_l et t er _i n. val ue == "")

| | ( f r m_r egi st er . hki d_number _i n. val ue == "" )| | ( f r m_r egi st er . hki d_br acket _i n. val ue == "" ) )

{

al er t ( "Pl ease f i l l t he al l t he ' HKI D' boxes" ) ;val i d = f al se;}i f ( ( f r m_r egi st er . gender _i n[ 0] . checked == f al se) &&

( f r m_r egi st er . gender _i n[ 1] . checked == f al se) ){

al ert ( "Pl ease choose t he Gender" ) ;val i d = f al se;

}i f ( ! l et t er s . t e st ( f r m_ r egi s t er. hki d_ l et t er _ i n. val ue) ) {

al er t ( "The f i r st box of t he HKI D shoul d be a l et t er ") ;val i d = f al se;

}i f ( ! nums. t est ( f r m_r egi st er . hki d_number _i n. val ue) ) {

al ert ( "The second box of t he HKI D shoul d be di gi t s" ) ;val i d = f al se;

}i f ( ( ! l et t er s . t es t ( f r m_regi s ter. hki d_br acket _i n. val ue) ) &&( ! nums. t est ( f r m_r egi st er . hki d_br acket _i n. val ue) ) ) {al er t ( "The t hi r d box of t he HKI D shoul d be di gi t or l et t er ") ;val i d = f al se;

}i f ( f r m_r egi st er . hki d_number _i n. val ue. l enght ! = 6){

al ert ( "The second box of t he HKI D shoul d be i n l engt h of 6" ) ;val i d = f al se;

}re turn val i d;

}/ / - - >


5/8


Creating Qu izzes wi th Mu lt ip le Inp ut Form ats

Procedure to conduct a quiz:

i. Display a question

ii. Create a fill-in form to get answers

iii. Submit the users answers to server

iv. Process the answers by server script, such as PHP, and check whether the answers are correct

v. Display the result

Question Types:

i. Multiple Choice

ii. Fill in the blanks

iii. Multiple Answers

iv. Matching

4. Multiple Choice Example

HTML page PHP page

Qui z


6/8


Quest i on 4
Ros e - - - - - - -Ani mal Fl ower Frui t
Dog - - - - - - -Ani mal Fl ower Frui t
Appl e - - - - - - -Ani mal Fl ower Frui t

echo "
Quest i on 4
" ;i f

( ( $_POST[ ' q4_ans_r ose' ] ==" f l ower" ) &&( $_POST[ ' q4_ans_dog' ] ==" ani mal " ) &&( $_POST[ ' q4_ans_appl e' ] =="f r ui t ") )

echo "Cor r ect !
" ;el se

{ echo " Wr ong Answer !
" ;echo "

The Answer i s
Rose - - - - - - - f l ower
Dog - - - - - - - ani mal
Appl e - - - - - - - f rui t
" ;

}

?>

Screen layout:


7/8


What is Cookie

Cookies are small amounts of information that a foreign computer can leave on your computer.

The cookie also contains

i. An expiry date

ii.

Why We Need Cookie

i. If you have cookies enabled in your machine, it will store your station name and station number there to be used to fill in those items in our data entry forms.

ii. This means that you only have to remember your station name and number once and we will fill it in foryou after that

iii. They are also often used to remember password and login information for private sites or your setup preferences of your home page.

Personalization

Customize the delivery of a Web page to make it more useful for individual users

Tailor your output to different types of browsers

Drawbacks of Cookies

i. Inaccurate identification

ii. Cookie theftiii. Cookie poisoning

iv. Cross-site cooking

v. Inconsistent state on client and server

Inaccurate Identification

i. Anyone who uses more than one account, computer, or browser has more than one set of cookies.

ii. Cookies do not differentiate among multiple users who share a computer and browser.

Cookie Theft. Cookies can be stolen and read by unauthorized computers on the network.

Cookie Poisoning. The values of Cookies are supposed to be stored and sent back to the server without anymodification. Attackers may modify the cookies and send back the inappropriate cookies to the server.

Cross-site Cooking. Similar to cookie poisoning, attackers exploit a browser bug to send a modified cookieto the server

Inconsistent State on Client and Server. The use of cookies may generate an inconsistency between thestate of the client and the state as stored in the cookie. If a user acquires a cookie and then clicks the "Back"

button of the browser, the state on the browser is generally not the same as before that acquisition.


8/8


Sample program to set and read a cookie when a user browse a web page.

ht ml >head>scr i pt l anguage="J avaScr i pt ">

f uncti on set cooki e( )

{ document . cooki e = " name=pet er ; expi r es=Sun, 1 J an 2012 12: 00: 00 GMT";}f unct i on r eadcooki e( ){

i f ( document . cooki e) {var mycooki e = document . cooki e;wi ndow. al er t ( mycooki e) ;

}}

body onLoad=" r eadcooki e( ) " >f or m name=" myf or m" >

i nput t ype = " but t on" val ue=" Set cooki e" onCl i ck=" set cooki e( ) ; " >

click and then reload the page

NSSC09-ValidateAndCookies

Documents

Transcript of NSSC09-ValidateAndCookies