NSSC09-ValidateAndCookies
-
Upload
arcom-poerba -
Category
Documents
-
view
219 -
download
0
Transcript of NSSC09-ValidateAndCookies
-
8/13/2019 NSSC09-ValidateAndCookies
1/8
Validating data and handling cookies page 1
Validating data / Handling Cookies (Ch. 14.2 - 14.3)
HTML Form
Collect information from visitors
Begin with the tag and end with the tag
The tag contains several attributes, such as name, methodand action.
Usage
i. Registration
ii. Questionnaire
iii. Login
Example
i. The name of the form is " f r m_i nput "
ii. The form value will be sent to ht t p: / / www. ktgss. edu. hk/ user i nput . php
iii. The FORM Method attribute is either
Met hod = POST or Met hod = GET
iv. Sending with Method GET
a. The form value is sent via a browser URL, like
ht t p: / / www. kt gss. edu. hk/ user i nput . php?name=Bi l l &gender =mal e
b. The part after the question mark is the value sent to useri nput . php .
c. Multiple values are separated with an ampersand (&).
d. In the above example, two values, name=Bill and gender=male are sent toht t p: / / www. ktgss. edu. hk/ user i nput . php .
v. Sending with Method POST
a. The form value is sent without displaying on browser URL.
b. POST is the preferred method for sending protected data,such as password.
Flow of Form Process ing1. Visitor inputs the HTML form and clicks submit button
2. Form value is submitted to server
3. Server program, such as PHP script, will get and processthe form data
4. Server program gives appropriate response to the visitorafter the data are processed.
Note: HTML Form Input Types
(Please refer to n otes on H TM L )
Text box
Text area
Selection box
Drop down box
Radio Button
Check box
Button (submit, reset)
Internet
1
2
3
4
-
8/13/2019 NSSC09-ValidateAndCookies
2/8
Validating data and handling cookies page 2
Example1 : Checking the Password
The inputted password is sent and processed by a PHP script, checkpasswor d. php .
checkpassword.htm checkpassword.phpChecki ng Password
Pl ease ent er your passwor d:
General Flow of Data Validat ion
After a form has been filled in, there can be single item validation, and logical data validation.
Single item vali dation
i. Verifying if the input is in the correct domain
ii. Verifying if the input is in the correct range or length
Logical data validation
i. It can be related to a single data item or multiple data items. For examples:
a. Validation of student ID
b. Suppose Item A is Age and Item B is Class. If the value of A is 14 while B is of class Form 6, thereis a high possibility of data entry error.
For m vali dation
i. Checking if the form has been filled correctly before it is processed.
ii. Server-side validation
a. Using PHP script, ASP, Servlet, etc
b. More secure
c. Program coding is more complicated
iii. Client-side validation
a. Commonly using JavaScript
b. Easier to implement
c. Faster response
-
8/13/2019 NSSC09-ValidateAndCookies
3/8
Validating data and handling cookies page 3
Exam ple: Validate an inp ut HK ID (PHP)
Validation Rules:
i. All fields should be filled
ii. The first field of HKID (hkid_letter_in) should be a letter
iii. The middle field of HKID (hkid_number_in) should be digits with the length of 6.
iv. The last field of HKID (hkid_letter_bracket) should be a letter or digit.
v. Gender (gender_in) should be selected.
vi. HTML codes:
Here is the codes of the HTML form:
Name:
HKI D: - ( )
Gender : Mal eFemal e
Here are the PHP codes:
-
8/13/2019 NSSC09-ValidateAndCookies
4/8
Validating data and handling cookies page 4
Client-sid e Validation (JavaScrip t)
The tag is changed as follows:
The form is given a name of f r m_r egi st er and onSubmi t attribute is added to the tag. AJavaScript function val i dat e_f or m( ) is added and the JavaScript function will be called when theSubmit button is clicked.
The re turn allows the JavaScript function returns either true or false.
i. return the value t rue means submit the form to server
ii. return the value f al se means DO NOT submit the form
JavaScript codes to validate:
val i d = t r ue;nums = / [ 0- 9] *$/ ;l et t er s = / [ a- zA- Z] *$/ ;
i f ( f r m_r egi st er . name_i n. val ue == "" ){
al er t ( "Pl ease f i l l i n t he ' Name' box" ) ;val i d = f al se;
}i f ( ( f r m_regi s ter. hki d_l et t er _i n. val ue == "")
| | ( f r m_r egi st er . hki d_number _i n. val ue == "" )| | ( f r m_r egi st er . hki d_br acket _i n. val ue == "" ) )
{
al er t ( "Pl ease f i l l t he al l t he ' HKI D' boxes" ) ;val i d = f al se;}i f ( ( f r m_r egi st er . gender _i n[ 0] . checked == f al se) &&
( f r m_r egi st er . gender _i n[ 1] . checked == f al se) ){
al ert ( "Pl ease choose t he Gender" ) ;val i d = f al se;
}i f ( ! l et t er s . t e st ( f r m_ r egi s t er. hki d_ l et t er _ i n. val ue) ) {
al er t ( "The f i r st box of t he HKI D shoul d be a l et t er ") ;val i d = f al se;
}i f ( ! nums. t est ( f r m_r egi st er . hki d_number _i n. val ue) ) {
al ert ( "The second box of t he HKI D shoul d be di gi t s" ) ;val i d = f al se;
}i f ( ( ! l et t er s . t es t ( f r m_regi s ter. hki d_br acket _i n. val ue) ) &&( ! nums. t est ( f r m_r egi st er . hki d_br acket _i n. val ue) ) ) {al er t ( "The t hi r d box of t he HKI D shoul d be di gi t or l et t er ") ;val i d = f al se;
}i f ( f r m_r egi st er . hki d_number _i n. val ue. l enght ! = 6){
al ert ( "The second box of t he HKI D shoul d be i n l engt h of 6" ) ;val i d = f al se;
}re turn val i d;
}/ / - - >
-
8/13/2019 NSSC09-ValidateAndCookies
5/8
Validating data and handling cookies page 5
Creating Qu izzes wi th Mu lt ip le Inp ut Form ats
Procedure to conduct a quiz:
i. Display a question
ii. Create a fill-in form to get answers
iii. Submit the users answers to server
iv. Process the answers by server script, such as PHP, and check whether the answers are correct
v. Display the result
Question Types:
i. Multiple Choice
ii. Fill in the blanks
iii. Multiple Answers
iv. Matching
4. Multiple Choice Example
HTML page PHP page
Qui z
-
8/13/2019 NSSC09-ValidateAndCookies
6/8
Validating data and handling cookies page 6
Quest i on 4
Ros e - - - - - - -Ani mal Fl ower Frui t
Dog - - - - - - -Ani mal Fl ower Frui t
Appl e - - - - - - -Ani mal Fl ower Frui techo "
Quest i on 4
" ;i f( ( $_POST[ ' q4_ans_r ose' ] ==" f l ower" ) &&( $_POST[ ' q4_ans_dog' ] ==" ani mal " ) &&( $_POST[ ' q4_ans_appl e' ] =="f r ui t ") )
echo "Cor r ect !
" ;el se{ echo " Wr ong Answer !
" ;echo "The Answer i s
Rose - - - - - - - f l ower
Dog - - - - - - - ani mal
Appl e - - - - - - - f rui t
" ;}
?>
Screen layout:
-
8/13/2019 NSSC09-ValidateAndCookies
7/8
Validating data and handling cookies page 7
What is Cookie
Cookies are small amounts of information that a foreign computer can leave on your computer.
The cookie also contains
i. An expiry date
ii.
Why We Need Cookie
i. If you have cookies enabled in your machine, it will store your station name and station number there to be used to fill in those items in our data entry forms.
ii. This means that you only have to remember your station name and number once and we will fill it in foryou after that
iii. They are also often used to remember password and login information for private sites or your setup preferences of your home page.
Personalization
Customize the delivery of a Web page to make it more useful for individual users
Tailor your output to different types of browsers
Drawbacks of Cookies
i. Inaccurate identification
ii. Cookie theftiii. Cookie poisoning
iv. Cross-site cooking
v. Inconsistent state on client and server
Inaccurate Identification
i. Anyone who uses more than one account, computer, or browser has more than one set of cookies.
ii. Cookies do not differentiate among multiple users who share a computer and browser.
Cookie Theft. Cookies can be stolen and read by unauthorized computers on the network.
Cookie Poisoning. The values of Cookies are supposed to be stored and sent back to the server without anymodification. Attackers may modify the cookies and send back the inappropriate cookies to the server.
Cross-site Cooking. Similar to cookie poisoning, attackers exploit a browser bug to send a modified cookieto the server
Inconsistent State on Client and Server. The use of cookies may generate an inconsistency between thestate of the client and the state as stored in the cookie. If a user acquires a cookie and then clicks the "Back"
button of the browser, the state on the browser is generally not the same as before that acquisition.
-
8/13/2019 NSSC09-ValidateAndCookies
8/8
Validating data and handling cookies page 8
Sample program to set and read a cookie when a user browse a web page.
ht ml >head>scr i pt l anguage="J avaScr i pt ">
f uncti on set cooki e( )
{ document . cooki e = " name=pet er ; expi r es=Sun, 1 J an 2012 12: 00: 00 GMT";}f unct i on r eadcooki e( ){
i f ( document . cooki e) {var mycooki e = document . cooki e;wi ndow. al er t ( mycooki e) ;
}}
body onLoad=" r eadcooki e( ) " >f or m name=" myf or m" >
i nput t ype = " but t on" val ue=" Set cooki e" onCl i ck=" set cooki e( ) ; " >
click and then reload the page