Server-Side ValidationServer-Side Validation

Jayden BryantJayden Bryant

What is Server-Side Validation?What is Server-Side Validation?

Validation of form input done on the Validation of form input done on the server, not the web browser programserver, not the web browser program

//Validate the Surname

If ($surname == “”)

print( “The surname field cannot be blank.”);

Differences between Client and Differences between Client and Server Side ValidationServer Side Validation

Client-SideClient-Side• No round trip to server = quicker validation, instant No round trip to server = quicker validation, instant

feedback to userfeedback to user• User may skip client-side validation by turning off java User may skip client-side validation by turning off java

scriptscript Server-SideServer-Side

• Ensures 100% validation of input even if front end Ensures 100% validation of input even if front end validation failsvalidation fails

• User cannot skip server-side validationUser cannot skip server-side validation• Ensures that improper data sent will be filtered Ensures that improper data sent will be filtered

correctly, a detailed error message can be sent back to correctly, a detailed error message can be sent back to useruser

• Takes longer time to vaildate – information must do a Takes longer time to vaildate – information must do a round trip to the server.round trip to the server.

What we shall DiscussWhat we shall Discuss

Methods used when validating Methods used when validating different form datadifferent form data

Number validationNumber validation

URL validationURL validation

Email ValidationEmail Validation

Common Validation functionsCommon Validation functions ereg () ereg () functionfunction

<?php$username = (jayden2);If (ereg ('[^A-Za-z]', $username)){ echo "Usernames must contain only letters.";} else {echo "$username is a valid username.";}?>

!ereg () !ereg () functionfunctionif ($validate) {

$text = ($n);

print "email entered is $text. <br><br>";

if (!ereg("[@]",$text))echo ("email must conatain the symbol '@'.");elseecho ("Good job, email contains an '@'");}

To example

To example

Validating NumbersValidating Numbers

is_numeric() is_numeric() functionfunction• Checks to see if input is numericChecks to see if input is numeric• is_numericis_numeric allows: allows:

• Integers e.g. Integers e.g. 998878998878• Scientific notations e.g. Scientific notations e.g. 15e415e4• Floating points e.g. Floating points e.g. 10.2510.25• Hexadecimal e.g. Hexadecimal e.g. 2xff2xff• Negative numbers e.g.Negative numbers e.g. -56-56

if (!is_numeric($n))print “Does not conform to function";

else print "Validation passed!! Input was: $n";Example

Validating URL’sValidating URL’s Parse_url: Parse_url: function parses a URL and returns an associative function parses a URL and returns an associative

array containing any of the various components of the URL that array containing any of the various components of the URL that are present. are present.

scheme - e.g. http scheme - e.g. http host host port port user user pass pass path path query - after the question mark query - after the question mark ??

fragment - after the hashmark fragment - after the hashmark ##

Example: Example: http://www.webdatabasebook.com/test.php?statuse=F#message

parse_url

Validating URL’sValidating URL’s

function_exists:function_exists: Return TRUE if the given function has been defined

checkdnsrr:checkdnsrr:

Check DNS records corresponding to a given Internet hostname or IP address

type may be any one of: A, MX, NS, SOA, PTR, CNAME, AAAA, A6, SRV, NAPTR or ANY. The default is MX.

URL code

URL Validation CodeURL Validation Code <?php<?php

$bits = parse_url($url);$bits = parse_url($url);

if ($bits["scheme"] != "http")if ($bits["scheme"] != "http") print "URL must begin with http://.";print "URL must begin with http://.";

elseif (empty($bits["host"]))elseif (empty($bits["host"])) print "URL must include a host name.";print "URL must include a host name.";

elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], 'A'))'A'))

print "Host does not exist.";print "Host does not exist."; elseelse echo ("URL: $bits Exists");echo ("URL: $bits Exists"); ?>?>

URL Example

Validating EmailValidating Email

Empty (var) – Empty (var) – Determines whether a variable is emptyDetermines whether a variable is empty

strlenstrlen -  - Get string length Get string length

• Returns the length of the given stringReturns the length of the given string

Getmxrr – Getmxrr – Check if there is a record of the email domain as a Check if there is a record of the email domain as a mail exchanger (MX)mail exchanger (MX)

Gethostbyname -Gethostbyname - Get the IP address corresponding to a given Internet host name

Validating EmailValidating Email substrsubstr ( string string, int start [, int length] ) ( string string, int start [, int length] )

• Returns part of a string• returns the portion of string specified by the start and

length parameters.

string string strstrstrstr ( string haystack, string needle ) ( string haystack, string needle )

• Finds the first occurence of the string• Returns part of haystack string from the first occurrence

of needle to the end of haystack • If needle is not found, returns false

Code

Email Validation codeEmail Validation code {{ $validEmailExpr =$validEmailExpr = "^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*" ."^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*" . "@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$";"@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$";

if (empty($email))if (empty($email)) {{ print "The email field cannot be blank";print "The email field cannot be blank"; $printFlag = false;$printFlag = false; }} elseif (!eregi($validEmailExpr, $email))elseif (!eregi($validEmailExpr, $email)) {{ print "The email must be in the name@domain format.";print "The email must be in the name@domain format."; $printFlag = false;$printFlag = false; }} elseif (strlen($email) >30)elseif (strlen($email) >30) {{ print "The email address can be no longer than 30 characters.";print "The email address can be no longer than 30 characters."; $printFlag = false;$printFlag = false; }}

Email Validation codeEmail Validation code elseif (function_exists("getmxrr") && function_exists("gethostbyname"))elseif (function_exists("getmxrr") && function_exists("gethostbyname")) {{ $maildomain = substr(strstr($email, '@'), 1);$maildomain = substr(strstr($email, '@'), 1);

if (!(getmxrr($maildomain, $temp) || if (!(getmxrr($maildomain, $temp) || gethostbyname($maildomain) !=$maildomain))gethostbyname($maildomain) !=$maildomain))

{{ print "The domain does not exist.";print "The domain does not exist."; $printFlag = false;$printFlag = false; }} else $printFlag = true;else $printFlag = true; }} if ($printFlag == true) {if ($printFlag == true) { print "email address: $email exists";print "email address: $email exists"; }} }}

?>?>Example

Class QuizClass Quiz

When using When using is_numericis_numeric function, function, what are the 5 legal number what are the 5 legal number formats?formats?

• Integers e.g. Integers e.g. 998878998878• Scientific notations e.g. Scientific notations e.g. 15e415e4• Floating points e.g. Floating points e.g. 10.2510.25• Hexadecimal e.g. Hexadecimal e.g. 2xff2xff• Negative numbers e.g.Negative numbers e.g. -56-56

Question 2

Class Quiz: Qu 2Class Quiz: Qu 2

What is a major difference between What is a major difference between client-side and server-side client-side and server-side validation?validation?

Question 3

Class Quiz: Qu 3Class Quiz: Qu 3

What does the function What does the function parse_urlparse_url do? do?

• Returns the different components of which the Returns the different components of which the URL is made up of e.g.URL is made up of e.g.

• scheme - e.g. http scheme - e.g. http • host host • port port • user user • pass pass • path path • query - after the question mark query - after the question mark ?? • fragment - after the hashmark fragment - after the hashmark ##

Question 4

Class Quiz: Qu 5Class Quiz: Qu 5

What does the function What does the function strstrstrstr return? return?

• Finds the first occurence of the string• Returns part of haystack string from the first occurrence

of needle to the end of haystack • If needle is not found, returns false

Question 5

Class Quiz: Qu 6Class Quiz: Qu 6

What does the function What does the function emptyempty check?check?

• If the variable is emptyIf the variable is empty

Validation CompleteValidation Complete