Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done...
-
Upload
theodora-bradley -
Category
Documents
-
view
212 -
download
0
Transcript of Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done...
![Page 1: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/1.jpg)
Server-Side ValidationServer-Side Validation
Jayden BryantJayden Bryant
![Page 2: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/2.jpg)
What is Server-Side Validation?What is Server-Side Validation?
Validation of form input done on the Validation of form input done on the server, not the web browser programserver, not the web browser program
//Validate the Surname
If ($surname == “”)
print( “The surname field cannot be blank.”);
![Page 3: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/3.jpg)
Differences between Client and Differences between Client and Server Side ValidationServer Side Validation
Client-SideClient-Side• No round trip to server = quicker validation, instant No round trip to server = quicker validation, instant
feedback to userfeedback to user• User may skip client-side validation by turning off java User may skip client-side validation by turning off java
scriptscript Server-SideServer-Side
• Ensures 100% validation of input even if front end Ensures 100% validation of input even if front end validation failsvalidation fails
• User cannot skip server-side validationUser cannot skip server-side validation• Ensures that improper data sent will be filtered Ensures that improper data sent will be filtered
correctly, a detailed error message can be sent back to correctly, a detailed error message can be sent back to useruser
• Takes longer time to vaildate – information must do a Takes longer time to vaildate – information must do a round trip to the server.round trip to the server.
![Page 4: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/4.jpg)
What we shall DiscussWhat we shall Discuss
Methods used when validating Methods used when validating different form datadifferent form data
Number validationNumber validation
URL validationURL validation
Email ValidationEmail Validation
![Page 5: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/5.jpg)
Common Validation functionsCommon Validation functions ereg () ereg () functionfunction
<?php$username = (jayden2);If (ereg ('[^A-Za-z]', $username)){ echo "Usernames must contain only letters.";} else {echo "$username is a valid username.";}?>
!ereg () !ereg () functionfunctionif ($validate) {
$text = ($n);
print "email entered is $text. <br><br>";
if (!ereg("[@]",$text))echo ("email must conatain the symbol '@'.");elseecho ("Good job, email contains an '@'");}
To example
To example
![Page 6: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/6.jpg)
Validating NumbersValidating Numbers
is_numeric() is_numeric() functionfunction• Checks to see if input is numericChecks to see if input is numeric• is_numericis_numeric allows: allows:
• Integers e.g. Integers e.g. 998878998878• Scientific notations e.g. Scientific notations e.g. 15e415e4• Floating points e.g. Floating points e.g. 10.2510.25• Hexadecimal e.g. Hexadecimal e.g. 2xff2xff• Negative numbers e.g.Negative numbers e.g. -56-56
if (!is_numeric($n))print “Does not conform to function";
else print "Validation passed!! Input was: $n";Example
![Page 7: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/7.jpg)
Validating URL’sValidating URL’s Parse_url: Parse_url: function parses a URL and returns an associative function parses a URL and returns an associative
array containing any of the various components of the URL that array containing any of the various components of the URL that are present. are present.
scheme - e.g. http scheme - e.g. http host host port port user user pass pass path path query - after the question mark query - after the question mark ??
fragment - after the hashmark fragment - after the hashmark ##
Example: Example: http://www.webdatabasebook.com/test.php?statuse=F#message
parse_url
![Page 8: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/8.jpg)
Validating URL’sValidating URL’s
function_exists:function_exists: Return TRUE if the given function has been defined
checkdnsrr:checkdnsrr:
Check DNS records corresponding to a given Internet hostname or IP address
type may be any one of: A, MX, NS, SOA, PTR, CNAME, AAAA, A6, SRV, NAPTR or ANY. The default is MX.
URL code
![Page 9: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/9.jpg)
URL Validation CodeURL Validation Code <?php<?php
$bits = parse_url($url);$bits = parse_url($url);
if ($bits["scheme"] != "http")if ($bits["scheme"] != "http") print "URL must begin with http://.";print "URL must begin with http://.";
elseif (empty($bits["host"]))elseif (empty($bits["host"])) print "URL must include a host name.";print "URL must include a host name.";
elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], 'A'))'A'))
print "Host does not exist.";print "Host does not exist."; elseelse echo ("URL: $bits Exists");echo ("URL: $bits Exists"); ?>?>
URL Example
![Page 10: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/10.jpg)
Validating EmailValidating Email
Empty (var) – Empty (var) – Determines whether a variable is emptyDetermines whether a variable is empty
strlenstrlen - - Get string length Get string length
• Returns the length of the given stringReturns the length of the given string
Getmxrr – Getmxrr – Check if there is a record of the email domain as a Check if there is a record of the email domain as a mail exchanger (MX)mail exchanger (MX)
Gethostbyname -Gethostbyname - Get the IP address corresponding to a given Internet host name
![Page 11: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/11.jpg)
Validating EmailValidating Email substrsubstr ( string string, int start [, int length] ) ( string string, int start [, int length] )
• Returns part of a string• returns the portion of string specified by the start and
length parameters.
string string strstrstrstr ( string haystack, string needle ) ( string haystack, string needle )
• Finds the first occurence of the string• Returns part of haystack string from the first occurrence
of needle to the end of haystack • If needle is not found, returns false
Code
![Page 12: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/12.jpg)
Email Validation codeEmail Validation code {{ $validEmailExpr =$validEmailExpr = "^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*" ."^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*" . "@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$";"@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$";
if (empty($email))if (empty($email)) {{ print "The email field cannot be blank";print "The email field cannot be blank"; $printFlag = false;$printFlag = false; }} elseif (!eregi($validEmailExpr, $email))elseif (!eregi($validEmailExpr, $email)) {{ print "The email must be in the name@domain format.";print "The email must be in the name@domain format."; $printFlag = false;$printFlag = false; }} elseif (strlen($email) >30)elseif (strlen($email) >30) {{ print "The email address can be no longer than 30 characters.";print "The email address can be no longer than 30 characters."; $printFlag = false;$printFlag = false; }}
![Page 13: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/13.jpg)
Email Validation codeEmail Validation code elseif (function_exists("getmxrr") && function_exists("gethostbyname"))elseif (function_exists("getmxrr") && function_exists("gethostbyname")) {{ $maildomain = substr(strstr($email, '@'), 1);$maildomain = substr(strstr($email, '@'), 1);
if (!(getmxrr($maildomain, $temp) || if (!(getmxrr($maildomain, $temp) || gethostbyname($maildomain) !=$maildomain))gethostbyname($maildomain) !=$maildomain))
{{ print "The domain does not exist.";print "The domain does not exist."; $printFlag = false;$printFlag = false; }} else $printFlag = true;else $printFlag = true; }} if ($printFlag == true) {if ($printFlag == true) { print "email address: $email exists";print "email address: $email exists"; }} }}
?>?>Example
![Page 14: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/14.jpg)
Class QuizClass Quiz
When using When using is_numericis_numeric function, function, what are the 5 legal number what are the 5 legal number formats?formats?
• Integers e.g. Integers e.g. 998878998878• Scientific notations e.g. Scientific notations e.g. 15e415e4• Floating points e.g. Floating points e.g. 10.2510.25• Hexadecimal e.g. Hexadecimal e.g. 2xff2xff• Negative numbers e.g.Negative numbers e.g. -56-56
Question 2
![Page 15: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/15.jpg)
Class Quiz: Qu 2Class Quiz: Qu 2
What is a major difference between What is a major difference between client-side and server-side client-side and server-side validation?validation?
Question 3
![Page 16: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/16.jpg)
Class Quiz: Qu 3Class Quiz: Qu 3
What does the function What does the function parse_urlparse_url do? do?
• Returns the different components of which the Returns the different components of which the URL is made up of e.g.URL is made up of e.g.
• scheme - e.g. http scheme - e.g. http • host host • port port • user user • pass pass • path path • query - after the question mark query - after the question mark ?? • fragment - after the hashmark fragment - after the hashmark ##
Question 4
![Page 17: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/17.jpg)
Class Quiz: Qu 5Class Quiz: Qu 5
What does the function What does the function strstrstrstr return? return?
• Finds the first occurence of the string• Returns part of haystack string from the first occurrence
of needle to the end of haystack • If needle is not found, returns false
Question 5
![Page 18: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/18.jpg)
Class Quiz: Qu 6Class Quiz: Qu 6
What does the function What does the function emptyempty check?check?
• If the variable is emptyIf the variable is empty
![Page 19: Server-Side Validation Jayden Bryant. What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate.](https://reader035.fdocuments.in/reader035/viewer/2022072011/56649e265503460f94b153c8/html5/thumbnails/19.jpg)
Validation CompleteValidation Complete