php-general Digest 7 Dec 2008 09:46:49 -0000 Issue 5831
Topics (messages 284244 through 284247):
Re: How do you organise your PHP work ?
284244 by: Nathan Rixham
Re: How to Insert <?xml-stylesheet .....?> into DOMDocument
284245 by: Shanon Swafford
Re: Poll of sorts: Javascript Form validation or PHP
284246 by: Michael Kubler
284247 by: Ashley Sheridan
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
franzemmanuel wrote:
Hi !
I wanted to know how you organise your work when you develop a project ?
- I have a checking list to control each file.
- I make a diagram (with Impress).
- And a CalcSheet to follow my variables.
(examples : http://www.surleweb.biz/development.php).
And you ? How do you work ?
Have a good evening everybody !
Personally I sanity check with unit tests; document everything
thoroughly as i go and run through phpdoc frequently.
if I need a visual representation I normally do it at the planning stage
using amateras or a similar UML tool.
--- End Message ---
--- Begin Message ---
>> Is there a way to make it create the following XML?
>>
>> <?xml version="1.0"?>
>> <?xml-stylesheet href="xsl_table.xsl" type="text/xsl"?>
>> <foo>
>> <bar/>
>> <bazz/>
>> </foo>
>>
>> I can't seem to find any dom functions to do this.
>>
>> Thanks in advance,
>> Shanon
>>
>>
>
>DOMProcessingInstruction as such:
>
><?php
>error_reporting(E_ALL | E_STRICT);
>
>$doc = new DOMDocument();
>$doc->formatOutput = true;
>
>// processing instruction data
>$styleheetParams = 'href="xsl_table.xsl" type="text/xsl"';
>
>// create processing instruction
>$xmlstylesheet = new DOMProcessingInstruction( 'xml-stylesheet',
$styleheetParams);
>
>//append it to the doc
>$doc->appendChild($xmlstylesheet);
>
>$foo = $doc->createElement("foo");
>$doc->appendChild($foo);
>
>$bar = $doc->createElement("bar");
>$foo->appendChild($bar);
>
>$bazz = $doc->createElement("bazz");
>$foo->appendChild($bazz);
>
>echo $doc->saveXML();
>
>?>
Thanks Nathan,
That worked perfect!
Shanon
--- End Message ---
--- Begin Message ---
I agree with Nathan.
Always do server side validation, and if you have the skills, time, or
are being paid then add javascript validation to make the user
experience better.
I have a general contact form which checks the input server side (PHP)
and if there's something wrong then it indicates as such, and shows the
user their input, with the errors and why (e.g not a valid email
address, etc..).
If it was for anything larger than about 10 fields per page, then
javascript validation can be useful.
Slightly off topic, but does anyone know of an easy way of checking user
input like the PHP filter_var() function?
I've seen plenty of libraries for AJAX, and the like (Prototype, jquery,
etc), but haven't run across any for standard form input validation.
Thanks.
Michael Kubler*
* <http://www.greyphoenix.biz>
Nathan Rixham wrote:
where as I think validation always needs to happen at the server side;
each application or script should be self contained, it needs to check
that the data it recieves is valid before working with it; if it is
not valid it needs to inform the system that sent it the data is not
valid.
The system that sent it in this case is the html output; so you need a
method of displaying errors in the html.
That is the bare minimum and always needed.
As for making the experience nicer; javascript is good for this; it
can be used to pre-validate input on the way in to the system; but
should not be relied upon as it can be turned off, stop functioning
due to another faulty javascript on the page or simply not be
supported by the client. You still need the server side validation
though.
So.. more of a case of always validate server side; and should / do
you want to use javascript validation in addition.
IMHO :p
--- End Message ---
--- Begin Message ---
On Sun, 2008-12-07 at 17:36 +1030, Michael Kubler wrote:
> I agree with Nathan.
> Always do server side validation, and if you have the skills, time, or
> are being paid then add javascript validation to make the user
> experience better.
> I have a general contact form which checks the input server side (PHP)
> and if there's something wrong then it indicates as such, and shows the
> user their input, with the errors and why (e.g not a valid email
> address, etc..).
> If it was for anything larger than about 10 fields per page, then
> javascript validation can be useful.
>
> Slightly off topic, but does anyone know of an easy way of checking user
> input like the PHP filter_var() function?
> I've seen plenty of libraries for AJAX, and the like (Prototype, jquery,
> etc), but haven't run across any for standard form input validation.
>
> Thanks.
>
> Michael Kubler*
> * <http://www.greyphoenix.biz>
>
>
>
> Nathan Rixham wrote:
> > where as I think validation always needs to happen at the server side;
> > each application or script should be self contained, it needs to check
> > that the data it recieves is valid before working with it; if it is
> > not valid it needs to inform the system that sent it the data is not
> > valid.
> >
> > The system that sent it in this case is the html output; so you need a
> > method of displaying errors in the html.
> >
> > That is the bare minimum and always needed.
> >
> > As for making the experience nicer; javascript is good for this; it
> > can be used to pre-validate input on the way in to the system; but
> > should not be relied upon as it can be turned off, stop functioning
> > due to another faulty javascript on the page or simply not be
> > supported by the client. You still need the server side validation
> > though.
> >
> > So.. more of a case of always validate server side; and should / do
> > you want to use javascript validation in addition.
> >
> > IMHO :p
>
I put a small one together using regular expressions,
http://www.ashleysheridan.co.uk/coding_php_validation.php
I tend to use it for all my projects where I need to validate the user
input. It uses a whitelist-style approach rather than a blacklist style
(i.e. it has an allowable entry format rather than checking to see if
certain characters don't exist in it) which has had the added benefit of
preventing an SQL injection attack that I've seen as well.
Ash
www.ashleysheridan.co.uk
--- End Message ---
