Re: [PHP] recommended way for server side validation - include in same file or have a different file
Hello Vinayakam, Tuesday, March 8, 2005, 4:11:43 AM, you wrote: V However in the second case, in case of an error, displaying the V data becomes an issue. V Any recommended ways for server side validation I usually do the updates in the same file unless there are a lot of different things going on (inserts, updates, deletes etc), then I'll break it out into separate files. However, I do almost always have an included file with all my error checking code. So, let's say in the main page(let's call it index.php) where we're filling out a form, we have the following three items: formFirstName formLastName formEmployeeNumber We submit and the action is PHP_SELF At the top of index.php is an include for errorhandler.php which only happens if $_POST['submit'] == Submit errorhandler.php includes functions.php at the top and errorhandler.php looks like this: validateString('firstName', $_POST['formFirstName'], 25) validateString('lastName', $_POST['formLastName'], 25) validateNumeric('EmployeeNumber', $_POST['formEmployeeNumber'], 5) functions.php contains all my commonly used functions, and validateString() might look like this: function validateString($fieldName, $fieldValue, $size) { global $errors[]; if ($strlen($fieldValue) = $size) { if (does not contain any undesirable characters) { $errors['$fieldname'] = 0; } else { $errors[0] = 1; $errors[$fieldName] = You may only use letters and hyphens.; } } else { $errors[0] = 1; $errors[$fieldName] .= This field is limited to $size characters.; } return; } Then back in index.php I test $errors[0] to see if there was an error, if so, I skip over the insert, update or delete and just go back down to the form and display the error where appropriate. Note: I didn't test the above code for this explanation. It gets a bit harder when you have separate files but it's doable. -- Leif (TB lists moderator and fellow end user). Using The Bat! 3.0.2.3 Rush under Windows XP 5.1 Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] recommended way for server side validation - include in same file or have a different file
The way I do it is to have display, edit, validation and save all in the same file. I have an op variable that tracks whether the operation is an edit or reedit (reuse submitted data) because of validation failure. Another variable would track if it's a new entry (blank fields) or editing an existing entry (retrieve data). For clarity, I break out pieces into separate files and just include them if needed. This keeps the file smaller and easier to traverse and debug. if ($op=='save') { validate if validated include('saveFile.php') op = 'view' else error message stuff op = 'reedit' } if ($op=='reedit') { prep submitted data for reediting, include error message(s) } elseif ($id=='new') { prep 'blank' data, set defaults } elseif ($id0) { retrieve data for display or editing } if ($op=='edit' || $op=='reedit') { create form field for data entry } else { massage data for display } Merge data with HTML template file Display final page That's basically my template. The core file is really just the logic, data retrieval is obviously done through a function call. The display piece, the html, is in a separate file and is structured for handling simple data display or data entry form fields. The logic dictates the role of the template, data entry or display. It's also then very simple to create a display for cellphones, just create a different html template. I've tried to follow the MVC (Model View Controller) design pattern concept, which has worked very well for me. Hope that helps. On Mar 8, 2005, at 6:11 AM, Vinayakam Murugan wrote: Hi I have always felt for reasons for cleanliness and clarity, it is better to have the validation and insert / update statements in a seperate file rather than have it in the same script. Case 1 -- //file:form.php if $_POST then validate Insert or update on success else if $_GET['primarykey'] then show form for editing else show form for adding fi form action=form.php method=post Show form /form Case 2 -- //file:form1.php if $_GET['primarykey'] then show form for editing else show form for adding fi form action=formvalidate.php method=post Show form /form However in the second case, in case of an error, displaying the data becomes an issue. Any recommended ways for server side validation -- Warm Regards Vinayak -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php