subject:"Re\: \[PHP\] recommended way for server side validation \- include in same file or have a different file"

Re: [PHP] recommended way for server side validation - include in same file or have a different file

2005-03-08 Thread Leif Gregory

Hello Vinayakam,

Tuesday, March 8, 2005, 4:11:43 AM, you wrote:
V However in the second case, in case of an error, displaying the
V data becomes an issue.

V Any recommended ways for server side validation


I usually do the updates in the same file unless there are a lot of
different things going on (inserts, updates, deletes etc), then I'll
break it out into separate files. However, I do almost always have an
included file with all my error checking code.

So, let's say in the main page(let's call it index.php) where we're
filling out a form, we have the following three items:

formFirstName
formLastName
formEmployeeNumber

We submit and the action is PHP_SELF

At the top of index.php is an include for errorhandler.php which only
happens if $_POST['submit'] == Submit

errorhandler.php includes functions.php at the top and
errorhandler.php looks like this:

validateString('firstName', $_POST['formFirstName'], 25)
validateString('lastName', $_POST['formLastName'], 25)
validateNumeric('EmployeeNumber', $_POST['formEmployeeNumber'], 5)


functions.php contains all my commonly used functions, and
validateString() might look like this:

function validateString($fieldName, $fieldValue, $size) {
  global $errors[];
  
  if ($strlen($fieldValue) = $size) {
if (does not contain any undesirable characters) {
  $errors['$fieldname'] = 0;
}
else {
  $errors[0] = 1;
  $errors[$fieldName] = You may only use letters and hyphens.;
}
  }
  else {
$errors[0] = 1;
$errors[$fieldName] .= This field is limited to $size characters.;
  }
  return;
}

Then back in index.php I test $errors[0] to see if there was an error,
if so, I skip over the insert, update or delete and just go back down
to the form and display the error where appropriate.

Note: I didn't test the above code for this explanation.

It gets a bit harder when you have separate files but it's doable.



-- 
Leif (TB lists moderator and fellow end user).

Using The Bat! 3.0.2.3 Rush under Windows XP 5.1
Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] recommended way for server side validation - include in same file or have a different file

2005-03-08 Thread Brent Baisley

The way I do it is to have display, edit, validation and save all in 
the same file. I have an op variable that tracks whether the 
operation is an edit or reedit (reuse submitted data) because of 
validation failure. Another variable would track if it's a new entry 
(blank fields) or editing an existing entry (retrieve data). For 
clarity, I break out pieces into separate files and just include them 
if needed. This keeps the file smaller and easier to traverse and 
debug.

if ($op=='save') {
validate
if validated
include('saveFile.php')
op = 'view'
else
error message stuff
op = 'reedit'
}
if ($op=='reedit') {
prep submitted data for reediting, include error message(s)
} elseif ($id=='new') {
prep 'blank' data, set defaults
} elseif ($id0) {
retrieve data for display or editing
}
if ($op=='edit' || $op=='reedit') {
create form field for data entry
} else {
massage data for display
}
Merge data with HTML template file
Display final page
That's basically my template. The core file is really just the logic, 
data retrieval is obviously done through a function call. The display 
piece, the html, is in a separate file and is structured for handling 
simple data display or data entry form fields. The logic dictates the 
role of the template, data entry or display. It's also then very simple 
to create a display for cellphones, just create a different html 
template. I've tried to follow the MVC (Model View Controller) design 
pattern concept, which has worked very well for me.

Hope that helps.
On Mar 8, 2005, at 6:11 AM, Vinayakam Murugan wrote:
Hi
I have always felt for reasons for cleanliness and clarity, it is
better to have the validation and insert / update statements in a
seperate file rather than have it in the same script.
Case 1
--
//file:form.php
if $_POST
  then validate
  Insert or update on success
else
  if $_GET['primarykey'] then
 show form for editing
  else
 show form for adding
fi
form action=form.php method=post
Show form
/form
Case 2
--
//file:form1.php
  if $_GET['primarykey'] then
 show form for editing
  else
 show form for adding
fi
form action=formvalidate.php method=post
Show form
/form

However in the second case, in case of an error, displaying the data
becomes an issue.
Any recommended ways for server side validation
--
Warm Regards

Vinayak
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search  Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] recommended way for server side validation - include in same file or have a different file

Re: [PHP] recommended way for server side validation - include in same file or have a different file

2 matches

Site Navigation

Mail list logo

Footer information