I have several forms in one HTML page...
I have to filter these forms somewhere... (eg check if all or some form elements have values etc...)
I am using ajax to submit the forms, but i dont know if i should filter it before submitting it to my php file, or filtering it inside the php file?
I want the fastest way for the data to show up....
??????????????
Thanks
Filter in both places. You cannot trust anything the client sends to your server, so always check in a server side script that what they sent is good. But you don't want your client to wait, so check using client side script as well.
Always consider that there are people out there, who have JavaScript deactivated. For them you need to check data at the server side.
Also the checks on JavaScript side could be manipulated (Firebug, etc) so you also have to check the data on the server side for people having JavaScript enabled.
i would at first say that having multiple forms on one page is definitely not the best practice. especially if you're using Ajax to submit forms. use validation on the client-side along with server-side. consider using some framework, which can ease your life and give you some custom solutions.
Related
This is more a question of concept. here is the situation, we have a list of objects, and need to show a modal with a editing/adding form for an object. You have around 10 fields, which is better, to generate the form on the fly with javascipt, to make an ajax call and generate the form with the server language then return it as html and show it, or generate the form inline (when the list is created ) and just show it?
I am not asking on how to do it, i can do it in all of the ways i have described, the question is which of these is cleaner and more efficient by today's standards.
The third option (generate server side) is the best, for two reasons:
People with JavaScript turned off can still see the forms. (Make sure you hide them with JS if you're showing them with JS.)
Screen readers will be able to read the forms.
JavaScript is a great tool to enhance UX, but don't rely on it for things to work.
I would use the "on the fly" method or the third. With the first you may decrease Serverload (it's depending of your user-base and the data) and as the normal user has JS enabled it's not a problem.
The third is good because it doesn't requires Javascript enabled, and so even old or mobile devices can display the form correctly.
The second is IMHO the worst as it requires JavaScript and takes the server under more load.
When you don't have a big user-base which needs this form often then use the method which is easier for you to develop and maintain.
I m beginner to learn java script and I just read that we use java script for interactive and page validation ...so my question is that
We can validate our page with the help of php then why we should use JavaScript?
Ideally, you should be doing both. But at the least, you should be using server side validation.
The reason you have JS or client side validation is so that
The user gets immediate feedback on errors
Your server is spared the round trip for smaller validation
You should never rely only on JS for validation as this can be easily disabled/circumvented. Always use it as an added layer to your server side validation.
Javascript validation allows a more 'responsive' validation message since it doesn't require a postback.
However you should always include server side validation AS WELL since a user could turn off javascript and bypass the validation.
Javascript vaidation is client side validation. You do it even before your page is submitted to the server. And hence prevent resubmitting your page all again
Javascript is used for browser side validation i.e, client side , But php is used for ser
I guess you mean that you can validate the data entered at the server end in php and you do not see the point in validating at the client side using Javascript.
Javascript runs on the client (i.e. the user's browser), which means the data does not have to make a round trip to the server to be validated. This makes the process faster and reduces load on the server. Imagine someone entering a huge amount of data into a text field that is supposed to accept only 15 characters. If you validate only in the server side, your application stalls while the data is being sent. If you also validate using Javascript, nothing is sent back since it is caught at the user's browser.
That being said, it is a good idea to validate at both the client and the server. This takes care of someone intentionally circumventing your Javascript validation (e.g. by turning off Javascript).
These are the two sides of a coin:
PHP = Server Side vs Javascript = Client Side
Both operate in different mediums on opposite sides of the HTTP fence
You can't really compare them. Normally, you use them both. Javascript for the nice dynamic client side stuff (like hiding a part of the page) and PHP to generate the page. And then there's ajax, which makes both work really great together.
Some more comparision:
In php you can have the remote and local time
In js you can have user time...
In php you can have remote and host address
In js ... i dont know !!
In php the source is not lookable in the source code
In js the source can be see in the source code of the page.
To use php it requires sending a request to the php and getting a response.
Javascript is client-side therefore eliminates the need for the request to be send.
Javascript is a much faster way since you do not need to send a request to the server.
But it depends if you are validating a form with certain data that you need checked.
For example, if you have a form and there is an email input box, you may want to check if that email is already in your database. This would require php.
Otherwise, if you do not need to make a request to your server, javascript would be the better one to use.
I'm making a form in a server using PHP, but I'm considering on using jQuery for the form submittion.
So, what option is better? A PHP script that takes the form, validating stuff right there and sending messages when something is wrong, or a jQuery script that sends the form without reloading? What are the pros and cons? Thank you beforehand!
You should do both!
Server side validation is always more secure then on client site.
Client site validation is great for the usability because the user will get an instant feedback from the script if something went wrong. And the user don't have to send the data to the server first before he gets some feedback.
I always put the validation on the server-side at a minimum as client-side logic is ultimately unreliable (what happens if someone disables javascript? Opens firebug to change things?). I treat client-side validation as a bonus for UX. That's not to say you can't use something like the jQuery validate plugin to add client-side logic on top of it, but I wouldn't rely only on client-side logic.
I've found myself becoming fond of the MVC famework from Microsoft because version 3 has very nice integration between the server-side validation logic and the jQuery validate plugin. Haven't looked in a while but there might be something like that in a PHP framework?
Never trust the client. Thus, JavaScript form validation can only be a plus, for user convenience, but never be your only validation mechanism. With a bit of webdev knowledge you can work around JavaScript and send forms with data you like.
JavaScript validation with informative messages can be a huge plus for users though, so you should definitely consider it as a user-level validation.
Also, remember there may be users who do not use JavaScript by default.
I use both. For a validation example.. I will have a php function called "saveData()" and it would throw an exception if its missing some form data. On the other hand, if they have javascript enabled, they can submit the form and immediately find out if they are missing data, rather than reloading the page to find out.
Assuming you mean to use javascript to validate and then send it serverside (which, as #pekka says, is a given), then you have as pro/con for jQuery/javascript this
pro:
quick and easy validation. You can do this per-field, not everything at once.
con:
some people still don't like extra/unneccesairy javascript in their pages. But i don't think that's a big con.
Client side validation has nothing to do with security.
Its purpose is only to improve performance to create a better user experience.
Server side validation is all about security.
Any client side validation must be done on the server side (the other way around is not a must).
There are many ways to handle forms. one is to simply submit the form and the get variables on php and another one that i'm thinking of, is to send data with ajax and during this process we can show a dialog and show the information about processing the data with a progress bar.
despite the fact that ajax is faster than the standard technique and sometimes it's easier to use why there's a very few websites that are using the ajax method ?
It's not that you shouldn't be using ajax to post forms, is that you have to "double" your work (for small amounts of double). I usually make a form work with normal submit, and then I override it with javascript. That way you have a non-javascript fall-back, and don't leave anyone behind. Also lok at jQuery's $.post and $('#myform').serialize methods.
There is no intrinsic reason that it isn't used more. It's just that for most websites, AJAX isn't really needed.
Javascript, as a language, should be treated primarily as an 'addon'. Your page should work perfectly without using Javascript, AJAX, or any other browser languages.
What should ideally happen, is when you Javascript loads, it puts in an event catcher that when the form is submitted, it returns false and instead submits it using AJAX. If Javascript is not enabled, nothing every submits false, and the form is submitted server side.
This allows the most compatability, and is the reason people discourage having a lot of Javascript in the actual tags like this:
Go
Some people turn off Javascript, and some old browser might have errors with that onClick event. Heck, people might develop new browsers that omit Javascript completely for one reason or another.
The Point is that Javascript should simply be an 'addon' to the web page, not the heart of it.
(Unless it is a Javascript Application, which does absolutely everything through Javascript. Normal forms however are not Javascript Applications)
AJAX is not necessarily faster, it's not necessarily easier to use, and not all visitors will be able to use it at all (in particular those who have disabled JavaScript for some or all websites). It's also not always possible to reliably show a progress bar for the AJAX submission any more than it is for a traditional submission. Finally, since the server-side code will look about the same regardless of which client-side submission method you use, submitting via AJAX is more effort, which is not always justified.
That's not to suggest that AJAX is a poor technology, or that it should be avoided. However, even forms that have the option to submit via AJAX should also support traditional submissions. After that, which forms you choose to enable AJAX submissions for should depend on where you have the budget (or, if it's a pet project, the time) to do the extra work.
AJAX is a relatively new technology, and I'm sure in some applications is difficult to implement. If you're doing down the road of adding AJAX to your application consider Progressive Enhancement.
Why should I bother to use JavaScript for form validation when I still have to use PHP since the user could have JavaScript support turned off.
Isn't it unnecessary?
Update:
Ok thanks for your answers. it sounds like a good idea to have it on the client side too. where can I download good JavaScript validations?
Do you know where I can download a validation script like that one in yahoo when you register an account?
Javascript validation allows your user to be informed of any errors prior to their submitting the form to the server. This saves irritating page-reloads (since on submit the JS catches the event and validates the form, preventing form-submission if errors are found) and minimises the chances of their having to re-enter information again (and again and again...), or leaving prior to completing the form properly. JS validation is not a substitute for server-side validation (since the user can see the JS, and, by saving the page and amending the JS do whatever they want); but it's a convenience for them.
This is simply part of the concept of progressive enhancement, whereby JS provides a mechanism for enhancing the experience for the user, if it's there and turned on, and hopefully makes their interaction with your site pleasant, or, at least, minimally irritating.
Edited in response to OP's question regarding 'where to download a JS validation tool.'
While I can't -necessarily- recommend any one library (I tend to write my own as required, or borrow from previously self-written examples), a Google search threw these options up:
http://www.jsvalidate.com/
Stephen Walther's page, discussing Microsoft's CDN and jQuery-validation, linking to jQuery Validation plug-in:
jQuery.validate (hosted at MS' ajax.microsoft.com subdomain)
jQuery.validate.min
jQuery validate plug-in homepage (bassistance.de).
You should ALWAYS validate in PHP on the SERVER SIDE and validation in JavaScript is CLIENT SIDE validation for user CONVENIENCE. Thanks to validation on client user may find errors in his form without page relodaing. But user may sent form data without data script validation
(for example he may not have JS support in web browser), thus always validate on the server side.
... as courtesy to the users pretty much. Makes life easier for the ordinary users that simply commit human things from time to time.
I recommend you using unified server-side and client-side validation using a framework, since it may avoid confronting the user to data valid on client side but rejected by the server, or the opposite (client side too restrictive).
Following list of framework give information about server/client side validation:
http://en.wikipedia.org/wiki/Comparison_of_web_application_frameworks
It's a matter of whether you want your form (and website as a whole) to be interactive-cum-user-friendly or not. You can just let the server-side do the validations and throw the error back to the users but that would be less interactive and less user-friendly than warning the users before they submit the form (although you still need to validate the inputs on server-side no matter what). Just my 2 cents :P
I recomend to use Javascript for client side and Php for server side
This will make interaction or user friendly site nad reduce reloading page many times in case user submit wrong data
Yes, it is best practice to validate the user input values from both sides client and server side ,
some cases client was disabled javascript or mobile browser that doesn't javascript, remember there is spammers also.
To my mind, only client-side-checking of form input does not work because of security. Imagine you want to check a user password(if "yourpwd" == userinput), with js the user will see the password because it is in the browser-sourcecode .With php, it is not visible because php is for some reason hidden.