Download presentation
Presentation is loading. Please wait.
1
Server-Side Validation Jayden Bryant
2
What is Server-Side Validation? Validation of form input done on the server, not the web browser program //Validate the Surname If ($surname == “”) print( “The surname field cannot be blank.”);
3
Differences between Client and Server Side Validation Client-Side No round trip to server = quicker validation, instant feedback to userNo round trip to server = quicker validation, instant feedback to user User may skip client-side validation by turning off java scriptUser may skip client-side validation by turning off java script Server-Side Ensures 100% validation of input even if front end validation failsEnsures 100% validation of input even if front end validation fails User cannot skip server-side validationUser cannot skip server-side validation Ensures that improper data sent will be filtered correctly, a detailed error message can be sent back to userEnsures that improper data sent will be filtered correctly, a detailed error message can be sent back to user Takes longer time to vaildate – information must do a round trip to the server.Takes longer time to vaildate – information must do a round trip to the server.
4
What we shall Discuss Methods used when validating different form data Number validation URL validation Email Validation
5
Common Validation functions ereg () function <?php $username = (jayden2); If (ereg ('[^A-Za-z]', $username)){ echo "Usernames must contain only letters."; } else {echo "$username is a valid username.";} ?> !ereg () function if ($validate) { $text = ($n); print "email entered is $text. "; if (!ereg("[@]",$text)) echo ("email must conatain the symbol '@'."); else echo ("Good job, email contains an '@'"); } To example
![Common Validation functions ereg () function < php $username = (jayden2); If (ereg ( [^A-Za-z] , $username)){ echo Usernames must contain only letters. ; } else {echo $username is a valid username. ;} > !ereg () function if ($validate) { $text = ($n); print entered is $text.](http://images.slideplayer.com/23/6625045/slides/slide_5.jpg "; if (!ereg( ,$text)) echo ( must conatain the . ); else echo ( Good job, contains ); } To example.")
6
Validating Numbers is_numeric() function Checks to see if input is numericChecks to see if input is numeric is_numeric allows:is_numeric allows: Integers e.g. 998878Integers e.g. 998878 Scientific notations e.g. 15e4Scientific notations e.g. 15e4 Floating points e.g. 10.25Floating points e.g. 10.25 Hexadecimal e.g. 2xffHexadecimal e.g. 2xff Negative numbers e.g. -56Negative numbers e.g. -56 if (!is_numeric($n)) print “Does not conform to function"; else print "Validation passed!! Input was: $n"; Example
7
Validating URL’s Parse_url: function parses a URL and returns an associative array containing any of the various components of the URL that are present. scheme - e.g. http host port user pass path query - after the question mark ? fragment - after the hashmark # Example: Example: http://www.webdatabasebook.com/test.php?statuse=F#me ssage parse_url
8
Validating URL’s function_exists: Return TRUE if the given function has been defined checkdnsrr: Check DNS records corresponding to a given Internet hostname or IP address type may be any one of: A, MX, NS, SOA, PTR, CNAME, AAAA, A6, SRV, NAPTR or ANY. The default is MX. URL code
9
URL Validation Code <?php $bits = parse_url($url); if ($bits["scheme"] != "http") print "URL must begin with http://."; elseif (empty($bits["host"])) print "URL must include a host name."; elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], 'A')) print "Host does not exist."; else echo ("URL: $bits Exists"); ?> URL Example
![URL Validation Code < php $bits = parse_url($url); if ($bits[ scheme ] != http ) print URL must begin with ; elseif (empty($bits[ host ])) print URL must include a host name. ; elseif (function_exists( checkdnsrr ) && !checkdnsrr($bits[ host ], A )) print Host does not exist. ; else echo ( URL: $bits Exists ); > URL Example](http://images.slideplayer.com/23/6625045/slides/slide_9.jpg "URL Validation Code < php $bits = parse_url($url); if ($bits[ scheme ] != http ) print URL must begin with ; elseif (empty($bits[ host ])) print URL must include a host name. ; elseif (function_exists( checkdnsrr ) && !checkdnsrr($bits[ host ], A )) print Host does not exist. ; else echo ( URL: $bits Exists ); > URL Example")
10
Validating Email Empty (var) – Determines whether a variable is empty strlen - Get string length Returns the length of the given stringReturns the length of the given string Getmxrr – Check if there is a record of the email domain as a mail exchanger (MX) Gethostbyname - Gethostbyname - Get the IP address corresponding to a given Internet host name
11
Validating Email substr ( string string, int start [, int length] ) Returns part of a string returns the portion of string specified by the start and length parameters. string strstr ( string haystack, string needle ) Finds the first occurence of the string Returns part of haystack string from the first occurrence of needle to the end of haystack If needle is not found, returns false Code
![Validating substr ( string string, int start [, int length] ) Returns part of a string returns the portion of string specified by the start and length parameters.](http://images.slideplayer.com/23/6625045/slides/slide_11.jpg " string strstr ( string haystack, string needle ) Finds the first occurence of the string Returns part of haystack string from the first occurrence of needle to the end of haystack If needle is not found, returns false Code.")
12
Email Validation code { $validEmailExpr = "^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*". "@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$"; if (empty($email)) { print "The email field cannot be blank"; $printFlag = false; } elseif (!eregi($validEmailExpr, $email)) { print "The email must be in the name@domain format."; $printFlag = false; } elseif (strlen($email) >30) { print "The email address can be no longer than 30 characters."; $printFlag = false; }
* .](http://images.slideplayer.com/23/6625045/slides/slide_12.jpg "[0-9a-z~!#$%&_-])*$ ; if (empty($ )) { print The field cannot be blank ; $printFlag = false; } elseif (!eregi($valid Expr, $ )) { print The must be in the format. ; $printFlag = false; } elseif (strlen($ ) >30) { print The address can be no longer than 30 characters. ; $printFlag = false; }.")
13
Email Validation code elseif (function_exists("getmxrr") && function_exists("gethostbyname")) { $maildomain = substr(strstr($email, '@'), 1); if (!(getmxrr($maildomain, $temp) || gethostbyname($maildomain) !=$maildomain)) { print "The domain does not exist."; $printFlag = false; } else $printFlag = true; } if ($printFlag == true) { print "email address: $email exists"; } ?> Example
14
Class Quiz When using is_numeric function, what are the 5 legal number formats? Integers e.g. 998878Integers e.g. 998878 Scientific notations e.g. 15e4Scientific notations e.g. 15e4 Floating points e.g. 10.25Floating points e.g. 10.25 Hexadecimal e.g. 2xffHexadecimal e.g. 2xff Negative numbers e.g. -56Negative numbers e.g. -56 Question 2
15
Class Quiz: Qu 2 What is a major difference between client-side and server-side validation? Question 3
16
Class Quiz: Qu 3 What does the function parse_url do? Returns the different components of which the URL is made up of e.g.Returns the different components of which the URL is made up of e.g. scheme - e.g. httpscheme - e.g. http hosthost portport useruser passpass pathpath query - after the question mark ?query - after the question mark ? fragment - after the hashmark #fragment - after the hashmark # Question 4
17
Class Quiz: Qu 5 What does the function strstr return? Finds the first occurence of the string Returns part of haystack string from the first occurrence of needle to the end of haystack If needle is not found, returns false Question 5
18
Class Quiz: Qu 6 What does the function empty check? If the variable is emptyIf the variable is empty
19
Validation Complete
Similar presentations
