What language to validate user input? - validation

Im attempting one of my first web applications in PHP.
There is a text box a user inputs text and clicks send. When send is clicked or when they are typing I want it to give the user an error message if they are entering forbidden characters.
But I cant really see a way to do it effectively in PHP.
Can anyone tell me what programming language would be best for this and maybe links if that would help.
However, I do not want anyone to give me the complete code for this, otherwise there is no challenge in it for me.
Thanks guys

You can use Javascript (with or without jQuery) to realtime validation. Or you use PHP to a server-side validation with IF conditionals.
Javascript Validation Sample:
http://www.w3schools.com/js/js_form_validation.asp
-- EDIT --
I recommend you validate first in the Javascript and later in PHP, because with FireBug users can edit the Javascript validation script.

There are two kinds of validation you need to consider: client-side and server-side.
Client-side validation is when the browser checks the input and reports errors as the user types, or when they hit "submit". You will probably want to use Javascript for this.
Server-side validation is when the server checks the input after the browser has submitted it. You can check this in PHP (or whatever server-side language you want - Java, C# or whatever). Note that you must do server-side validation even if you also do client-side, because you can't trust the user to submit valid data. It's pretty easy to submit bad data even when client-side validation is in use.

You need to use JavaScript because it is a client side language and can detect changed as the user is typing and such.

Related

Laravel 5.3 - Is there bulid in way for form tampering protection

Is there any built in way to protect Forms from tampering, particularly adding or removing inputs to/from the form, from client side or editing the values of hidden fields ? I am coming from cakephp background and there is nice built-in security feature
https://book.cakephp.org/3.0/en/controllers/components/security.html#form-tampering-prevention
Please note, that I know the approach how it is being done in cake, and I understand that it can be manually implemented, the question is, is there any built-in way to go with.
Thanks
Laravel validation can be used to make sure what fields are sent and what the content of these fields looks like.
There is also csrf protection that is enabled by default to make sure forms cannot be sent by another website.

Email address locked in field like box?

So I dont know what it is called but I am looking for a way to box in the user entered email addresses like they do in hotmail, where any valid email is boxed into that rectangle locked email once it is validated in real time? Also in hotmail they allow you to remove it by clicking the X and edit it by clicking the edit icon. I want to add more features also appart from edit and delete, so I guess I use AJAX for this? I dont know the term for this so not sure how to search for sample code and design patters for this. Any idea on what this is called or sample links with different design patterns?
You mean a facebook-like autocompletion? It uses AJAX (Javascript libraries: Prototype / Scriptacoulous).
Maybe this library is not perfectly suited to your use case, but you definitely need Javascript to do it as soon as the user enters it, but not necessarily AJAX - via javascript you can create input-hidden fields that will get submitted with the rest of the form.

How do I send an email from my webpage?

I am not a web developer but I do have a lot of programming experience in C# and Windows forms programming. On our company webpage my boss wants me to put in a textbox where visitors can submit a comment and press a submit button and that comment will be sent to an email address. Right now, our website uses just plain old html, no php or javascript or anything like that. I am wondering what is the simplest way to accomplish what I need? Can someone point me in the right direction? The website is hosted on an Apache server so I won't be able to use aspx.
The simplest method depends heavily on what is available. If PHP is supported, use it.
Here's a simple example (I wouldn't focus too much on their HTML -- which is a bit shoddy) but the PHP at the bottom to give you an idea on how to pull the <form> in and send the email.
If you don't have PHP and don't want to install it, you can do this without any server-side code and outsource the problem. Bravenet (a name that will be familiar with any old-school webdeveloper) have a free hosted form solution that lets you post your forms to their server and they email you the result.
Not amazingly professional, but takes about 10 seconds to implement.
The simplest solution would be have the form action as "mailto:email#address.com"
However, this has the downside of the email address being sent to being exposed to spam bots, along with the clients mail application having to load to send the email which can be confusing and slow.
Sending emails in PHP is common, and there are thousands of articles out there on how to do it, here's one
In this case the most simple way is to install PHP to your apache to use the mail()-function.
Of couse you could use tomcat additional to apache, but the configuaration is much more time-eating.
If you don't want to use any sort of scripting technology, then the form mailto might be your only option. You can just make the action of your HTML form mailto:youraddress and the form post will be mailed directly.
I would highly recommend looking into some sort of scripting technology though to do this in a more reliable way....PHP looks like a good fit in your environment.

How do we do AJAX programming

I have no idea about AJAX programming features. I just know that it is Asynchronous Javascript and XML.
Please help me in knowing about this language.
I have gone through many AJAX tutorials. But none of the programs are running. Why I don't know.
Do we save the file with .HTML extension?
Read:
AJAX Tutorial by W3Schools.
AJAX Programming by Google Code University
To start coding you can get the Ajax Control Toolkit by Microsoft. You should read Ajax Control Toolkit Tutorials to get a grasp of it.
You can use the free Microsoft Visual Web Developer 2010 Express Edition as your IDE.
Aside from the correct responses that the others gave you, judging from your question I think you first need to learn about client-side and server-side code.
Do we save the file with .HTML extension?
Yes and no. You will have an HTML frontend, that for instance contains a button. This will be interpreted from the client's (=user) browser. In fact it may be rendered differently depending on the browser/OS/etc.
Now, you attach some Javascript code to this button. This also runs on the client's browser, and creates a XMLHttpRequest object, either directly or through the use of a library (JQuery & Co.). Note that a library is not necessary to do an AJAX request. It will make your life easier if you do a lot of AJAX calls, but it is not essential.
And here's where the magic happens: the XMLHttpRequest object will call asynchronously (i.e.: without reloading the page) a server-side page. This may be a PHP, ASP, Perl etc etc file that does something on the server, for instance queries a database. This part of the operation is absolutely independent from the client. The user can close the browser before the server-side code finishes to load and the server will not know about it.
Once the server-side code has finished executing it returns to the client with some response data (e.g. a piece of XML, JSON, HTML or whatever you like). Finally the client executes (or not) some other Javascript code in response to this, for example to write on the screen, again with no reloading of the page, something based on what the server has returned.
Maybe I can help you understand AJAX by clarifying the concepts a bit.
Please help me in knowing about this language.
AJAX is not a language, it is a way of using existing techniques to improve the user experience of a web site. The language is Javascript in the browser but you can use any server side technique that you feel comfortable with (ASP.NET, Java, PHP, Ruby etc.)
Do we save the file with .HTML extension?
Well, that is not really the point. What you have to grasp here is that there is a server and a browser that interact with each other. Yes, you can use static HTML files for your pages (and save them as .html files), but you'll need a server to respond to the requests of the browser. This may be why your sample code is not working; you need to set up a server that works with your pages.
The whole idea behind AJAX is to improve the user experience by not reloading the entire page when a user interacts with it. You request the data you need and update the page by using Javascript to update the HTML. This is called an out-of-band or asynchronous request.
I just know that it is Asynchronous Javascript and XML.
That is what the acronym stands for but it doesn't quite cover what the technique is for, nor is it accurate any more. In the beginning XML was used to transfer data from the server to the client. People found that XML is not really that easy to work with in Javascript so now it's more common to use JSON. JSON is a snippet of javascript that can be evaluated in the browser. The snippet creates javascript object(s) that represent the data.
If you use a Javascript library, like others have suggested here, you won't have to worry about many of the details though.
Before you get into AJAX you should make sure that you understand:
HTML and CSS
Javascript
how to modify HTML with Javascript
how a browser requests information from a server
how to handle requests on the server
If you are not comfortable with all of these concepts, stick with 'regular' web pages and try to improve your knowledge step by step.
Once you get the basic knowledge from W3school, I suggest you use a framework. Usually developers do not use XMLHttpRequest at all. Instead, javascript frameworks like ExtJS, jQuery and other frameworks make your work simple. I suggest you learn bit of javascript as well. check out jQuery.
Just to add that AJAX is rarely used in its pure form with XMLHttpRequest. You will often use it as a part of AJAX UI libraries which make your life easier. If you are from the Java world - such an AJAX library is Richfaces.
Instead of worrying about how to do AJAX, use something that allows you to forget about it. Frameworks like NOLOH do AJAX (and Comet) for you automatically without you having to do a thing. Just concentrate on your application, and business logic and it does the rest.
Really, everything is done via AJAX if available, automatically. No work on your part. If you're don't want to spend much time researching it, check out this short video that was demonstrated at Confoo PHP Conference this past March http://www.youtube.com/phpframework#p/u/11/cdD9hSuq7aw.
For all those worried about, well, if it's all AJAX, what about search engines? No need to worry, http://dev.noloh.com/#/articles/Search-Engine-Friendly/.
So instead of having to worry about all these different technologies, or the client-server relationship, you can sit down, code and have your website/WebApp working in no time.
You can read about NOLOH is this month's cover story of php|architect magazine, http://www.phparch.com/magazine/2010/may/.
Enjoy.
Disclaimer: I'm a co-founder of NOLOH.
It is easy one. Ajax getting data from server side by client side execution. We have to do use XMLHttpRequest to get the result.

Ajax architecture in Django application

I am trying to find the optimal architecture for an ajax-heavy Django application I'm currently building. I'd like to keep a consistent way of doing forms, validation, fetching data, JSON message format but find it exceedingly hard to find a solution that can be used consistently.
Can someone point me in the right direction or share their view on best practice?
I make everything as normal views which display normally in the browser. That includes all the replies to AJAX requests (sub pages).
When I want to make bits of the site more dynamic I then use jQuery to do the AJAX, or in this case AJAH and just load the contents of one of the divs in the sub page into the requesting page.
This technique works really well - it is very easy to debug the sub pages as they are just normal pages, and jQuery makes your life very easy using these as part of an AJA[XH]ed page.
For all the answers to this, I can't believe no one's mentioned django-piston yet. It's mainly promoted for use in building REST APIs, but it can output JSON (which jQuery, among others, can consume) and works just like views in that you can do anything with a request, making it a great option for implementing AJAX interactions (or AJAJ [JSON], AJAH, etc whatever). It also supports form validation.
I can't think of any standard way to insert ajax into a Django application, but you can have a look to this tutorial.
You will also find more details on django's page about Ajax
Two weeks ago I made a write up how I implement sub-templates to use them in "normal" and "ajax" request (for Django it is the same). Maybe it is helpful for you.
+1 to Nick for pages displaying normally in the browser. That seems to be the best starting point.
The problem with the simplest AJAX approaches, such as Nick and vikingosegundo propose, is that you'll have to rely on the innerHTML property in your Javascript. This is the only way to dump the new HTML sent in the JSON. Some would consider this a Bad Thing.
Unfortunately I'm not aware of a standard way to replicate the display of forms using Javascript that matches the Django rendering. My approach (that I'm still working on) is to subclass the Django Form class so it outputs bits of Javascript along with the HTML from as_p() etc. These then replicate the form my manipulating the DOM.
From experience I know that managing an application where you generate the HTML on the server side and just "insert" it into your pages, becomes a nightmare. It is also impossible to test using the Django test framework. If you're using Selenium or a similar tool, it's ok, but you need to wait for the ajax request to go return so you need tons of sleeps in your test script, which may slow down your test suite.
If the purpose of using the Ajax technique is to create a good user interface, I would recommend going all in, like the GMail interface, and doing everything in the browser with JavaScript. I have written several apps like this using nothing but jQuery, state machines for managing UI state and JSON with ReST on the backend. Django, IMHO, is a perfect match for the backend in this case. There are even third party software for generating a ReST-interface to your models, which I've never used myself, but as far as I know they are great at the simple things, but you of course still need to do your own business logic.
With this approach, you do run into the problem of duplicating code in the JS and in your backend, such as form handling, validation, etc. I have been thinking about solving this with generating structured information about the forms and validation logic which I can use in JS. This could be compiled at deploy-time and be loaded as any other JS file.
Also, avoid XML. The browsers are slow at parsing it, it is a pain to generate and a pain to work with in the browser. Use JSON.
Im currently testing:
jQuery & backbone.js client-side
django-piston (intermediate layer)
Will write later my findings on my blog http://blog.sserrano.com

Resources