Server side validating fields

01Jul09

As many of us know by now, it is never best to only validate fields with client side code. You must also validate on the server.

As I was writing code today for a multi-page form, I was trying to think of the best way to validate fields. Although the below is verbose and written in ColdFusion, it can be easily ported to any other language that supports arrays, lists, or hashes – and it can be placed in one line if your language supports associative arrays.

Required fields

For this one I used:

<cfset requiredFields = StructNew()>
<cfset requiredFields['name'] = 'Name'>
<cfset requiredFields['email'] = 'Email address'>
<cfset requiredFields['message'] = 'Message'>
<cfloop collection="#requiredFields#" item="i">
  <cfif NOT StructKeyExists(form, i) OR form[i] EQ ''>
      <cfset session.errors[i] = 'Field <strong>"' & requiredFields[i] & '"</strong> cannot
be empty.'>
  </cfif>
</cfloop>

In this case, the form variable is the name of the form field itself :

requiredFields['email'] = <input type="text" name="email" />

The value of that field is a more friendly name to display with the error messages.
Field Name cannot be empty.

The same type of structures are then setup for numbers, dates, emails, and whatever else may need to be validated. Each loop entry is added to the session.errors array to maintain the errors and then cleared upon re-calling the validation page.

The sessions array is displayed with:

<cfif NOT StructIsEmpty(session.errors)>
<style type="text/css">
  li{margin-left:10px}
</style>
<ul class="errorBox">
  <cfloop collection="#session.errors#" item="i">
    <cfoutput><li>#session.errors[i]#</li></cfoutput>
  </cfloop>
</ul>
</cfif>

Creating a list displaying the errors.

**Additionally, to make it an even better experience, you can add an error highlight color to the row that caused the error. For example:

<td style="background-color:<cfif StructKeyExists(session.errors, 'name')>errorRow"><input type="text" name="name" /></td>

** If all of your fields are required, you can simply loop over the form fields and popuplate your errors array… but you may not have the friendly names.

So, why should you validate with server side code?
While client side code such as Javascript makes the user experience much more enjoyable, there are several reasons to also validate on the server.

• Checking on the server can be more verbose and accurate, especially if you need to check against a query (although AJAX would do this as well)
• Javascript can easily be turned off
• YOUR Javascript code can be hacked since it is visible there on the page.
• Your page can be copied completely, javascript removed, and submitted to the server.
• Your Javascript may not work across all browsers and mobile devices.
• Some coders make code inaccessible when they do not make sure the code works without Javascript

So why should you even use it?

• It prevents a trip to the server
• Your users will love you since things will work faster
• You can do muchos with AJAX

Filed under: Beginner, ColdFusion, PHP   |  Leave a Comment