Unobtrusive PHP ?

Strange? 

What do you say, if we use this term for a form validation, server side? I say “Unobrusive PHP” because is what I know, but it can be any other language.

Let me explain:

We already do this in javascript. We attach a class to a field we want to validate, then, when the user try to submit, we try to validate the input by a rule associated to the class. All is fine, only that we need to make this server-side too, we cannot trust the users, don’t we.

So what if to the input name, we attach a specific segment, that will be validated once it reach the server, removes the attachment, and pass further the data like never happened?

something like:

<input type=”text” name=”email” />

for js validation would be 

<input type=”text” name=”email” class=”email”/>

for php would be

<input type=”text” name=”email___email” />

and the validation class would take the $_POST array, search for a value  that contains ___email, validates it, then simple remove the segment for further processing.

$_POST["emai"] = $_POST["email___email"];

This idea is the preamble of a next post regarding a more  universal validator for forms.
Is only a concept. Let me now your thoughts.

3 Comments to “Unobtrusive PHP ?”

  1. david 4 February 2009 at 9:14 am #

    How would you add multiple rules?

    This is also a security hole because a hacker only needs to change the fieldname to bypass validation rules. For js validation it doesn’t matter because it’s backed up by serverside validation.

    Another thing to keep in mind is that is you process the value using another (POST) variable you still have to return it to the original value in case of errors in the validation

  2. Niels Bom 18 February 2009 at 5:03 pm #

    Well the problem you’re trying to tackle is (imho) defining in only one location what a certain form element is supposed to deliver. And what validation rules it has to obey.

    My suggestion: hang it all on the input name ‘email’. You can easily attach jQuery to that form element, don’t need a class for that.

    Do the JS validation through AJAX and call the same serverside function to evaluate the validity of the emailadress. Then when the form is really submitted to the server the contents of the emailfield go through the same function.

  3. norman784 13 May 2009 at 3:34 pm #

    But, the problem, if I have understand is, the HTMl can be changed with tools like firebug, and the validation will no longer secure

    regards


Leave a Reply