Strange?
What do you say if we use this term for a form validation, server side? I say “Unobrusive PHP” because it’s what I work with, but it can be any other language.
Let me explain
We already do this in Javascript. We attach a class to a field we want to validate, then, when the user try to submit, we try to validate the input by a rule associated to the class. All is fine, only that we need to make this server-side too, we cannot trust the users, do we?
So what if to the input name we attach a specific segment, that will be validated once it reach the server, removes the attachment, and pass further the data like never happened?
Some code
<input type="text" name="email" />
for js validation would be
<input type="text" name="email" class="email"/>
for php would be
<input type="text" name="email___email" />
and the validation class would take the $_POST array, search for a value that contains ___email, validates it, then simple remove the segment for further processing.
$_POST["emai"] = $_POST["email___email"];
This idea is the preamble of a future post regarding a more universal validator for forms. It’s only a concept. Let me now your thoughts.
3 Responses
How would you add multiple rules?
This is also a security hole because a hacker only needs to change the fieldname to bypass validation rules. For js validation it doesn’t matter because it’s backed up by serverside validation.
Another thing to keep in mind is that is you process the value using another (POST) variable you still have to return it to the original value in case of errors in the validation
Well the problem you’re trying to tackle is (imho) defining in only one location what a certain form element is supposed to deliver. And what validation rules it has to obey.
My suggestion: hang it all on the input name ‘email’. You can easily attach jQuery to that form element, don’t need a class for that.
Do the JS validation through AJAX and call the same serverside function to evaluate the validity of the emailadress. Then when the form is really submitted to the server the contents of the emailfield go through the same function.
But, the problem, if I have understand is, the HTMl can be changed with tools like firebug, and the validation will no longer secure
regards