Form Validation

It is important to validate all data input so that users see the behaviour they expect & the database isn't contaminated with bad data.

Some of this can be done client-side using JavaScript (quicker, especially on slow connections) however it is critical to also do server-side checking as some users may have Javascript turned off & also malicious users can bypass the client-side checks.

Server-side

This library is in the code-base for server-side validation:

inc/lib_validate.inc

There are functions for checking valid email addresses, dates, GIS coordinates, etc

Validation occurs after the form is submitted & before the database is actually updated, e.g.:

if ((shn_valid_x_coordinate($_POST['x_center'])) && (shn_valid_y_coordinate($_POST['y_center'])))
{
 add_confirmation(_("Changes were saved"));
 //Update Database
} else {
 add_error(_("Coordinates invalid"));
}
Client-side

This JavaScript file is in the code-base for client-side validation:

www/res/js/validate.js

However it doesn't appear to be referenced by any of the code yet.


Navigation
QR Code
QR Code dev:form_validation (generated for current page)