Form Validation
It is important to validate all data input so that users see the behaviour they expect & the database isn't contaminated with bad data.
Some of this can be done client-side using JavaScript (quicker, especially on slow connections) however it is critical to also do server-side checking as some users may have Javascript turned off & also malicious users can bypass the client-side checks.
Server-side
This library is in the code-base for server-side validation:
inc/lib_validate.inc
There are functions for checking valid email addresses, dates, GIS coordinates, etc
Validation occurs after the form is submitted & before the database is actually updated, e.g.:
if ((shn_valid_x_coordinate($_POST['x_center'])) && (shn_valid_y_coordinate($_POST['y_center']))) { add_confirmation(_("Changes were saved")); //Update Database } else { add_error(_("Coordinates invalid")); }
Client-side
This JavaScript file is in the code-base for client-side validation:
www/res/js/validate.js
However it doesn't appear to be referenced by any of the code yet.