[web] A Couple Of Basic Questions
Hey guys, pretty new to this web stuff so here goes...
I'm using PHP.
1. I have an HTML form for authoring something or other, right, but on pressing the submit button, how do i alert the user to the fact that he/she has not filled in the mandatory fields. Where do i perform the php code to verify?
Could i do it like this:
- Submit button submits the form to the same page ( itself ).
- PHP code runs on this page to verify the contents of the fields and display messages accordingly.
- If everything was ok, the php code forwards to the following page as if the user logged in ok.
Actually i might have just solved the second one, haha.
Thanks,
Dave
that's a possible solution. another one might be to forward the submit request immediately to the following page, check it there and refer back to the login page if login failed for any reason.
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:
The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.
Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use javascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.
good luck :)
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:
<?php ... // define verification function somewhere if (!verify_user_login()) { header('Location: https://your.domain/login.php'); exit; // {EDIT: <- doh, dont forget to exit here } } // private content?>...
The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.
Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use javascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.
good luck :)
the majority of sites i have seen use java script to do client side verification of data which'll catch 90% of problems, then submit to the server where you recheck everything.
Quote:Original post by jul_k
that's a possible solution. another one might be to forward the submit request immediately to the following page, check it there and refer back to the login page if login failed for any reason.
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:<?php ... // define verification function somewhere if (!verify_user_login()) { header('Location: https://your.domain/login.php'); exit; // {EDIT: <- doh, dont forget to exit here } } // private content?>...
The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.
Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use javascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.
good luck :)
TY, thats basically all i needed, how to redirect. Thanks
I always use javascript for client side verification, to make sure certain fields are filled out etc. It's really simple to do and there are plenty of sites that have examples. It also reduces the work done by the server, but if it isn't a huge traffic site it probably doesn't mean much.
That won't do. You can never trust what the client is sending to you. It's very easy to mess with javascript (heck, you can simply type in some javascript in the address bar on the page you that you want to manipulate). javascript checking isn't bad, but you still need to check it on the server as well.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement