Server-Side Validation Jayden Bryant

What is Server-Side Validation?  Validation of form input done on the server, not the web browser program //Validate the Surname If ($surname == “”) print( “The surname field cannot be blank.”);

Differences between Client and Server Side Validation  Client-Side No round trip to server = quicker validation, instant feedback to userNo round trip to server = quicker validation, instant feedback to user User may skip client-side validation by turning off java scriptUser may skip client-side validation by turning off java script  Server-Side Ensures 100% validation of input even if front end validation failsEnsures 100% validation of input even if front end validation fails User cannot skip server-side validationUser cannot skip server-side validation Ensures that improper data sent will be filtered correctly, a detailed error message can be sent back to userEnsures that improper data sent will be filtered correctly, a detailed error message can be sent back to user Takes longer time to vaildate – information must do a round trip to the server.Takes longer time to vaildate – information must do a round trip to the server.

What we shall Discuss  Methods used when validating different form data  Number validation  URL validation  Validation

Common Validation functions  ereg () function <?php $username = (jayden2); If (ereg ('[^A-Za-z]', $username)){ echo "Usernames must contain only letters."; } else {echo "$username is a valid username.";} ?>  !ereg () function if ($validate) { $text = ($n); print " entered is $text. "; if echo (" must conatain the symbol else echo ("Good job, contains an } To example

Validating Numbers  is_numeric() function Checks to see if input is numericChecks to see if input is numeric is_numeric allows:is_numeric allows: Integers e.g Integers e.g Scientific notations e.g. 15e4Scientific notations e.g. 15e4 Floating points e.g Floating points e.g Hexadecimal e.g. 2xffHexadecimal e.g. 2xff Negative numbers e.g. -56Negative numbers e.g. -56 if (!is_numeric($n)) print “Does not conform to function"; else print "Validation passed!! Input was: $n"; Example

Validating URL’s  Parse_url: function parses a URL and returns an associative array containing any of the various components of the URL that are present.  scheme - e.g. http  host  port  user  pass  path  query - after the question mark ?  fragment - after the hashmark # Example: Example: ssage parse_url

Validating URL’s  function_exists: Return TRUE if the given function has been defined  checkdnsrr: Check DNS records corresponding to a given Internet hostname or IP address type may be any one of: A, MX, NS, SOA, PTR, CNAME, AAAA, A6, SRV, NAPTR or ANY. The default is MX. URL code

URL Validation Code  <?php  $bits = parse_url($url);  if ($bits["scheme"] != "http")  print "URL must begin with  elseif (empty($bits["host"]))  print "URL must include a host name.";  elseif (function_exists('checkdnsrr') && !checkdnsrr($bits["host"], 'A'))  print "Host does not exist.";  else  echo ("URL: $bits Exists");  ?> URL Example

Validating  Empty (var) – Determines whether a variable is empty  strlen - Get string length Returns the length of the given stringReturns the length of the given string  Getmxrr – Check if there is a record of the domain as a mail exchanger (MX)  Gethostbyname -  Gethostbyname - Get the IP address corresponding to a given Internet host name

Validating  substr ( string string, int start [, int length] ) Returns part of a string returns the portion of string specified by the start and length parameters.  string strstr ( string haystack, string needle ) Finds the first occurence of the string Returns part of haystack string from the first occurrence of needle to the end of haystack If needle is not found, returns false Code

Validation code  {  $valid Expr =  "^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*".   if (empty($ ))  {  print "The field cannot be blank";  $printFlag = false;  }  elseif (!eregi($valid Expr, $ ))  {  print "The must be in the format.";  $printFlag = false;  }  elseif (strlen($ ) >30)  {  print "The address can be no longer than 30 characters.";  $printFlag = false;  }

Validation code  elseif (function_exists("getmxrr") && function_exists("gethostbyname"))  {  $maildomain = substr(strstr($ , 1);  if (!(getmxrr($maildomain, $temp) || gethostbyname($maildomain) !=$maildomain))  {  print "The domain does not exist.";  $printFlag = false;  }  else $printFlag = true;  }  if ($printFlag == true) {  print " address: $ exists";  }  ?> Example

Class Quiz  When using is_numeric function, what are the 5 legal number formats? Integers e.g Integers e.g Scientific notations e.g. 15e4Scientific notations e.g. 15e4 Floating points e.g Floating points e.g Hexadecimal e.g. 2xffHexadecimal e.g. 2xff Negative numbers e.g. -56Negative numbers e.g. -56 Question 2

Class Quiz: Qu 2  What is a major difference between client-side and server-side validation? Question 3

Class Quiz: Qu 3  What does the function parse_url do? Returns the different components of which the URL is made up of e.g.Returns the different components of which the URL is made up of e.g. scheme - e.g. httpscheme - e.g. http hosthost portport useruser passpass pathpath query - after the question mark ?query - after the question mark ? fragment - after the hashmark #fragment - after the hashmark # Question 4

Class Quiz: Qu 5  What does the function strstr return? Finds the first occurence of the string Returns part of haystack string from the first occurrence of needle to the end of haystack If needle is not found, returns false Question 5

Class Quiz: Qu 6  What does the function empty check? If the variable is emptyIf the variable is empty

Validation Complete