Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: How do I write a CGI script with form validation?

by rhythmicus (Sexton)
on Aug 16, 2004 at 11:20 UTC ( [id://383256]=note: print w/replies, xml ) Need Help??


in reply to How do I write a CGI script with form validation?

Without knowing all the details, I'd say your best bet would be to validate the user input via JavaScript. Since JavaScript is client-side, you won't need to send the user input to the server and then back again if it's incorrect.

As for outputting the results of your calculations, etc., you can do this the simple way with CGI, or the slightly more complicated way, although with more control and cleaner code, with HTML::Template.

This kind of stuff is very common. Search this site and Google for more information.

UPDATE: As some other monks have caught a mistake in my original post, I should add that I neglected to mention that user input should ALSO be checked at the server-side. However, contrary to what tachyon says, I do believe that JavaScript provides additional security and does have some degree of reliability.

UPDATE Part II: For a good example of using JavaScript to help validate input, check out http://developer.apple.com/internet/webcontent/validation.html.

Replies are listed 'Best First'.
Re^2: How do I write a CGI script with form validation?
by tachyon (Chancellor) on Aug 16, 2004 at 11:33 UTC

    I'd say your best bet would be to validate the user input via JavaScript

    Bad advice. Client side validation is fine, provided you accept that it is simply to improve the end user experience. It offers absolutely no security or reliable validation

    Form validation is a server side task. Period. Do what you like on the client side, you still need to validate everything (again if using JS client side) on the server side.

    cheers

    tachyon

Re^2: How do I write a CGI script with form validation?
by nothingmuch (Priest) on Aug 16, 2004 at 11:24 UTC
    I beg to differ.

    You cannot allow the server to trust that the client side is not tricking it, especially for ecommerce.

    All form validation must happen at the server, and possibly, for a better user experience (think responsiveness), also validated with javascript.

    I'd also like to note that inn my experience most the javascript validation I met really sucks. Just recently I had to fool an online purchase form which was trying to verify my CCN using javascript that calls a VB script function. I have MacOS X, and use Safari, which isn't VB script enabled.

    The only way I could actually buy the thing is if i cheated the javascript. It was simple, too, i just entered the URL javascript:document.formname.submit().

    -nuffin
    zz zZ Z Z #!perl
Re^2: How do I write a CGI script with form validation?
by bradcathey (Prior) on Aug 16, 2004 at 12:31 UTC

    I *used* to do form validation with javascript exclusively, until lurking around the monastery for a few months and reading the arguments against it, and for good reasons. However, I now use a combo. I do a full validation (as part of my untainting routines) on the server-side, but first doing a quick check of certain fields in javascript to avoid the roundtrips to the server. The client-side checks are more to protect the "client" and the server-side check are to protect me and the server.

    As my validation needs are pretty straight forward, I rolled my own little module with the help of some of the good monks, and it works fine. But do recommend you read up on the aforementioned CGI resources.


    —Brad
    "Don't ever take a fence down until you know the reason it was put up." G. K. Chesterton
Re^2: How do I write a CGI script with form validation?
by PodMaster (Abbot) on Aug 16, 2004 at 23:54 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://383256]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2024-03-28 14:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found