I will be using ajax for form validation. First time doing this so might be a few basic and inexperienced questions here :)
Will I still have to validate the form back end, ie?
if (empty($_POST['email'])) {
// do something }
Also what would you do if php finds an error? A header redirect to the form or display an error message on the next page, as the form should receive no errors with AJAX hopefully guiding people to fill 开发者_如何学运维it out correctly.
How much leeway should I provide for non js members? Without js enable the js will not work, ie the form may not be filled out correctly. How should I deal with this as the whole point of using AJAX is to provide a user freindly experience filing out forms so it seems a bad idea to write out rules for your form for non js users, kinda defeats the point!
ofcourse, you should also validate your data on back-end too also with mysql.
- avoid sql injection too , read
addslashes()
,mysql_real_escape_string()
- take care of special characters and
'
"
etc... - use typecasting during insert/update to mysql tables
like
" INSERT INTO table SET id = ". (int)$user_id."
code your form to work - that is if no javascript is available. You can then AUGMENT your user experience by introducing the ajax functionality.
ideally you shoudl run the same code that validates the form for both the ajax request and the non-js submission...
Now when an error on any particular field is returned you should take that response and add appropriate error messages to the form in-situ. Avoid requests to the server that js can do itself - such as regular expression checks and what not.
Javascript is a tool to improve the usability of your site NOT one to provide core functionality - always code for not having it and when it is there you'll make people happier.
精彩评论