I am currently validating user input on server side (PHP). The client side sends XMLHttpRequest calls and marks invalid fields with red borders. Everything else is great except that I think it takes too long for the client to make a request and then notice that he filled something wrong. I think I should place some JavaScript validations as well so that the client does not need to wait for the request to finish.
我目前正在验证服务器端的用户输入(PHP)。客户端发送XMLHttpRequest调用并标记带有红色边框的无效字段。其他一切都很棒,除了我认为客户提出请求需要太长时间,然后注意到他填写了错误的内容。我想我也应该放置一些JavaScript验证,以便客户端不需要等待请求完成。
However, I do not want to duplicate validation rules and code. Has anyone implemented validation on both sides so that you do not need to duplicate validation rules at least?
但是,我不想复制验证规则和代码。有没有人在双方都实施验证,这样你至少不需要复制验证规则?
I am using Yii and plain old JavaScript with jQuery if that matters.
如果重要的话,我正在使用Yii和带有jQuery的普通旧JavaScript。
Edit: I also find it tedious that the client may have a wrong time on his computer making JavaScript based datetime checks bad. This means I would need to give the right datetime from the server to the script first.
编辑:我也觉得客户端可能在他的计算机上错误的时间使基于JavaScript的日期时间检查变得很糟糕。这意味着我需要首先从服务器向脚本提供正确的日期时间。
6 个解决方案
#1
1
I believe PEARs quick forms allow your to add validation for both client and server side at the same time.
我相信PEAR快速表单允许您同时为客户端和服务器端添加验证。
Since you are using the Yii framework and Yii provides a fairly robust validation scheme I'd look at some way of extending the form generation framework to check the fields for a validator, then map each of the validation classes to a js function that you should be able to write quite quickly.
既然您正在使用Yii框架并且Yii提供了相当强大的验证方案,我会看一些扩展表单生成框架的方法来检查验证器的字段,然后将每个验证类映射到您应该的js函数能写得很快。
There also appears to be an extension that will do this for you : http://www.yiiframework.com/extension/jformvalidate/
似乎还有一个扩展程序可以为您执行此操作:http://www.yiiframework.com/extension/jformvalidate/
#2
2
Create a function i PHP that validates the fields and set it up in a generic way. So you can use it both on the server side as on the client side.
创建一个PHP函数,验证字段并以通用方式设置它。因此,您可以在服务器端和客户端一起使用它。
For the clientside use jquery to make some AJAX calls to the PHP validation function.
对于客户端使用jquery对PHP验证函数进行一些AJAX调用。
#3
1
Definitely do not use client side datetime checking for any purposes. You are right on that one.
绝对不要将客户端日期时间检查用于任何目的。你是对的。
So you want to write one code for each validation.
所以你想为每个验证编写一个代码。
So go ahead and code a function in php which does email validation, let's say: validate_email().
所以继续编写php中的函数进行电子邮件验证,比方说:validate_email()。
Once the user presses submit, you can send all the data to the php code using ajax and have it validated.
一旦用户按下提交,您可以使用ajax将所有数据发送到php代码并进行验证。
Once the user passes the submit phase now you can use the same function validate_email() to validate the $_POST.
一旦用户通过提交阶段,您现在可以使用相同的函数validate_email()来验证$ _POST。
This way you write one code, and it is easier to maintain.
这样就可以编写一个代码,并且更容易维护。
Is this slower compared to javascript? Hard to say. Remember, putting an additional jquery validation plugin has its load on the page too. Here is a popular validation plugin for jquery, it is 25KB in its minified version. Now your code is tidy and easier to maintain. If this is a homepage, and assuming you would opt in to use a plug-in, you just saved 25KB load on your probably most valuable landing page.
这比javascript慢吗?很难说。请记住,添加额外的jquery验证插件也会在页面上加载。这是一个流行的jquery验证插件,它的缩小版本为25KB。现在您的代码整洁,易于维护。如果这是一个主页,并假设您选择使用插件,那么您刚刚在可能最有价值的目标网页上节省了25KB的负担。
#4
0
If your validation rules can be described in terms of regular expressions, you can define them in one place and use the same regex in your php code that you use in your generated javascript.
如果你的验证规则可以用正则表达式来描述,你可以在一个地方定义它们,并在你生成的javascript中使用的php代码中使用相同的正则表达式。
#5
0
Some pseudo-code as a possible approach:
一些伪代码作为一种可能的方法:
In PHP:
在PHP中:
function validate() {
// Use $_POST to validate whatever items in whatever fashion you want
// and echo a message or some JSON array etc...
}
In javascript (assuming jQuery):
在javascript(假设jQuery):
$('#formButton').click(function(event){
event.preventDefault();
$.post('/url/of/page', $(this).serializeArray(), function(response){
// Assuming JSON data, but could just be a string or message,
// check for response.success or whatever from validation
if(response.success) $('#form').submit();
else // Some error message or action
});
});
This, while perhaps some overhead in AJAX calls, allows you to use any validation method you would want to and keeping the code the exact same whether from an actual POST or via AJAX. A simple response from a $_POST iteration from PHP, though, is not that much overhead. This also allows you to run queries if you need to - of course you'd want to keep them simple since everything would run twice.
这可能是AJAX调用中的一些开销,允许您使用任何您想要的验证方法,并且无论是从实际的POST还是通过AJAX,都要保持代码完全相同。但是,来自PHP的$ _POST迭代的简单响应并没有那么多开销。这也允许您在需要时运行查询 - 当然,您希望保持简单,因为一切都会运行两次。
#6
-1
at first i can say never trust user... user can change java script... so server side validation is require
起初我可以说永远不会信任用户...用户可以更改java脚本...因此需要服务器端验证
second: why we use client side validation? for speed.
第二:为什么我们使用客户端验证?为了速度。
i think you should use both way . cuase you dont want waste user time
我认为你应该两种方式使用。假设你不想浪费用户的时间
validate with js and sent data. in admin if there is wrong data exit user.
用js验证并发送数据。在admin中如果有错误的数据退出用户。
#1
1
I believe PEARs quick forms allow your to add validation for both client and server side at the same time.
我相信PEAR快速表单允许您同时为客户端和服务器端添加验证。
Since you are using the Yii framework and Yii provides a fairly robust validation scheme I'd look at some way of extending the form generation framework to check the fields for a validator, then map each of the validation classes to a js function that you should be able to write quite quickly.
既然您正在使用Yii框架并且Yii提供了相当强大的验证方案,我会看一些扩展表单生成框架的方法来检查验证器的字段,然后将每个验证类映射到您应该的js函数能写得很快。
There also appears to be an extension that will do this for you : http://www.yiiframework.com/extension/jformvalidate/
似乎还有一个扩展程序可以为您执行此操作:http://www.yiiframework.com/extension/jformvalidate/
#2
2
Create a function i PHP that validates the fields and set it up in a generic way. So you can use it both on the server side as on the client side.
创建一个PHP函数,验证字段并以通用方式设置它。因此,您可以在服务器端和客户端一起使用它。
For the clientside use jquery to make some AJAX calls to the PHP validation function.
对于客户端使用jquery对PHP验证函数进行一些AJAX调用。
#3
1
Definitely do not use client side datetime checking for any purposes. You are right on that one.
绝对不要将客户端日期时间检查用于任何目的。你是对的。
So you want to write one code for each validation.
所以你想为每个验证编写一个代码。
So go ahead and code a function in php which does email validation, let's say: validate_email().
所以继续编写php中的函数进行电子邮件验证,比方说:validate_email()。
Once the user presses submit, you can send all the data to the php code using ajax and have it validated.
一旦用户按下提交,您可以使用ajax将所有数据发送到php代码并进行验证。
Once the user passes the submit phase now you can use the same function validate_email() to validate the $_POST.
一旦用户通过提交阶段,您现在可以使用相同的函数validate_email()来验证$ _POST。
This way you write one code, and it is easier to maintain.
这样就可以编写一个代码,并且更容易维护。
Is this slower compared to javascript? Hard to say. Remember, putting an additional jquery validation plugin has its load on the page too. Here is a popular validation plugin for jquery, it is 25KB in its minified version. Now your code is tidy and easier to maintain. If this is a homepage, and assuming you would opt in to use a plug-in, you just saved 25KB load on your probably most valuable landing page.
这比javascript慢吗?很难说。请记住,添加额外的jquery验证插件也会在页面上加载。这是一个流行的jquery验证插件,它的缩小版本为25KB。现在您的代码整洁,易于维护。如果这是一个主页,并假设您选择使用插件,那么您刚刚在可能最有价值的目标网页上节省了25KB的负担。
#4
0
If your validation rules can be described in terms of regular expressions, you can define them in one place and use the same regex in your php code that you use in your generated javascript.
如果你的验证规则可以用正则表达式来描述,你可以在一个地方定义它们,并在你生成的javascript中使用的php代码中使用相同的正则表达式。
#5
0
Some pseudo-code as a possible approach:
一些伪代码作为一种可能的方法:
In PHP:
在PHP中:
function validate() {
// Use $_POST to validate whatever items in whatever fashion you want
// and echo a message or some JSON array etc...
}
In javascript (assuming jQuery):
在javascript(假设jQuery):
$('#formButton').click(function(event){
event.preventDefault();
$.post('/url/of/page', $(this).serializeArray(), function(response){
// Assuming JSON data, but could just be a string or message,
// check for response.success or whatever from validation
if(response.success) $('#form').submit();
else // Some error message or action
});
});
This, while perhaps some overhead in AJAX calls, allows you to use any validation method you would want to and keeping the code the exact same whether from an actual POST or via AJAX. A simple response from a $_POST iteration from PHP, though, is not that much overhead. This also allows you to run queries if you need to - of course you'd want to keep them simple since everything would run twice.
这可能是AJAX调用中的一些开销,允许您使用任何您想要的验证方法,并且无论是从实际的POST还是通过AJAX,都要保持代码完全相同。但是,来自PHP的$ _POST迭代的简单响应并没有那么多开销。这也允许您在需要时运行查询 - 当然,您希望保持简单,因为一切都会运行两次。
#6
-1
at first i can say never trust user... user can change java script... so server side validation is require
起初我可以说永远不会信任用户...用户可以更改java脚本...因此需要服务器端验证
second: why we use client side validation? for speed.
第二:为什么我们使用客户端验证?为了速度。
i think you should use both way . cuase you dont want waste user time
我认为你应该两种方式使用。假设你不想浪费用户的时间
validate with js and sent data. in admin if there is wrong data exit user.
用js验证并发送数据。在admin中如果有错误的数据退出用户。