if statements and validation. if statement in programming the if statement allows one to test...

If statements and validation

If statement

• In programming the if statement allows one to test certain conditions and respond differently depending on the outcome of the test. – In our example the condition will be that the

user actually entered some text. • If it is true, one set of actions will be performed.• If it is false, a different set of actions will be

performed.

Two places to validate

• Since we are considering a client-server interaction, there are two locations in which the validation can occur – on the client and on the server. – Client-side validation should be seen mainly as not

adding to internet traffic and not wasting the server’s time until the data is acceptable.

– Server-side validation should be seen as maintaining data integrity (ensuring the data is of valid format) and security (making sure the user is not trying to access more than they should_

Server-side if

Test if the user entered any text in the text field. If the text field was left blank print one message. The “else” handles the other case and prints the original Thank-you message.

Notice when asking if two things are equal one uses two equal signs!

Result of invalid user data

Using elseif to ask another question

Another approach is to use a Boolean operator – in this case || the OR operator

If it is true that either of the text fields was left blank then the first message will be printed out.

If the user includes HTML tags

Code to strip away any HTML (or PHP) in user’s data

Example: <script> tag eliminated

Eliminating tags that signal code may help with a problem known as “cross site scripting.”

The quote - slash quote problem

The stripslashes function

Result of stripslashes

Sometimes the slashes are a good thing

• If a user attempts to put in SQL (database query) code, this is known as “SQL Injection.”

• SQL Injection often uses quotes (single or double).

• The slash tells the system to interpret the quote as a data quote not as a SQL quote.

• In fact PHP has an addslashes function for this purpose

PHP addslashes function

Related function

Result with a space in the First Name field

The trim function

Reference

• PHP for the World Wide Web, Second edition, Larry Ullman