As the name suggests, client-tier validation occurs at the client browser before a request is sent to the server and is usually validation of
Server-side validation is usually performed in a middle-tier script and is the essential validation tool. When data is inserted, updated, or deleted at the DBMS, it's undesirable to rely on the constraint-checking validation implicitly performed by the DBMS in the database tier. Trapping errors using the PHP MySQL error functions is difficult, has unnecessary network and DBMS overhead, and is hard to present to the user in a meaningful way. A much better approach is to use the middle-tier PHP scripts to validate data and ensure that all constraints of the database are met before modifying the database.
In this tutorial, we extend our discussion of validation in PHP. We have already introduced basic validation principles in tutorial 5 with the
clean( ) function for security and in tutorial 6 with the field
empty( ) checks used before modifying the customer table. We extend those discussions here by introducing the principles of validation and the practice of validating
<form> variables and values with PHP. We use the customer
<form> we developed in tutorial 6 as our case study. We then consider in more detail the variables and values that are sent from a browser to a server, their variations, and the traps to watch for.