PHP

Validation on the Server and Client

Validation is essential to web database applications. Ensuring that data meets user and system requirements is important, but ensuring that the database constraints are met by the data is critical. There are three possible data environments in which validation can occur in a three-tiered web database application: in the DBMS, in server-side scripts, and on the client. We discuss the merits and possibilities of these approaches to validation in this tutorial.

As the name suggests, client-tier validation occurs at the client browser before a request is sent to the server and is usually validation of <form> data. The most common way to implement client-tier validation is using the scripting language best known as JavaScript. JavaScript isn't a fully fledged programming language, but it's one that can be effectively used for simple tasks such as validation. The drawback of validation at the client is that it depends on the user and his environment: the user can disable JavaScript, and can willfully or passively circumvent the validation, and the client environment isn't usually managed or standardized by the developer of the web database application.

Server-side validation is usually performed in a middle-tier script and is the essential validation tool. When data is inserted, updated, or deleted at the DBMS, it's undesirable to rely on the constraint-checking validation implicitly performed by the DBMS in the database tier. Trapping errors using the PHP MySQL error functions is difficult, has unnecessary network and DBMS overhead, and is hard to present to the user in a meaningful way. A much better approach is to use the middle-tier PHP scripts to validate data and ensure that all constraints of the database are met before modifying the database.

In this tutorial, we extend our discussion of validation in PHP. We have already introduced basic validation principles in tutorial 5 with the clean( ) function for security and in tutorial 6 with the field empty( ) checks used before modifying the customer table. We extend those discussions here by introducing the principles of validation and the practice of validating <form> variables and values with PHP. We use the customer <form> we developed in tutorial 6 as our case study. We then consider in more detail the variables and values that are sent from a browser to a server, their variations, and the traps to watch for.

After discussing server-side validation, we discuss client-side JavaScript and how simple validation can be performed at the client to save network costs and improve responsiveness of an application to the user. We also introduce other simple tasks that can be effectively accomplished with JavaScript.