Validation in PHPRunner and ASPRunnerPro applications

Data validation is very important in web applications. You do not want your users to enter incorrect data. Our web application builders can help you with this.

In this article we cover different validation type starting with built-in validation and making it all the way through to advanced AJAX-based validation.

Client-side validation

Client side validation (Javascript based) provides instant feedback to the user making it a good usability choice.

Built-in validation types

This validation will work if you need to make sure that all required fields are populated or validate a relatively simple data format like US Social Security Number.


More info: PHPRunner ASPRunnerPro

Regular expressions

Regular expressions are both powerful and tough to master. Luckily there is a number of examples and tutorials on the web. Besides that PHPRunner and ASPRunnerPro come with built-in Regular expressions testing tool. Regular expressions to validate data formats like IP addresses or Tax IDs in some countries.

More info: PHPRunner ASPRunnerPro

Custom validation plugins

When you need something more complicated i.e. algorithm based credit card number validation - custom validation plugins come to rescue.

More info: PHPRunner ASPRunnerPro

Input mask

Sometimes no validation is the best option. Turn on masked edit option in PHPRunner or ASPRunnerPro to prevent users from entering anything but correct data format. Works the best with fixed length data like phone numbers or social security numbers.

More info: PHPRunner ASPRunnerPro

Edit plugins

Many custom Edit plugins, especially those that target numeric data input, come with built-in validation. Examples are Slider, Spinner and Knob plugins. All of them allow you to setup the range of input data.

How to create your own Edit plugin

Server-side validation

You may have noticed that none of client side examples perform data validation against database. Server side validation overcomes this limitation. You can check entered data for duplicates or simply check if you have enough widgets in stock before letting customer to place the order. In PHPRunner/ASPRunnerPro software server side validation is typically implemented as BeforeAdd/BeforeEdit events. Here is some sample code for BeforeAdd event where we prevent adding duplicate email addresses.

PHP:

  1. $rs = CustomQuery("select email from LoginTable where email = '"
  2. . db_addslashes($values["email"]) . "'");
  3. if (db_fetch_array($rs))
  4. {
  5. $message = "Email address ".$values["email"]."
  6. already exists. <br>Sign in or choose another email address.";
  7. return false;
  8. }
  9. $message="";
  10. return true;

ASP:

  1. set rs = CustomQuery("select email from LoginTable where email = '" & _
  2. db_addslashes(values("email") & "'"))
  3. if not rs.eof then
  4. message= "Email address " & values("email") & _
  5. "already exists. <br>Sign in or choose another email address."
  6. BeforeAdd=false
  7. Exit Function
  8. end if
  9. message=""

The only drawback of server is based validation is that user experience suffers. Page needs to be reloaded and in some cases user needs to scroll the page in order to find the field that didn't pass the validation.

Combined validation

Combined validation brings the best of two worlds together. You can validate data against your database without reloading the page providing instant feedback to the user. To see a real life example proceed to Xlinesoft Marketplace, add any product to the cart and click Checkout. On 'Create an account' page enter any email address that is already in the system i.e kornilov(at)gmail.com and move focus to the next field.

You will see  "Email address already exists. Login here" message once focus leaves the email field. Now user can enter another email address or sign in if registered already.

Note that if you don't change the email address and still submit the form you will get similar message that is now coming from BeforeAdd event.  It's always recommended to use both  types of validation together. This prevents the situation when user ignores the warning and submits the form anyway.

Here is how this sort of functionality can be added to your project.

1.  Modify page in Visual Editor adding a DIV tag where our message will be displayed.

  1. <TD class="runner-cc alt runner-fixedcell">
  2. <DIV class="fieldcontrol_email {$fielddispclass_email}">{$email_editcontrol}</DIV>
  3. <DIV id=email-message></DIV></TD>

2. Javascript OnLoad event. This code sample assumes that field name is email

  1. var message = 'Email address already exists.';
  2. var ctrlEmail = Runner.getControl(pageid, 'email');
  3. ctrlEmail.on('blur', function(e) {
  4. if (this.getValue()=='') {
  5. $('#email-message').css('display','none');
  6. }
  7. else {
  8. $.get("check_email.php", { email: this.getValue()}).done( function(data){
  9. if (data=='exists') {
  10. if (message!='') $('#email-message').html(message);
  11. $('#email-message').css('display','block');
  12. }
  13. else {
  14. $('#email-message').css('display','none');
  15. }
  16. })
  17. }
  18. });

This code makes a call to check_email.php file via jQuery's get() function. If check_email.php file returns "exists" we display the message and make DIV visible.

Note: in ASPRunnerPro replace check_email.php with check_email.asp

3. check_email.php (.asp) code.

check_email.php file needs to be added to source subdirectory under project directory. Once you build the project it will be copied right to the output directory. Here is what we need to put into check_email.php file:

  1. <?php
  2. include("include/dbcommon.php");
  3. $rs = CustomQuery("select email from LoginTable where email = '" .
  4. db_addslashes($_GET['email']) . "'");
  5. if (db_fetch_array($rs))
  6. echo "exists";
  7. else
  8. echo "";
  9. ?>

This code assumes that table name is LoginTable and field name is email.
ASP version of the same code (check_email.asp):

  1. <%
  2. %>
  3. <!--#include file="include/dbcommon.asp"-->
  4. <%
  5. set rs = CustomQuery("select email from LoginTable where email = '" & _
  6. db_addslashes(Request.QueryString("email") & "'"))
  7. if not rs.eof then
  8. Response.Write "exists"
  9. end if
  10. %>

Note: since we process data entered by end user manually we need to take care of SQL injections attacks. Function db_addslashes() does all the job for us screening "bad" characters.

4. BeforeAdd code

This code does the same job. We just want to protect ourself from the situation when user ignores the warning and submits the form anyway.

PHP:

  1. $rs = CustomQuery("select email from LoginTable where email = '"
  2. . db_addslashes($values["email"]) . "'");
  3. if (db_fetch_array($rs))
  4. {
  5. $message = "Email address ".$values["email"]."
  6. already exists. <br>Sign in or choose another email address.";
  7. return false;
  8. }
  9. $message="";
  10. return true;

ASP:

  1. set rs = CustomQuery("select email from LoginTable where email = '" & _
  2. db_addslashes(values("email") & "'"))
  3. if not rs.eof then
  4. message= "Email address " & values("email") & _
  5. "already exists. <br>Sign in or choose another email address."
  6. BeforeAdd=false
  7. Exit Function
  8. end if
  9. message=""

5. Define style for email message div

The following code can be added to the Edit/Add page where we need to validate data. Switch to HTML mode and add the following code to <head> tag.

  1. <style>
  2. #email-message {
  3. display: none;
  4. margin-top: 10px;
  5. background-color: rgb(245,245,245);
  6. padding: 8px;
  7. -webkit-border-radius: 3px;
  8. -moz-border-radius: 3px;
  9. border-radius: 3px;
  10. border: 1px solid #aaa;
  11. width: 220px;
  12. color: black;
  13. }
  14. </style>

This completes our tutorial. You can now validate entered data in the most user-friendly way.

2 comments to Validation in PHPRunner and ASPRunnerPro applications

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>