CodeIgniter Forums

Full Version: Validating form data
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]alvaroeesti[/eluser]

Howdy!

I have got a couple of issues with my form:

1 ) It won't listen to the maxlength limit I write here, so regardless of how many characters someone enters, it does not complain (they could bufferoverflow my ap)

$this->form_validation->set_rules('areato', 'areato', 'trim|is_numeric|maxlength=[5]|xss_clean');

As you see it should allow a max of 5 characters, but it doesn't care.


2) The second issue is more difficult. In input type field boxes, I have written what the user should enter, (instead of putting a label by or above the field) Usually as you know, as you focus on the field, there is some javascript stuff that automatically deletes the message of say, "enter number". but that input type field is optional, so it can happen that someone just doesnt care about that parameter and leaves the default text message of "enter number".

What happens then? Since in my validation rules I wrote that only numeric characters are allowed, then it will detect the default message "enter number", will notice alfanumeric characters and will give the error.

So, the validation rules should know that it has to ignore that as it is not the user who wrote it, but the default instructions.

El Forum

[eluser]Mirge[/eluser]
[quote author="alvaroeesti" date="1348403148"]
Howdy!

I have got a couple of issues with my form:

1 ) It won't listen to the maxlength limit I write here, so regardless of how many characters someone enters, it does not complain (they could bufferoverflow my ap)

$this->form_validation->set_rules('areato', 'areato', 'trim|is_numeric|maxlength=[5]|xss_clean');

As you see it should allow a max of 5 characters, but it doesn't care.


2) The second issue is more difficult. In input type field boxes, I have written what the user should enter, (instead of putting a label by or above the field) Usually as you know, as you focus on the field, there is some javascript stuff that automatically deletes the message of say, "enter number". but that input type field is optional, so it can happen that someone just doesnt care about that parameter and leaves the default text message of "enter number".

What happens then? Since in my validation rules I wrote that only numeric characters are allowed, then it will detect the default message "enter number", will notice alfanumeric characters and will give the error.

So, the validation rules should know that it has to ignore that as it is not the user who wrote it, but the default instructions.
[/quote]

1.) Use the MAXLENGTH attribute for your input text field. See: http://www.w3schools.com/tags/att_input_maxlength.asp

Note that this isn't enough on its own, it's simply a usability feature. For form validation, use the rule max_length[5] (instead of max_length=[5]).

2.) You should use the PLACEHOLDER attribute (HTML 5) for your input text field. See: http://www.w3schools.com/html5/att_input...holder.asp

El Forum

[eluser]alvaroeesti[/eluser]

UPDATE:

Wonderfully well worked all your solutions. Thank you! I loved the placeholder stuff it does not confuse the form validator and it also looks pretty sophisticated stuff, I thought it would require javascript code and it only takes one word. This HTML 5 is great stuff.

==========================



Ok, thank you about the placeholder, I didnt know about it. I ll have a read.

With regards to using the maxlength on my html input field, yes, I agree with what you say that it is not enough to try to hardcode it on the html, I didn't want to do it because it can be beaten without a problem. The user copies the source code of the html form, changes the restriction or eliminates and submits himself his form to my destination file.

So, both of the things you gave me worked fine, thank you! and now I ll try the placeholder thing.

Ah, oh, by the way, very knowledgeable for that age!

regards

Alvaro