Re: Checking Form data
For July's javascript stat try http://www.thecounter.com/stats/2002/July/javas.php For any month statistics with javascript, java, os's, browsers, resolutions, colordepth's http://www.thecounter.com/stats/ (note, after clicking on the month, notice the yellow area on the right for choosing the statistic your interested in). -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
Jim, et al -- ...and then Jim Lundeen said... % % on a side note: does anyone know the % of people that actually disable % javascript in their browser? can javascript actually be used to harm (lets 100% of the people on my computer do :-) % pretend those annoying pop-up windows don't count!)? i'm not really a % hard-core javascript person, so any stats that you have would be interesting % and helpful... thanks! I don't have anything handy, I'm afraid, but I know that my brother wrote a 5-minute hack that will kill any browser running JS a few years ago -- and he's not even a cracker type. It is my understanding that JS cannot actually create/modify/destroy files, but it can read them and transfer data, so at the very least it's a privacy hole. I'm interested in this topic, and particularly interested in just what JS can and cannot do, so please at least keep me in the CC list if this thread goes off-list (which it probably should). HTH & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg06209/pgp0.pgp Description: PGP signature
RE: Checking Form data
ahh.. I was not aware the Date::Calc could catch illegal dates like
9/33/2002
i thinks i will use that. and I am also checking out your 'Form data
checker' now.
THANKS !!
> -Original Message-
> From: fliptop [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 31, 2002 9:42 PM
> To: Kipp, James
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Checking Form data
>
>
> Kipp, James wrote:
>
> > What is the best way to validate form data. I have a form
> which the user
> > enters dates like '08/01/2002'. What is the best way to
> make sure this
> > format is entered. Should i use javascript here or regex?
>
>
> i had some free time, so i decided to finish up some thoughts i have
> regarding validating form data. i've developed a simple module to
> perform basic validation and shown how to implement it. it's all
> available here:
>
> http://www.peacecomputers.com/form_checker/
>
> please send any errata or general comments directly to me,
> not the list.
>
> many thanks to Eric Moore ([EMAIL PROTECTED]) for his help and
> patience during development.
>
> please note that this module doesn't really answer the
> question posed by
> the original poster, namely 'how do i validate a date?' imho, i'd do
> that like this (for slash-delimited dates only):
>
> use strict;
> use Date::Calc qw(check_date);
>
> my @date = qw( 08/02/2002
> 7/3/2003
> 13/3/2006
> 09/33/2002
> al/df/ioji
> 09/14/66
> );
>
> for my $date (@date) {
>my ($month, $day, $year) = split "/", $date;
>
>if (check_date($year,$month,$day)) { print "$date is kosher\n"; }
>else { print "$date is uncool\n"; }
> }
>
> OUTPUT
>
> 08/02/2002 is kosher
> 7/3/2003 is kosher
> 13/3/2006 is uncool
> 09/33/2002 is uncool
> Argument "ioji" isn't numeric in subroutine entry at try1.pl line 17.
> Argument "al" isn't numeric in subroutine entry at try1.pl line 17.
> Argument "df" isn't numeric in subroutine entry at try1.pl line 17.
> al/df/ioji is uncool
> 09/14/66 is kosher
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Checking Form data
yes, there a number of DOS and exploits using javascript. not sure how serious. i know alot of companies filter out active X and VBscript (mine included) > -Original Message- > From: Jim Lundeen [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 31, 2002 4:49 PM > To: Kipp, James; begin begin > Subject: Re: Checking Form data > > > on a side note: does anyone know the % of people that > actually disable > javascript in their browser? can javascript actually be used > to harm (lets > pretend those annoying pop-up windows don't count!)? i'm > not really a > hard-core javascript person, so any stats that you have would > be interesting > and helpful... thanks! > > "Kipp, James" wrote: > > > Thanks for the reference. but as ealier mentioned , java > script can be > > filtered out or shut off at the browser. i went ahead and > made a validation > > routine in the CGI itself with regex and other tests. > > > > > -Original Message- > > > From: John Griffiths [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, July 31, 2002 1:20 PM > > > To: Kipp, James > > > Cc: '[EMAIL PROTECTED]' > > > Subject: Re: Checking Form data > > > > > > > > > Although Perl/CPAN makes some good form handling modules > > > available I think that the more client side data checking you > > > can do the better. For date input I'd go with javascript, and > > > I'd use an input calendar to control the data. See, for > > > example, a prototype I'm working on at > > > http://www.southwindssailing.com/pressgang/ which uses a nice > > > javascript/DHTML input > > > calendar by Lea Smart (www.totallysmartit.com). > > > > > > -- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
Kipp, James wrote:
> What is the best way to validate form data. I have a form which the user
> enters dates like '08/01/2002'. What is the best way to make sure this
> format is entered. Should i use javascript here or regex?
i had some free time, so i decided to finish up some thoughts i have
regarding validating form data. i've developed a simple module to
perform basic validation and shown how to implement it. it's all
available here:
http://www.peacecomputers.com/form_checker/
please send any errata or general comments directly to me, not the list.
many thanks to Eric Moore ([EMAIL PROTECTED]) for his help and
patience during development.
please note that this module doesn't really answer the question posed by
the original poster, namely 'how do i validate a date?' imho, i'd do
that like this (for slash-delimited dates only):
use strict;
use Date::Calc qw(check_date);
my @date = qw( 08/02/2002
7/3/2003
13/3/2006
09/33/2002
al/df/ioji
09/14/66
);
for my $date (@date) {
my ($month, $day, $year) = split "/", $date;
if (check_date($year,$month,$day)) { print "$date is kosher\n"; }
else { print "$date is uncool\n"; }
}
OUTPUT
08/02/2002 is kosher
7/3/2003 is kosher
13/3/2006 is uncool
09/33/2002 is uncool
Argument "ioji" isn't numeric in subroutine entry at try1.pl line 17.
Argument "al" isn't numeric in subroutine entry at try1.pl line 17.
Argument "df" isn't numeric in subroutine entry at try1.pl line 17.
al/df/ioji is uncool
09/14/66 is kosher
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
> >>>I have a form which the user >>>enters dates like '08/01/2002'. What is the best way to make sure this >>>format is entered. Should i use javascript here or regex? >> > > None of them, you should create a select/opt menu. > Then you even no need to check it, so you can put you focus > to avoid 31/02/2002 etc. > This is correct, with the exception of date validation is still required in this instance as even with a set of pull downs the user can pick a date that *does not exist* (unless you want them to be able to)...such as 02/31/, this is always an invalidate but would pass regex check, etc. Check out Date::Calc on CPAN, it is beautiful for just about any date related stuff. Again you could handle this as well in javascript, but you seem concerned about that, so this is the perl solution... http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
on a side note: does anyone know the % of people that actually disable javascript in their browser? can javascript actually be used to harm (lets pretend those annoying pop-up windows don't count!)? i'm not really a hard-core javascript person, so any stats that you have would be interesting and helpful... thanks! "Kipp, James" wrote: > Thanks for the reference. but as ealier mentioned , java script can be > filtered out or shut off at the browser. i went ahead and made a validation > routine in the CGI itself with regex and other tests. > > > -Original Message- > > From: John Griffiths [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 31, 2002 1:20 PM > > To: Kipp, James > > Cc: '[EMAIL PROTECTED]' > > Subject: Re: Checking Form data > > > > > > Although Perl/CPAN makes some good form handling modules > > available I think that the more client side data checking you > > can do the better. For date input I'd go with javascript, and > > I'd use an input calendar to control the data. See, for > > example, a prototype I'm working on at > > http://www.southwindssailing.com/pressgang/ which uses a nice > > javascript/DHTML input > > calendar by Lea Smart (www.totallysmartit.com). > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Checking Form data
Thanks for the reference. but as ealier mentioned , java script can be filtered out or shut off at the browser. i went ahead and made a validation routine in the CGI itself with regex and other tests. > -Original Message- > From: John Griffiths [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 31, 2002 1:20 PM > To: Kipp, James > Cc: '[EMAIL PROTECTED]' > Subject: Re: Checking Form data > > > Although Perl/CPAN makes some good form handling modules > available I think that the more client side data checking you > can do the better. For date input I'd go with javascript, and > I'd use an input calendar to control the data. See, for > example, a prototype I'm working on at > http://www.southwindssailing.com/pressgang/ which uses a nice > javascript/DHTML input > calendar by Lea Smart (www.totallysmartit.com). -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
Although Perl/CPAN makes some good form handling modules available I think that the more client side data checking you can do the better. For date input I'd go with javascript, and I'd use an input calendar to control the data. See, for example, a prototype I'm working on at http://www.southwindssailing.com/pressgang/ which uses a nice javascript/DHTML input calendar by Lea Smart (www.totallysmartit.com). "Kipp, James" wrote: > What is the best way to validate form data. I have a form which the user > enters dates like '08/01/2002'. What is the best way to make sure this > format is entered. Should i use javascript here or regex? -- Dr. John Griffiths \( ~ )7 The Teahouse of Experience MAILTO:[EMAIL PROTECTED] http://www.frontier.net/~grifftoe/ O, call back yesterday. Richard II, act 3, sc. 2. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
> > What is the best way to validate form data. That would be a very very big topic here... I can't show the method, but can share some steps. Client Side 1. Check missing fields (Check it if js enabled) 2. Check pattern (js also do regex, but not powerful as Perl) Server Side 3. Pick up data ( you may have to deal with GET and POST ) ## Do 1 and 2 here if client side disabled js. 4. Check referer / session id /cookies / whatever (Aim to check where the form sign from) 5. Check yours own expectation on fields perference. That's all about on my point of view. > > I have a form which the user > > enters dates like '08/01/2002'. What is the best way to make sure this > > format is entered. Should i use javascript here or regex? None of them, you should create a select/opt menu. Then you even no need to check it, so you can put you focus to avoid 31/02/2002 etc. Rgds, Connie -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
On Tue, 30 Jul 2002, Kipp, James wrote:
> What is the best way to validate form data. I have a form which the user
> enters dates like '08/01/2002'. What is the best way to make sure this
> format is entered. Should i use javascript here or regex?
I heard about and started using Data::FormValidator. It returns a
hash, I think of fields which were valid, an array of fields that
were missing, and some other things, like invalid fields and
unknown fields.
The problem is, I don't know what to do with the information. I
just enter $valid{$field} in the form wihout checking whether it
exists, or is defined, or is true.
--
Greg MathesonIf you're not making any mistakes,
Chinmin College you must be making some mistake.
Taiwan Penpals Archive http://netcity.hinet.net/kurage>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Checking Form data
> > Answering what I think you're asking: Client-side validation > (javascript) is fine for avoiding an > unnecessary trip to the server, but it's easily avoided -- > you can just turn javascript off. > Therefore, server-side validation is mandatory lest you open > up security holes. thanks. actually that is good news, i know very little javascript anyway. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking Form data
--- "Kipp, James" <[EMAIL PROTECTED]> wrote:
> What is the best way to validate form data. I have a form which the user
> enters dates like '08/01/2002'. What is the best way to make sure this
> format is entered. Should i use javascript here or regex?
>
> Thanks
Answering what I think you're asking: Client-side validation (javascript) is fine for
avoiding an
unnecessary trip to the server, but it's easily avoided -- you can just turn
javascript off.
Therefore, server-side validation is mandatory lest you open up security holes.
Cheers,
Curtis "Ovid" Poe
=
"Ovid" on http://www.perlmonks.org/
Someone asked me how to count to 10 in Perl:
push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//;
shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A
__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
