Validation errors (CSS Form Builder)

Hello

I'm trying to validate a form to prevent SQL injections, so I'm using validation.
whitelevel/

I built this form using Dreamweaver's Record Insertion Form Wizard, and then applied FB's client and server validation (Insert bar: WebAssist/Client Validation - and Server Validation) after that.

I need to allow spaces in a number of alphanumeric fields, together with some limited punctuation "',.()" (double quotes show the limits of what I want to allow).

However, it's not allowing users to enter spaces in the First and Last Name fields. Furthermore, entering punctuation in the "Church/Choir/School" field seems to reset the form without allowing the user to go to the next page (and no data is inserted into the database).

I've tried the form both with and without JavaScript enabled, and still get errors (server validation allows spaces -- but not punctuation -- in all three alphanumeric fields).

I'd be grateful for some help. This has taken up a lot of time so far.

Thanks.

SUGGESTION
It would be really helpful to have documentation explaining precisely what each bit of code does (both the PHP code at the beginning of the document and the <form onSubmit ...>) as what I see there doesn't seem to match up with what I entered in the WA dialogue boxes. (For example, even if I create validation to disallow upper-case and lower-case letters, the code doesn't seem to be any different to if they are allowed. Perhaps I'm looking in the wrong place, but it's impossible to tell.)

USER INFO
The page is Valid HTML (XHTML Transitional)
Dreamweaver CS4 / WinXP SP3
Many WebAssist extensions, including:
CSS FormBuilder 1.0.0
Validation Toolkit 2.3.5 (now removed from Extension manager)
DataAssist 2.0.5
SecurityAssist 1.1.7

You do not need to apply both client side and server side validations on these fields. Applying both is redundant, since they will validate the same information, so the server side validation should never trigger.

For your validations, it does not look like you checked the checkbox to allow spaces:

WAValidateAN(document.getElementById('form1').firstname,document.getElementById('form1').firstname.value,'You have either entered invalid character(s) (letters, numbers, spaces or ().,\' are allowed) or you have left the First Name field empty.\nPlease enter your First Name.\n\n',true,true,true,<b>false</b>,'\'',document.getElementById('form1').firstname,0,true);

That false means that spaces are not allowed. If you change it to true, it should allow spaces. You will need to change this for the lastname field as well.

As for the churchchoirschool field, this seems to be caused by the server validations not being set up correctly. If you removed the server validations, the form should submit correctly again. You can do this by going to the server behaviors panel, selecting the server validations and hitting the "-" button.

Thanks, Jimmy.

I have manually changed the client validation and also removed the server validation - and this now works. It's very strange, though, as I _know_ that I ticked all the right boxes, and should not have got the 'true,true,true,false' that showed up in the code.

You say:
>You do not need to apply both client side and server side validations on these fields. Applying both is redundant, since they will validate the same information, so the server side validation should never trigger.

Although this is true for users with JavaScript enabled, I am unhappy with having no server validation, as if someone uses a User Agent with no JavaScript, then they would be able to enter "bad" data, even if this was unintentional. Furthermore, a malicious attack could be made by someone who has deliberately turned off JS. So I will need to try server validation again in order to protect my client's database.

It would be useful to see exactly how your validation code works (a lot of it I understand, but some of it seems impenetrable!). :)

Thanks again.

If that is the case, you can set up server validations to do the same thing on the form to prevent users from being able to maliciously insert information into your database. Hopefully you won't have any problems with the server validations this time around.

I'm glad to see you got the client validations to work though.