close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Validation errors (CSS Form Builder)

Thread began 9/15/2009 8:30 am by webassistdotcom261883 | Last modified 9/16/2009 7:07 pm by Jimmy Wu | 1542 views | 3 replies |

thetypehouse

Validation errors (CSS Form Builder)

Hello

I'm trying to validate a form to prevent SQL injections, so I'm using validation.
whitelevel/

I built this form using Dreamweaver's Record Insertion Form Wizard, and then applied FB's client and server validation (Insert bar: WebAssist/Client Validation - and Server Validation) after that.

I need to allow spaces in a number of alphanumeric fields, together with some limited punctuation "',.()" (double quotes show the limits of what I want to allow).

However, it's not allowing users to enter spaces in the First and Last Name fields. Furthermore, entering punctuation in the "Church/Choir/School" field seems to reset the form without allowing the user to go to the next page (and no data is inserted into the database).

I've tried the form both with and without JavaScript enabled, and still get errors (server validation allows spaces -- but not punctuation -- in all three alphanumeric fields).

I'd be grateful for some help. This has taken up a lot of time so far.

Thanks.

SUGGESTION
It would be really helpful to have documentation explaining precisely what each bit of code does (both the PHP code at the beginning of the document and the <form onSubmit ...>) as what I see there doesn't seem to match up with what I entered in the WA dialogue boxes. (For example, even if I create validation to disallow upper-case and lower-case letters, the code doesn't seem to be any different to if they are allowed. Perhaps I'm looking in the wrong place, but it's impossible to tell.)

USER INFO
The page is Valid HTML (XHTML Transitional)
Dreamweaver CS4 / WinXP SP3
Many WebAssist extensions, including:
CSS FormBuilder 1.0.0
Validation Toolkit 2.3.5 (now removed from Extension manager)
DataAssist 2.0.5
SecurityAssist 1.1.7

Sign in to reply to this post

Jimmy Wu

You do not need to apply both client side and server side validations on these fields. Applying both is redundant, since they will validate the same information, so the server side validation should never trigger.

For your validations, it does not look like you checked the checkbox to allow spaces:

WAValidateAN(document.getElementById('form1').firstname,document.getElementById('form1').firstname.value,'You have either entered invalid character(s) (letters, numbers, spaces or ().,\' are allowed) or you have left the First Name field empty.\nPlease enter your First Name.\n\n',true,true,true,<b>false</b>,'\'',document.getElementById('form1').firstname,0,true);

That false means that spaces are not allowed. If you change it to true, it should allow spaces. You will need to change this for the lastname field as well.

As for the churchchoirschool field, this seems to be caused by the server validations not being set up correctly. If you removed the server validations, the form should submit correctly again. You can do this by going to the server behaviors panel, selecting the server validations and hitting the "-" button.

Sign in to reply to this post

thetypehouse

Thanks, Jimmy.

I have manually changed the client validation and also removed the server validation - and this now works. It's very strange, though, as I _know_ that I ticked all the right boxes, and should not have got the 'true,true,true,false' that showed up in the code.

You say:
>You do not need to apply both client side and server side validations on these fields. Applying both is redundant, since they will validate the same information, so the server side validation should never trigger.

Although this is true for users with JavaScript enabled, I am unhappy with having no server validation, as if someone uses a User Agent with no JavaScript, then they would be able to enter "bad" data, even if this was unintentional. Furthermore, a malicious attack could be made by someone who has deliberately turned off JS. So I will need to try server validation again in order to protect my client's database.

It would be useful to see exactly how your validation code works (a lot of it I understand, but some of it seems impenetrable!). :)

Thanks again.

Sign in to reply to this post

Jimmy Wu

If that is the case, you can set up server validations to do the same thing on the form to prevent users from being able to maliciously insert information into your database. Hopefully you won't have any problems with the server validations this time around.

I'm glad to see you got the client validations to work though.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...