How to attach an external javascript validation file

I have a small form field on each page of my site in order for customers to subscribe to the mailing list. I want to validate it without clogging up the head section with javascript. I've used server side validation and copied out the client side validation code to an external file then attached it as follows ie, <script type="text/javascript" src="js/validation.js"></script>.
However I think the path in the javascript needs some adjustment as its not seeing the entry on the page - it just rejects everything. Can you tell me, a) whether the server side code is secure enough on its own, and b) whether it is possible to attach the javascript file with some adjustments to the code. Thanks.

Server side validation is always better than client side validation. Client side validation uses javascript which can be turned of in the browser.


You can put the client side validation script into an external javascript file, your syntax looks correct.

Could you possibly have a look at the attached file and see if there's something I'm missing. The server side validation works fine. But the javascript doesn't seem to execute. I've tried copying the email form out to a separate php file with the javascript in the head and that works fine, so there must be something else on the page thats preventing it from working.

Your page has two forms on it. change the form tag at line 323:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="subscribe" id="subscribe" onsubmit="WAValidateEM(document.forms[0].SubscribeEmail,document.forms[0].SubscribeEmail.value,'Please supply a valid email address',document.forms[0].SubscribeEmail,1,true);WAAlertErrors('','',true,false,false);return document.MM_returnValue"   >

to:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="subscribe" id="subscribe" onsubmit="WAValidateEM(document.forms[1].SubscribeEmail,document.forms[1].SubscribeEmail.value,'Please supply a valid email address',document.forms[1].SubscribeEmail,1,true);WAAlertErrors('','',true,false,false);return document.MM_returnValue"   >

Thats such a relief - thank you so much. I just need to ask one more question then I promise I'll go away! Is there a way to safeguard against duplicate entries. Its only one field so I wondered whether using the REPLACE INTO command instead of INSERT INTO might work.

I tried this (just literally replacing INSERT with REPLACE):
...
mysql_select_db($WA_connectionDB, $WA_connection);
if (!session_id()) session_start();
$insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WA_Sql = "REPLACE INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
$_SESSION[$WA_sessionName] = mysql_insert_id();
if ($WA_redirectURL != "") {
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}
}
...
but it still just inserts it as a new entry

to prevent duplicates, you would need to create a recordset. Filter the column you do not what duplicates for on the form element duplicates should not be entered into. Name the rcordset "CheckRepeat".

Then add server side validation. select numeric validation, for the server variable, enter "$totalRows_CheckRepeat" and click the plus button to add it. Set the Minimum to -1 and the max to 0.

This will cause validation to fail if there are any records in the CheckRepeat recordset.