190 likes | 309 Views
If statements and validation. If statement. In programming the if statement allows one to test certain conditions and respond differently depending on the outcome of the test. In our example the condition will be that the user actually entered some text.
E N D
If statement • In programming the if statement allows one to test certain conditions and respond differently depending on the outcome of the test. • In our example the condition will be that the user actually entered some text. • If it is true, one set of actions will be performed. • If it is false, a different set of actions will be performed.
Two places to validate • Since we are considering a client-server interaction, there are two locations in which the validation can occur – on the client and on the server. • Client-side validation should be seen mainly as not adding to internet traffic and not wasting the server’s time until the data is acceptable. • Server-side validation should be seen as maintaining data integrity (ensuring the data is of valid format) and security (making sure the user is not trying to access more than they should_
Server-side if Notice when asking if two things are equal one uses two equal signs! Test if the user entered any text in the text field. If the text field was left blank print one message. The “else” handles the other case and prints the original Thank-you message.
Another approach is to use a Boolean operator – in this case || the OR operator If it is true that either of the text fields was left blank then the first message will be printed out.
Example: <script> tag eliminated Eliminating tags that signal code may help with a problem known as “cross site scripting.”
Sometimes the slashes are a good thing • If a user attempts to put in SQL (database query) code, this is known as “SQL Injection.” • SQL Injection often uses quotes (single or double). • The slash tells the system to interpret the quote as a data quote not as a SQL quote. • In fact PHP has an addslashes function for this purpose
Reference • PHP for the World Wide Web, Second edition, Larry Ullman