Can I validate with javascript and then process with php?

I am creating a simple form. I would like to use embedded javascript to validate that the form is filled out and then, if it turns out to be va开发者_运维问答lid, process the data with a php script.

I don't know how to do this, because I don't know how to associate more then 1 script with a form.

<form id="aform" name="aform" action="myvalidationscript.js" method="POST" onSubmit="return checkForm()">

will get my form validated and only send the date if it is valid, but how do I get it to understand that there is a PHP file on the server that wants to accept the data and do something with it?

Either this is possible and I don't know how to do it, or I have the model for validation all wrong. I recognize that I could do the validation in the same PHP file as the processing, but I would like 1) the option to organize my code by functionality a little better than putting everything in one script, and 2) the option to validate client-side with some embedded javascript.

Any suggestions?

Never trust the client-side. You should have all your validation logic on the server-side in php. On the client-side you could add validation logic simply to enhance the user experience.

In addition, the action attribute specifies the URL of the server-side script that should handle the completed and submitted form. It is not there to associate a client-side script with your form.

There's nothing wrong with client-side validation, just as long as you use it simply to enhance the experience of the user and don't rely on it. Remember that any script executed by the user agent (browser) is entirely under the control of the user, meaning an attacker can bypass it with minimal effort.

You should look at http://jquery.com/ or another similar JavaScript library, as these make the whole process much, much easier.

You can use jquery validation a best theme are listed here. Also you better use php validation as well because javascript execution is in user's computer and even beginner users can simply use firebug firefox extension to pass the jquery validation and trust me you don't want them to do that.

To bu sure to be understood I'll begin with "don't trust the client side"

But, Javascript validation is a very good thing for users. for example a little red flag near a field to say that it's mandatory and if you submit the form, you won't have to wait the php to validate, the js will do it before and cancel the submit.

Ok I admit, it's not a big deal, but it's one of these little things that make an app better.

But be sure to re-validate them on the server side !!!