开发者

Calling javascript form php

I am having a form inside a php script. I am doing the validation using javascript.

<?php

$co开发者_如何学Cn = mysql_connect("servername","login","passsword");
if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

mysql_select_db("dbadminatms", $con);

if (isset($_POST['email']) && isset($_POST['name']) && isset($_POST['comments']))
{
    $sql="INSERT INTO feedback_comments (posted_by, email, comments_text, comment_date)
        VALUES
    ('$_POST[name]','$_POST[email]','$_POST[comments]',NOW())";
    $emailID = $_POST['email'];
    $postedBy = $_POST['name'];
    $message = $_POST['comments'];

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
    else
    {
        mail( "aaa@bbb.coml.com", "Subject: Comments", $message, "From: $emailID\r\n $postedBy" );
    }
}
    else
{

echo '


<form action="contactus.php" method="POST" id="feedback" onsubmit="javascript:return validate("feedback","name","email","comments");">

                <p id="errorMsg">All fields are required</p>

                <label for="name" class="label" id="nameLabel">Your name: </label><input id="name" type="text" size="30"  name="name" class="field"/>
                <br /><br />
                <label for="email" class="label" id="emailLabel">Your Email id: </label><input id="email" type="text" size="30"  name="email" class="field"/>
                <br /><br />

                    <label for="comments" class="label" id="commentsLabel">Comments:</label>
                  <div id="commentsSection">
                    <textarea name="comments" id="comments" class="ui-corner-all" cols="9" rows="5" tabindex="140"></textarea>
                  </div>

            <p><input type="submit" value="Submit" id="submit"/>&nbsp;<input type="reset" /></p>

        </form>';
}

    mysql_close($con);
?>

Everrything's is working fine but I can't validate the form using javascript.


The relevant excerpt is:

onsubmit="javascript:return validate("feedback","name","email","comments");"

Two things:

  1. Your use of double quotes within the attribute will end it prematurely (the browser will only see onsubmit="javascript:return validate(", which is invalid and will be tossed by the JavaScript interpreter). Use single quotes instead within the attribute value:

    onsubmit="javascript:return validate('feedback','name','email','comments');"
    
  2. Do you actually have a JavaScript function called validate that's included in the page somewhere, either directly or via an external JavaScript file?

Separately, note that if you use onsubmit, you don't use javascript: at the beginning, just:

onsubmit="return validate('feedback','name','email','comments');"

The javascript: pseudo-protocol is only used where the HTML would normally contain a link, as with the href attribute of anchors. onsubmit and similar don't accept links, just JavaScript code, so you don't use it. (It's largely harmless if you do, because coincidentally it looks like a label in JavaScript, and so the code parses okay and runs. But it's wrong.)


Off-topic, but important: NEVER rely on client-side validation; client-side validation is purely a user experience improvement exercise (helping people send you things you'll accept), never a replacement for server-side validation. Your PHP code as quoted is wide open to SQL injection (or even innocent issues — what happens if there's a ' in one of the fields, for instance?). Search for "SQL Injection PHP" to find lots of way so correctly process submitted data.


Plus good practice states that you should sanitize your inputs, never rely only on JS validation, but also do it serverside, and never EVER EEEEEEVER use $_POST['whatever'] directly in your query, its damn dangerous, process the input and try to save yourself from xss, and mostly sql injection.


You don't need to specify javascriptin onsubmit:

onsubmit="javascript:return validate("feedback","name","email","comments")"

instead do this:

onsubmit="return validate("feedback","name","email","comments")"

and I hope you are putting proper escape charaters for the strings. Use this instead:

onsubmit="return validate(\"feedback\",\"name\",\"email\",\"comments\")"


Using jquery is better.

jQuery plugin: Validation

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜