tags:

views:

148

answers:

5
+2  Q: 

Convert simple Javascript script to PHP

I have a simple javascript function to validate a form (RSform!Pro in Joomla) on submit. Problem is bots are able to submit the form without the validate script running when they have javascript disabled. The only option I can think of to prevent this case from happening is to use php instead of javascript. Could someone help me with this conversion or offer an alternative?

    function validateEntreeCount(theForm)
    {
     if (parseInt(document.getElementById('Attendees').value) != 
parseInt(document.getElementById('Beef').value) + 
parseInt(document.getElementById('Chicken').value) + 
parseInt(document.getElementById('Vegetarian').value))
     {
      alert('The total amount of attendees does not match the total amount of entrees selected'); 
      return false;
     } 
     else
     {
      return true; 
     }
    }

Thanks for everybody's input!

A: 

I cannot help with the conversion right now, but to deal with bots you can also hide the submit button from users and use javascript to include it in the page.

Moshe  2010-01-31 05:57:56
A: 

You will have to find where in the code the form is getting submitted. But it is not the id of an element that it gets submitted, but the name.
In php you are looking for $_GET['name of element'], and $_POST['name of element in post request']
When you have the string result you can use intval('') to convert to an int

Matthew  2010-01-31 06:14:23
+1  A: 

I would say it is always a good idea to have validation both on the client side (with javascript) AND on the server side (with whatever you use).

This way, you make sure the user doesn't have to wait for a page reload if he made a mistake, but you can be sure that your app won't have invalid input because your user does not have javascript on, maliciously or not (many users don't leave javascript on by default).

I guess the buzzword here is graceful degradation. I mean that it should be possible to use your website without javascript on, even if not having as good a experience as if you had it on. And forms are a no brainer for that, specially because of the importance of cleaning the data before you can really use it.

Flávio Amieiro  2010-01-31 06:21:25
+1  A: 

You can go something like this:

function validateEntreeCount()
{
 if (intval($_POST['Attendees']) != 
intval($_POST['Beef']) . 
intval($_POST['Chicken']) . 
intval($_POST['Vegetarian']))
 {
  print('The total amount of attendees does not match the total amount of entrees selected'); 
  // exit/redirect/return false or whatever
 } 
 else
 {
  return true; 
 }
}

You make sure that values in POST var are coming there. and also if you are comparing numbers then you will have to specify + rather than a dot as shown above.

Sarfraz  2010-01-31 06:21:48
+2  A: 

In order for the conversion to work, I will have to assume a few things, so let me show you a conversion with my general assumptions:

My assumed HTML page, containing a form with a few input types, total number of attendees, a number indicating how many orders of what type of dinner and a submit button. Notice the method of the form is a post and the action is yourfile.php. 

<form name="my_form" method="post" action="yourfile.php">
   <input type="text" value="Attendees"></input>
   <input type="text" value="Beef"></input>
   <input type="text" value="Chicken"></input>
   <input type="text" value="Vegetarian"></input>
   <input type="submit" value="submit"></input>
</form>

Your PHP page that will retrieve the form values:

<?php
  function validateEntreeCount() {
   // used for validation purposes
   if (!isset($_POST['submit']) {
       // form was submitted without data, silly bots.
     echo "We've encountered a problem, please re-enter your data";
      // possible redirect back to the page.
   }       
   // convert the data into integers.
   $total   = intval($_POST["Attendees"]);
   $beef    = intval($_POST["Beef"]);
   $chicken = intval($_POST["Chicken"]);
   $veg     = intval($_POST["Vegetarian"]);

    // if all is well, everything should be equal
     if ($total == ($beef + $chicken + $veg)) {
       return true;
    }  
   // something went wrong
       echo "The total amount of attendees does not match the total amount of entrees selected";
       return false;
  }
?>

This hasn't been tested or compiled, just demonstrating how the comparison function would look like in PHP. There are many things to work on, especially validating input and error checking.

Hope this helps you out, or points you in the right direction.

Anthony Forloney  2010-01-31 06:28:24
That $total comparison should be a double equal (==), or else it will always return true.
konforce  2010-01-31 06:43:58
@konforce, thank you for pointing that out, edited my answer.
Anthony Forloney  2010-01-31 06:49:46

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases