I am using codeigniter. I have written simple from code with html5 validation.but its not working.its still go to the controller..This is my code.
<?php echo form_open('welcome/RigesterValue');?>
<h4> Rigesteration </h4>
<table border="2" align="center">
<tr><td><label>First name</td>
<td><input type="text" maxlength="20" id="First_name" name="First_name" required pattern="[A-Z ]+"></td></tr>
<tr><td><label>Last name</td>
<td><input type="text" maxlength="20" name="Last_name"></td></tr>
<tr><td><label>User name</td>
<td><input type="text" maxlength="20" name="User_name"></td></tr>
<tr><td><label>Password</td>
<td><input type="password" maxlength="20" name="Password"></td></tr>
<tr><td><label>Confirm Password</td>
<td><input type="password" maxlength="20" name="Confirm_Password"></td></tr>
<tr><td><label>Address</td>
<td><input type="text" maxlength="20" name="Address"></td></tr>
<tr><td><label>Cell number</td>
<td><input type="text" maxlength="20" name="Cell_number"></td></tr>
<tr><td><label>Email</td>
<td><input type="text" maxlength="20" name="Email"></td></tr>
<tr><td><Label>Status</Label></td>
</td></tr><br>
<tr><td align="center" colspan="2"><input type="Submit" value="Register"></td></tr>
</table>
<?php echo form_close();?
I have apply html5 validation on just first field ..Which is First_name..but still it go to the controller page.
CodeIgniter's own validation often does the trick. It's most safe since it will receive values, validate them and then process them.
Validation through the browser isn't reliable due to things like Firebug and so on. In the end I can easily post whatever values I want to your page, and if validation only covers HTML5 etc, your system won't know what hit it.
Always let your server validate everything, but you may aswell let some thing be done also inside your view. For instance, finding an unoccupied username can be a hazzle if you need to post every time just to hear that it's taken, therefor the part can be done through ajax that checks if username is taken or not and shows before submit.
If you get form_validation to work as intended, you probably won't see much need for more ways to validate your fields.
Related
I want to perform CURD operation using JSP,servlet and Mysql . Trying to post id using hidden element but when i perform delete operation it always deleted the first row in the table.
Please let me know how to post selected data to servlet data using single form through hidden element.
<c:forEach var="record" items="${SLIST}">
<input type="hidden" value="${record.Id}" id="poststudentId" name="poststudentId" />
<td>${record.Id</td>
<td>${record.lastName}</td>
<td><input type="submit" value="View" id="view_button" name="option" class="view" /></td>
<td><input type="submit" value="Edit" id="edit_button1" name="option" class="Edit" /></td>
<td><input type="submit" value="Delete" id="delete_button" name="option" class="Delete" /></td>
</tr>
</c:forEach>
Taken literally, this appears to need an HTML <form> tag surrounding the <input> elements, otherwise it can't relate them together.
I am playing with the Spring validating form input example - java spring mvc with Thymeleaf views. I have been able to pass messages into the view without issue. These display where the example wants them to...
e.g.
<td th:if="${#fields.hasErrors('name')}" th:errors="*{name}">Name Error</td>
I am trying to find a way to put them into the html input validation attributes though so I have tried the following (full page below)
<td><input type="text" th:field="*{age}" **required="required" data-errormessage-value-missing="${#fields.errors('age')}" data-errormessage="${#fields.errors('age')}"**/></td>
This has done no good though and the validation message displayed is ${#fields.errors('age')} ! Is there a way to push the binding errors into the attribute or am I misunderstanding the way it works ?
Thanks for any help in advance.
Page html
<html>
<body>
<form action="#" th:action="#{/}" th:object="${personForm}" method="post">
<table>
<tr>
<td>Name:</td>
<td><input type="text" th:field="*{name}" required="required" data-errormessage-value-missing="Custom Message" /></td>
<td th:if="${#fields.hasErrors('name')}" th:errors="*{name}">Name Error</td>
</tr>
<tr>
<td>Age:</td>
<td><input type="text" th:field="*{age}" required="required" data-errormessage-value-missing="${#fields.errors('age')}" data-errormessage="${#fields.errors('age')}"/></td>
<td th:if="${#fields.hasErrors('age')}" th:errors="*{age}">Age Error</td>
</tr>
<tr>
<td><button type="submit">Submit</button></td>
</tr>
</table>
</form>
</body>
</html>
Thymeleaf only evaluates attributes that start with th:, so in order to do this, you have to use th:attr. You're tag should look like:
<input type="text" th:field="*{age}" required="required" th:attr="data-errormessage-value-missing=${#fields.errors('age')}, data-errormessage=${#fields.errors('age')}" />
You could also use this plugin to evaluate data tags, but I've haven't used it before so I can't comment on how well it works: https://github.com/mxab/thymeleaf-extras-data-attribute
i managed to build this form using many sources over internet , and it actually works. But do not know if it is good against any breaks.
<form action="/some/server/some.cgi" method="POST">
<fieldset>
<legend>contact me:</legend>
<input type="hidden" name="recipient"
value="some#some.com">
<input type="hidden" name="subject"
value="message ">
<br>
<br>
<table>
<tr>
<td>
<input type="text" name="name"
placeholder="Your Name please" size="30"
maxlength="30" title="Your name (no numbers)"
pattern="[a-zA-Z]{2,30}" required>
</td>
</tr>
<tr>
<td>
<input type="email" value="email"
name="email" placeholder="Provide valid email please"
pattern="[a-z0-9._%+-]+#[a-z0-9.-]+\.[a-z]{2,3}$"
title="Your VALID email address" size="30"
maxlength="50" required>
</td>
</tr>
<tr>
<td>
<input type="text" name="message"
placeholder="Message" size="30" maxlength="200"
title="Long text is not allowed"
pattern="[a-zA-Z0-9\s]{5,200}" required>
</td>
</tr>
<tr>
<td>
<input type="submit" value="Send"
name="Submit">
</td>
</tr>
</table>
</fieldset>
</form>
i am new to regEx and would like to know any issues that can happen with this form. thanks
There is no One particular answer whether or not the form is secure. It always depends on the attacker's way of thinking .There many creative ways hackers can think of to bypass a particular form.
The main place to work on is Server-Side for security Not the
Client-Side because Client-Side HTML andJavaScript can be manipulated
any how.
Anyways,
You can refer to these links :
code.tutsplus.com/tutorials/secure-your-forms-with-orm-keys--net-4753"
www.youtube.com/watch?v=ATBdUB-aXko"
www.formstack.com/features/security
In the name field you cannot provide space because your regular expression won't allow it.. If you want to allow space please change the below pattern
[a-z A-Z]{2,30}
The regex will reject valid email addresses. Client side data validation provides no protection against someone trying to subvert your application. The "pattern" attribute is (from memory) a fairly recent addition and ignored by Safarai and older browsers.
What are your criteria for "secure".
I've reviewed this post and this post, but they work for me. Those posts are 4-5 years old, so perhaps the browser rules for this have changed or gotten more specific?
Here is the form for login. There is no ajax and no javascript of any kind. I've tried changing the the input name from usernameOrEmailAddress to username and that doesn't change anything.
<form method="post" name="loginForm" id="loginForm" action="login-check.php" autocomplete="on">
<table>
<tr>
<th>Username or Email Address</th>
<td><input autofocus type="text" name="usernameOrEmailAddress" value="" required></td>
</tr>
<tr>
<th>Password</th>
<td><input id="password" type="password" name="password" value="" required title="Password"></td>
</tr>
</table>
<div class='row'>
<input class="inputsubmit button" name="login" type="submit" value="Login" />
</div>
</form>
Neither Chrome nor Firefox prompt to save the password for next time. What am I doing wrong?
Most browsers will do this automatically as long it can detect a username and a password field. Here is a picture on my computer when I just copy and pasted your code.
If it doesn't work for you, clear your cache and cookies then attempt again. Also what browser(s) are you using?
I want to store several fields from a html form in one table field. Here is the source code for the form. This is only part of the form, the form tags are there. Attached is a screenshot from this part of the form.
<table border=0 cellpadding=0 cellspacing=0>
<tr>
<td><input class="field checkbox" type="checkbox" value="Automotive" /><label class="choice">Automotive</label></td>
<td> Remark:<input name="rem_app_1" type="text" size="50" value=""/></td>
</tr>
<tr>
<td><input class="field checkbox" type="checkbox" value="Backlights"/><label class="choice">Backlights</label></td>
<td> Remark:<input name="rem_app_2" type="text" size="50" value=""/></td>
</tr>
<tr>
<td><input class="field checkbox" type="checkbox" value="Signage/Traffic lights"/><label class="choice">Signage/Traffic lights</label></td>
<td> Remark:<input name="rem_app_3" type="text" size="50" value=""/></td>
</tr>
<tr>
<td><input class="field checkbox" type="checkbox" value="IR" /><label class="choice">IR</label></td>
<td> Remark:<input name="rem_app_4" type="text" size="50" value=""/></td>
</tr>
<tr>
<td><input class="field checkbox" type="checkbox" value="LED lights"/><label class="choice">LED lights</label></td>
<td> Remark:<input name="rem_app_5" type="text" size="50" value=""/></td>
</tr>
<tr>
<td><input class="field checkbox" type="checkbox" value="Mobile devices"/><label class="choice">Mobile devices</label></td>
<td> Remark:<input name="rem_app_6" type="text" size="50" value=""/></td>
</tr>
</table>
The way it is stored in mysql should be like this, depending on what checkbox the user clicks,e.g.:
Automotive, Remark: blablabla
Backlights, Remark: blubblubblub
Mobile applications, Remark: skdfjasldfkj
Start with adding a name field to those checkboxes. What language are you using for form processing? PHP?
What backend language are you using on your server? Mysql is not a server language itself, but a means to communicate with a database. You need a server language to handle server requests. Check out PHP, ASP.NET, and Django. Arguably, PHP is the easiest to pick up, install, and set up.
Once you have a backend language, you can use that language's Mysql bindings to communicate with your database.