RU beehive logo ITEC dept promo banner
ITEC 325
2012fall
ibarland

homelectsexamshws
D2Lbreeze (snow day)

hw03
Server side validation

Due: 2012.Oct.10 (Wed) 23:59.

We will incrementally improve on hw02—Forms's .W.o.W. page by doing server-side validation of the submitted information. The changes you need are to skill-submit.php (and, renaming hw0{2,3}-files.php.)

Make a copy of your directory from hw02, named hw03/. (cp -pR hw02/ hw03 will Recursively copy directories, preserving timestamps.) I will grade your hw in the usual way, by visiting https://php.radford.edu/~yourUserId/itec325/hw03/index.php, which should (a) say "source not available until date", (if before due-date or after end-of-semester) and (b) have links to all your hw03 files, showing their last-modified time and source (if between the due-date and end-of-semester)

Make a separate file for information needed by both creating and validating the form: Notably, the possible player-classes (used to generate the html for the check-boxes, and then later to validate the available-to choices), any the maximum length of various fields (used to generate the html for the input-text-field, and to validate), and the possible player-attributes (used for the html for the pull-down, and to validate).
You can use require_once to include this file from both skill-form.php and skill-handle.php.

Validate the information submitted on the form, as specified below. (You don't need to change the form at all.) In skill-handle.php, if all the user-provided information is validated, just show the result as before. However, if any fields don't validate, you must include a line near the top of the result page, saying that the form was not properly submitted. Then, include a list of all the errors. Strive to make the error-messages as specific as possible. For example, if the user included an illegal character in a textbox, then the error message:

(Go ahead and group all the errors together at the top; in the next homework our client-side error-checking will place the same error messages right next to the offending form.)

  1. “Your name”: required. Make it long enough that somebody named Kimberleigh-Anne Josephine Montgomery-Richardson 1 won't be offended, but not too much longer than that, to protect somebody who inadvertently pastes in some other long text into that input. We'll allow any characters (including digits and punctuation), but there should be at least one alphabetic character included.
  2. Attributed tied-to: required; must be one of the items in the list.
    (Do not use a six-way if-else-if; use in_array.)
    The function which creates the drop-down shoudl be passed the same array that you use to validate via in_array.
  3. Skill-name: required; can't be too long; can contain spaces, hyphens, apostrophes (and of course alphanumeric characters), but no other characters2.

    As part of this step, you must have a php function that takes in a string and a list of allowed characters (or, dis-allowed characters, or perhaps even a regular expression), and returns a an error message (if the string doesn't match the requirement), or the empty string (if the string does match the requirement). Be sure to give a descriptive name to this function.
    (If you're really good, you'll find a way to re-factor this so that you can go back and use this function to assure there is at least one alphaebetic character in the username, as well.)

  4. Min-level: optional (if not provided, use 30). If entered, it must a valid number in the range.
    (Design choice: do you want to allow people to type things like "0099"? If the range had happened to include 0, would your verification accept "-0"? Should it?)

    As part of this step, you must have a php function that takes in a string and two integers (an upper and lower bound), and returns an error message (if it doesn't represent an integer in that range, inclusive), or the empty string (if it does). Be sure to give a descriptive name to this function.

  5. Skill Description: A max-length, as you feel is appropriate. No restriction on characters.
  6. Available-to: At least one box should be checked, and all checks should be valid. Make sure that the value is one of the things in the array which you used to generate that table.
  7. Finally: for all inputs, trim spaces from the beginning and end of the field, and collapse consecutive spaces into one3 (pregex-replace \ + ). Do this for all fields in $_POST, as follows:
    1. Write a function which takes in a single string and returns the version with tidied-up-spaces;
    2. write a function which takes an array, and returns a new array with each value tidied up;
    3. at the start of your program, call this latter function on $_POST (putting the result back into $_POST, presumably).
    4. Extra credit: overload these two function names, so you have less names to remember.
    5. Of course, include test cases for each of these of your functions.
    Note how doing this gives you — for free! — protection against skill-description that is totally whitespace, people who accidentally4 mis-enter an extra space in their name, etc..

If you think the above restrictions are too strict or too loose, and want to do something different, comment that clearly at the top of your php file (and run it by me if it's different enough that I might object). Your concern should be with the end-user's experience.


Other requirements

These apply to all homeworks for this class:

1She probably goes by “Kimmy-Jo M.R.”, but still…      

2You are welcome to improve this so that you do allow é, ü, etc..      

3If you're really good, you will preserve sentence-endings so they still have two spaces after the period.      

4There is a price: we are assuming that having two spaces mid-name is never significant. That seems like an eminently reasonable assumption, but we should be sure to realize that we've made that assumption.      

homelectsexamshws
D2Lbreeze (snow day)


©2012, Ian Barland, Radford University
Last modified 2012.Oct.06 (Sat)
Please mail any suggestions
(incl. typos, broken links)
to ibarlandradford.edu
Powered by PLT Scheme