home—lects—exams—hws
D2L—breeze (snow day)

hw03
Server side validation

Due: 2012.~~Feb.29 (Wed)~~Mar.01 (Thu) 23:59.

We will incrementally improve on hw02—Forms's .W.o.W. page by doing server-side validation of the submitted information. The changes you need are to skill-submit.php (and, renaming hw0{2,3}-files.php.)

Make a copy of your directory from hw02, named hw03/. (cp -pR hw02/ hw03 will Recursively copy directories, preserving timestamps.) I will grade your hw in the usual way, by visiting https://php.radford.edu/~yourUserId/itec325/hw03/index.php, which should (a) say "source not available until date", (if before due-date or after end-of-semester) and (b) have links to all your hw03 files, showing their last-modified time and source (if between the due-date and end-of-semester)

Make a separate file for information needed by both creating and validating the form: Notably, the possible classes (used to generate the html for the check-boxes, and then later to validate the available-to choices), any the maximum length of various fields (used to generate the html for the input-text-field, and to validate), and the possible attributes (used for the html for the pull-down, and to validate).
You can use include_once to include this file from both skill-form.php and skill-handle.php.

Validate the information submitted on the form, as specified below. (You don't need to change the form at all.) In skill-handle.php, if all the user-provided information is validated, just show the result as before. However, if any fields don't validate, you must include a line near the top of the result saying that the form was not properly submitted. Then, include a list of all the errors. Strive to make the error-messages as specific as possible. For example, if the user included an illegal character in a textbox, then the error message:

Poor: “the field is required, and it must be less than 20 characters long, and it cannot contain any punctuation”
Acceptable: “the field contains an illegal character; only letters and digits are allowed”,
Excellent: “the field contains ‘!’; only letters and digits are allowed”.

(Go ahead and group all the errors together at the top; in the next homework our client-side error-checking will place the same error messages right next to the offending form.)

“Your name”: required. Make it long enough that somebody named Kimberleigh-Anne Josephine Montgomery-Richardson ¹ won't be offended, but not too much longer than that, to protect somebody who inadvertently pastes in some other long text into that input. slight clarification: We'll allow any characters (including digits and punctuation), but there should be at least one alphabetic character included.
Attributed tied-to: required; must be one of the items in the list.
(Do not use a six-way if-else-if; use in_array.)
You should use a function to create the drop-down from an array, and then use that same array to validate!
Skill-name: required; can't be too long; can contain spaces, hyphens, apostrophes (and of course alphanumeric characters), but no other characters ².
As part of this step, you must have a php function that takes in a string and a list of allowed characters (or, dis-allowed characters, or perhaps even a regular expression), and returns a an error message (if the string doesn't match the requirement), or the empty string (if the string does match the requirement). Be sure to give a descriptive name to this function.
(If you're really good, you'll find a way to re-factor this so that you can go back and use this function to assure there is at least one alphaebetic character in the username, as well.)
Min-level: optional (if not provided, use 30). If entered, it must a valid number in the range.
(Design choice: do you want to allow people to type things like "0099"? If the range had happened to include 0, would your verification accept "-0"? Should it?)
As part of this step, you must have a php function that takes in a string and two integers (an upper and lower bound), and returns an error message (if it doesn't represent an integer in that range, inclusive), or the empty string (if it does). Be sure to give a descriptive name to this function.
Skill Description: A max-length, as you feel is appropriate. No restriction on characters.
Available-to: At least one box should be checked, and all checks should be valid. Make sure that the value is one of the things in the array which you used to generate that table.
Finally: for all inputs, trim spaces from the beginning and end of the field, and collapse consecutive spaces into one³ (pregex-replace \ + ). Do this for all fields in $_POST, as follows:
1. Write a function which takes in a single string and returns the version with tidied-up-spaces;
2. write a function which takes an array, and returns a new array with each value tidied up;
3. at the start of your program, call this latter function on $_POST (putting the result back into $_POST, presumably).
4. Extra credit: overload these two function names, so you have less names to remember.
Note how doing this gives you — for free! — protection against skill-description that is totally whitespace, people who accidentally⁴ mis-enter an extra space in their name, etc..

If you think the above restrictions are too strict or too loose, and want to do something different, comment that clearly at the top of your php file (and run it by me if it's different enough that I might object). Your concern should be with the end-user's experience.

Other requirements

These apply to all homeworks for this class:

Each file start should start with with a PHP or HTML comment with your name, class, etc. (after a doctype declaration and perhaps <html>).
Use meaningful variable names, function names, and good comments as needed.
Write functions (both php and javascript) as appropriate, to avoid repeated work.
Include test cases for all non-void functions. The number of test cases depends on the particular function; include enough to capture different sorts of answers.
(For example, pluralize deserves at least three tests: the numbers 0, 1, and more-than-one; blend deserves at least four tests: each of the two input strings could be odd or even, and that affected the splitting-point; wanted strings of even-length and odd-length; a function to create a drop-down html menu might be fine with just one test case (an array with several items) if you are confident that an empty-array or array-with-one-element is not really any different behavior.)
Remember, writing test-cases first often clarifies exactly what your code needs to return.
Use standard XHTML tags and make sure any javascript does not use browser-specific constructs.
All code/html should be well formatted with appropriate white space and indentation so it is easy to read.
Strive to minimize lines of code longer that 100 characters.
If you have any questions, use the discussion board.
Do not modify your final submission after the due-date; if you want to make changes, copy all your files to a new directory and work on those.

¹She probably goes by “Kimmy-Jo M.R.”, but still… ↩

²You are welcome to improve this so that you do allow é, ü, etc.. ↩

³If you're really good, you will preserve sentence-endings so they still have two spaces after the period. ↩

⁴There is a price: we are assuming that having two spaces mid-name is never significant. That seems like an eminently reasonable assumption, but we should be sure to realize that we've made that assumption. ↩

home—lects—exams—hws
D2L—breeze (snow day)

©2012, Ian Barland, Radford University
Last modified 2012.Feb.29 (Wed) Please mail any suggestions
(incl. typos, broken links)
to ibarlandradford.edu

hw03 Server side validation

Other requirements

hw03
Server side validation