home—lects—exams—hws
D2L—breeze (snow day)

hw02
hw02: form-handling
and server-side validation

You have been hired to help develop the game Okaymon -- a crowdsourced game of evolving monsters! You need to develop a web form with the information below; when the form is submitted, the user is shown a page which simply re-caps the submitted information.

This is one homework, but to keep you focused it will have three stages:

Write some utility helper-functions for producing html.
The form (produced in part by functions from utils.php), and a form-handler which just prints the information received by the form.
Modifying your form-handler so that it validates the information server-side, and prints any errors, before printing the received information.

Part A due Oct.15 (Fri)Oct.17 (Sat), 23:59

Write the following functions in php:

dropdown : array → string, which produces the html for a drop-down menu.
radioTableRow, which produces a single row for the energy strength-and-weaknesses table. (In class, we gave the function which calls that helper to make the entire table; it can be found here.)
A function test : ANY, ANY → void which determines if the first value (an actual test-result) is equal to the second value (the desired test-result); if not the function should print a message.

We'll use this to make our testing more convenient. For example, your utils-test.php from hw01 could be replaced with lines like “test( pluralize(4,"cow"), "4 cows" );”. This way, only tests that fail get printed, and we don't need to visually scan through lots of output about tests which pass.

Two other requirements, to make this function even more useful:
- When testing functions which return html, it's a bit annoying if a test were to fail due only to whitespace (e.g. our function returned two spaces where the expected-output only had one space, or had a newline). SO: before comparing strings, collapse all groups of one-or-more whitespace characters to a single space ¹. (Hint: use preg_replace… but only call it your two inputs is_strings.) You may want to also trim whitespace from the start and end of each string.
- Sometimes it's nice to get some small output, even when tests are passing, so that you know that the tests really are being run at all! Make a constant with define( "PRINT_ON_SUCCESS", true ). Then, test checks this PRINT_ON_SUCCESS flag, and prints something small and (like “.”) if it's true, and nothing if it's false. You can easily turn this behavior on/off by changing that single define. (Be sure that test always prints something when a test fails, though!)
You'll want to write this function before the preceding two, so that you can test itthem²!

Deliverable: on D2L, and hardcopy: the files utils.php, utils-test.php, and silly-page.php. The latter must be viewable on-line at: https://php.radford.edu/~yourUserID/itec325/hw02/silly-page.php. That file should just be a simple page which calls your others, so that you can visually confirm that the produced html for 1 & 2 render as expected. You can add on to the utils.php from your hw01, and continue to add useful utility functions over the course of the semester and your life.

Part B due Oct.18 (Mon)Oct.20 (Tue), 23:59

Your forms don't need to look exactly like the above, but should have the same information (and look respectable). No validation is required for this part, but when you print the results you must sanitize the html: the information must render as it was entered. In order to test your form, you must also have three files “okaymon-edit-handle-demo-N” (for N = 0,1,2) which populate $_POST with (respectively): (0) no information, (1) typical inputs, and (2) input which includes characters like “>” or “&” or “'”.

Of course, you should call functions from part (a) appropriately, and write any additional functions (and tests) as appropriate. You should use arrays to hold the various energy-types. (If we add twenty more types, you shouldn't need to change anything but that array, and everything else should work.)

To test your files, you should have at least three

Deliverable: Your form must be viewable on-line at: https://php.radford.edu/~yourUserID/itec325/hw02/okaymon-edit-form.php. Submit hardcopy of the form and the form-handler (named “okaymon-edit-handle.php”), and at least three “okaymon-edit-handle-demo-N” files. On D2L submit all your files (as individual files, not a .tar).

Part C due Oct.2122 (Thu), 23:59

We'll add server-side input-validation. You must check for:

The trainer and species are required (but flavor-text is optional).
The species must at least one letter-character (not just digits/punctuation etc.), and no more than 100.
The trainer must not be more than 30 characters long.
The weight must be a non-negative number less than 10,000.
All information from pull-down lists must be valid options (energy-types, weight-units).

You must have a function allErrorMessages which (as we'll discuss in class) takes an array of form-info, and returns an array of error-messages. Your test-cases for this might simply test that the returned array has the expected number of messages, w/o checking the exact text of the messages. Have helper functions for general-purpose/re-usable tasks, as appropriate (e.g. a function rangeErrorMessage : string, number, number → string-or-false which makes sure an input is a number in the expected range (returning an error-message if it's not, or just false if it is in the range).

Include unit-tests for each function you write, of course. Also, add at least one more “form-demo” page, which has at least one error for each input field.

The page which is produced should be similar to before, except that the page should start with either “information accepted” or “information had k errors”³ (where k>0). If there are errors, it should be followed by a list of the field-name and the error message. Strive to make the error message as specific as possible (e.g. “trainer: name is more than 30 characters” is better than “trainer: name is too long” which is better than “trainer: name not valid”).

You must have a file which includes all the constants. This file will be require_once'd by both the form and the form-handler.

Deliverable: Your form must be viewable on-line at: https://php.radford.edu/~yourUserID/itec325/hw02/okaymon-edit-form.php. Submit hardcopy of the revised form-handler and at least one new “okaymon-edit-handle-demo-N” file. On D2L submit all your files (as individual files, not a .tar).

¹Why not collapse whitespace to nothing at all? This is tempting, since an actual&desired output of "<ul></ul>" and "<ul>\n</ul>" would then be considered okay. However, this allows false-negatives: getting "hit here" when expecting "hi there" wouldn't register as an error. … I guess the best of both worlds might be, after collapsing whitespace, make another substitution which removes any space between a "<" and a ">" only. (Hmm, and surrounding "=" if inside a tag's attribute/value pairs? That's much harder to exactly get right, via regular expressions.) ↩

² You don't need to have test-cases for test itself; since it's a void function that prints, it's not suitable for unit-testing. We'll juse use test when testing other functions. ↩

³Except that if k=1, you should say “error”, not “errors”, of coruse. ↩

home—lects—exams—hws
D2L—breeze (snow day)

©2015, Ian Barland, Radford University
Last modified 2015.Oct.15 (Thu) Please mail any suggestions
(incl. typos, broken links)
to ibarlandradford.edu

hw02 hw02: form-handlingand server-side validation

Part A due Oct.15 (Fri)Oct.17 (Sat), 23:59

Part B due Oct.18 (Mon)Oct.20 (Tue), 23:59

Part C due Oct.2122 (Thu), 23:59

hw02
hw02: form-handling
and server-side validation