[nycphp-talk] Client vs. Server programming

Kenneth Downs ken at
Fri Sep 22 06:56:34 EDT 2006

LK wrote:
> Hello,
> Take form validation, for example. A user registers to a service for the first
> time and fills out a registration form. I need to check if the Username is
> already taken by someone else.
Validation is an all-or-nothing thing.  It must be 100% correct all of 
the time or it is wrong.  Your approach allows several ways to send 
invalid data, therefore you cannot guarantee the data is correct.

The only way to maintain a unique list of users is to store them in a 
database with a unique constraint.  If the database allows the user to 
be saved, then you know it is unique.  In any other approach, duplicates 
can get in through accident or intent.

Validating in PHP code is no better.  It is one step closer to the 
database, but two identical users can still register.  This may be 
unlikely for the case at hand, but if you want to get into any real 
money games you've got to be able to provide data integrity guarantees.

The good news is that modifying your code is very simple.  The AJAX call 
sends an insert request to NEWUSER.PHP, which does an insert to the 
database.  If the database returns an error because of a unique 
violation, NEWUSER.PHP passes the error back through AJAX.  If no error, 
you say "Welcome to our site  newuser at"

> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> _______________________________________________
> New York PHP Community Talk Mailing List
> NYPHPCon 2006 Presentations Online
> Show Your Participation in New York PHP

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ken.vcf
Type: text/x-vcard
Size: 261 bytes
Desc: not available
URL: <>

More information about the talk mailing list