[nycphp-talk] Client vs. Server programming
ken at secdat.com
Fri Sep 22 06:56:34 EDT 2006
> Take form validation, for example. A user registers to a service for the first
> time and fills out a registration form. I need to check if the Username is
> already taken by someone else.
Validation is an all-or-nothing thing. It must be 100% correct all of
the time or it is wrong. Your approach allows several ways to send
invalid data, therefore you cannot guarantee the data is correct.
The only way to maintain a unique list of users is to store them in a
database with a unique constraint. If the database allows the user to
be saved, then you know it is unique. In any other approach, duplicates
can get in through accident or intent.
Validating in PHP code is no better. It is one step closer to the
database, but two identical users can still register. This may be
unlikely for the case at hand, but if you want to get into any real
money games you've got to be able to provide data integrity guarantees.
The good news is that modifying your code is very simple. The AJAX call
sends an insert request to NEWUSER.PHP, which does an insert to the
database. If the database returns an error because of a unique
violation, NEWUSER.PHP passes the error back through AJAX. If no error,
you say "Welcome to our site newuser at monkeycheese.com"
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> New York PHP Community Talk Mailing List
> NYPHPCon 2006 Presentations Online
> Show Your Participation in New York PHP
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 261 bytes
Desc: not available
More information about the talk