Error in form validation

Asked

Viewed 48 times

0

What I need to do is when the email is not valid send from the javascript alert wanted to show a message above the form in question that showed the email was invalid!

HTML CODE 

           <input type="email" class="form-control" name="email" id="email" 
   placeholder="Email" data-rule="email" data-msg="Introduza um email 
 válido"REQUIRED />

          <div class="validation"></div>
        </div>

PHP validation

 if(isset($_POST["contact"]))
  {

 if (filter_var($email, FILTER_VALIDATE_EMAIL)) {

 $novocontacto = "insert into contacto(nomecompleto, email, assunto, 
  mensagem) VALUES ('$nomecomp', '$email', '$assunto' , '$mensagem')";
 $novocontacto_run = mysqli_query($conn,$novocontacto);

 echo 
'<script type="text/javascript">alert("Mensagem enviada com sucesso!") 
 </script>';
  }

  else 
 {
 echo '<script type="text/javascript">alert("Email inválido")</script>';
  }

    }
php html mysqli

  • Use a form validator in Javascript - https://jqueryvalidation.org/email-method/

  • I’m a little lost right now because I’m trying to have my shoes safe and I don’t know if I’m doing it the right way! I think I really need to filter with php so I can later insert my values into the database!!

2 answers

1


The best option would be to use the .validate a jquery plugin as mentioned above, this plugin allows you to specify a set of rules for the content validation messages and validation in real time, this example illustrates this well.

You can set the . validate to send your form by ajax if everything is correct.

  • It seems a good way! But clarify my doubt this method will protect my form against possible sql Injection ?

  • Since it will not allow you to insert invalid things! I have another filtering method in php also that eliminates the special characters!

  • @Almostdone as far as I know not, but I would do this via php, I would use PDO to do sql operations safely.

  • @Almostdone I will use Pdo prepare() to avoid sql Injection, but it will not protect all that post https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent -sql-Injection has an answer that simulates an sql injection and how to configure Pdo to fully protect.

  • But I can also use the procedural mysqli or it won’t have the same security effect?

  • @Almostdone yes however you will have to do all the validation, if I’m not mistaken it is more complex in terms of creating a secure system, mysqli_real_scape_string (I think that’s the function) should not be enough, I would give preference to the Pdo up because of his performance which is superior.

  • This article explains well the advantages and disadvantages of mysql, mysqli and Pdo: https://www.google.com/amp/s/imasters.com.br/banco-dataem-2016-e-2017/amp/%3ftrace=1519021197&source=single

  • I think it is the programmer’s choice because in terms of safety I think they are both of the same level and speed too! At least the mysqli way he’s doing the same as the PDO is the same as the one I’m using!

Show 3 more comments

0

Hello, one possible solution without restructuring all the code is to add a div on top of the form and php return the script by adding the message.

html code

// ...
<div class="mensagem"></div>
// formulário
// ...

php validation

 echo '<script type="text/javascript">document.querySelector(".mensagem").innerHTML = "email inválido"; </script>';

Browser other questions tagged php html mysqli

You are not signed in. Login or sign up in order to post.