PHP

Models That Don't Work

Interactive models are difficult to implement in the web environment. Server-side scripts are impractical for this task, since an HTTP request and response is required to validate each field that's entered. This is usually unacceptable, because the user is required to submit the data after entering each field, response times are likely to be slow, and the server load high.

Client-side scripts can implement an interactive model. However, validation on the client should not be the only method of validation because-as we emphasized in Chapter 5-the user can passively or actively avoid the client-side processes. We discuss the partially interactive solution of including client-side scripts with an HTML <form> later in this chapter.

Models That Do Work

Post-validation models are practical in web database applications. Both client- and server-side scripts can validate all <form> data during the submission process. In many applications, reasonably comprehensive validation is performed on the client side when the user clicks the <form> submit button. If this validation succeeds, data is submitted to the server and the same-or more comprehensive-validation is performed. Duplicating client validation on the server is essential because of the unreliability of client-side scripts and lack of control over the client environment.

Client-side validation reduces server and network load, because the user's browser ensures the data is valid prior to the HTTP request. Client-side validation is also usually faster for the user.

The post-validation model can be combined with either field-by-field or batch error reporting. For server-side validation, the batch model is preferable to a field-by-field implementation, as the latter approach has more overhead and is usually slower because each <form> error requires an additional HTTP request and response.

For client-side post-validation, either error-reporting model can be used. The advantage of the field-by-field model is that the cursor can be directed to the field containing the error, making error correction easier. The disadvantage is that several errors require several error messages, and this can be frustrating for the user. The advantage of the batch approach is that all errors are presented in one message. The disadvantage is that the cursor can't easily be directed to the field requiring correction.

Server-side validation is essential to secure a web database and to ensure that system and DBMS constraints are met.

Client-side validation may be implemented in addition to server-side validation, but all client-side functionality should be duplicated at the server side. Never trust the user or the client browser.

The choice of which reporting model to use depends on the size and complexity of the <form> and on the system requirements.

In the next section, we introduce the practice of server-side post-validation using the batch error reporting method. We introduce client-side scripting as a tool for validation and error reporting in Section 7.3.