current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 0 down vote favorite

I would like to know if it is safe enough to create via JavaScript control of empty fields. Here is my example in detail:

    <script language='javascript'>
        function validate () {
            if(document.getElementById('title').value=="") {
                alert("Enter a Title!");
                return false;
            }
            if(document.getElementById('description').value=="") {
                alert("Enter a Description!");
                return false;
            }
            if(document.getElementById('image').value=="") {
                alert("Inser an Image!");
                return false;
            }
    alert("Success");
    return true;
}
</script>
share|improve this question

closed as off-topic by Mast, mdfst13, Pimgd, Mat's Mug Apr 18 at 14:07

This question appears to be off-topic. The users who voted to close gave this specific reason:

If this question can be reworded to fit the rules in the help center, please edit the question.
1  
Safe enough for what? What's your threat model? What's your goal? Do you work for a bank or a governmental agency? – Mast Apr 17 at 19:36
up vote 1 down vote

It's okay to do the validations in the client side for a better user experience, so the user does not have to wait the response of the server or make a request to know if there is any field that he left incomplete. But you have to do the same validations on the server, because if someone makes a direct request to your server with empty fields, that request is not going through the javascript validations, so your application is going to crash.

share|improve this answer
up vote 0 down vote

You are re-inventing the wheel here. Form fields already have a property called required. As the name suggests, it forces a field to be properly filled out before the form can be submitted.

You can use it simply like this:

<input type="text" id="title" required />

However, if you read the docs, it says that it doesn't work for type="image". I don't know how you are receiving images in your HTML, so I can't help you with that.

share|improve this answer
up vote 0 down vote

Thanks for your answers. Something like that is enough?

include_once 'function/upload.php';

if (isset($_POST['submit'])) {

    if ($_POST['title'] != "") {
        $_POST['title'] = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
        if ($_POST['title'] == "") {
            $errors .= 'Please enter a valid title.<br/><br/>';
        }
    } else {
        $errors .= 'Please enter your title.<br/>';
    }

    if ($_POST['description'] != "") {
        $_POST['description'] = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
        if ($_POST['description'] == "") {
            $errors .= 'Please enter a description.<br/>';
        }
    } else {
        $errors .= 'Please enter a description.<br/>';
    }

    if (!$errors) {
        //call thumbnail creation function and store thumbnail name
        $upload_img = imgUpload('image','uploads/','',TRUE,'uploads/thumbs/','260','260');
        //full path of the thumbnail image
        $thumb_src = 'uploads/thumbs/'.$upload_img;
        echo "Success!<br/><br/>";
    } else {
        echo '<div style="color: red">' . $errors . '<br/></div>';
    }
}
share|improve this answer
up vote 0 down vote

Another improvement would be to create a single function and provide 2 parameters for field id and name since all of your methods do the same thing. 

function validateField(fieldId, fieldName) {
    if(document.getElementById('title').value=="") {
        alert("Enter a " + fieldName);
        return false;
    }

    alert("Success");
    return true;
}
share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.