[PHP] Critique My User Registration Script

Dj_Jestar said:
Just remember to check your data on the server every time, regardless of if you have JS do it or not.
Click to expand...

I already knew that :s.....just looked at what i said, I was thinking that if javascript would check it, but it's probably possible to bypass the javascript validation.....lol...must think before i post!!
 
I'd never consider turning off PHP validation. But if JS can handle stopping the user from submitting data that isn't valid then I can see it is of benefit. Obviously PHP will still check before submitting to the database or wherever, but as said, there will be less page refreshes etc.
 
i guess it depends how fields you need to check. i'd probably rather let someone submit an incomplete form rather than duplicate all my php validation in javascript. for the most part, normal people usually fill forms in correctly. i think i can live with a few wasted POST requests to my server. and you can still display nice prompts to users and keep the fields filled with their values using php. :)
 
The reason for using JS validation is two fold, it reduces load on the server, and provides a "cleaner" experience to those users with JS enabled.

Code: 
<script type="text/javascript">
function validate_this_form () {
  var input = document.getElementById('inputText');
  if (input.value != 'foo') {
    alert('You must enter the value "foo" to proceed');
    return false;
  }
  return true;
}
</script>
<form action="page.php">
<input id="textInput" type="text"/>
<input type="submit" name="bar" onclick="return validate_this_form();"/>
</form>
 
Last edited:
On a small website it probably isn't much of an issue. My usual approach is to validate via PHP, and if the user screws up, refreshes the page with their values intact.

Even if you had a few hundred hits a day you'd probably OK. Although if you had that many users a cleaner interface/experience will likely be of benefit.

Either way it is something I can go look at in future and add to my box of tricks.
 
robmiller said:
Worrying about a single database query that selects a single integer in an event so rare as user registration is premature optimisation.

Also, as if `array_map` is actually faster—it's not like it doesn't compile into the same instructions as manually looping through the array.

Lots of these criticisms are just irrelevant based on the inevitable use of the code, and at the end of the day if your site ever does get popular you're probably always going to see more benefit by moving to memcached than you would by doing all of these tiny optimisations.
Click to expand...
Have just seen this.. you're point is spot on. Worry about getting an application up and running, then refactor if necessary.

Also to add that in this specific case (array_map vs foreach) it's faster to use foreach.. infact, array_map is nearly 100% slower. Google for array_map vs foreach for benchmarks.
 
marc2003 said:
i guess it depends how fields you need to check. i'd probably rather let someone submit an incomplete form rather than duplicate all my php validation in javascript. for the most part, normal people usually fill forms in correctly. i think i can live with a few wasted POST requests to my server. and you can still display nice prompts to users and keep the fields filled with their values using php. :)
Click to expand...
Don't need to include all of it, just the basic handy stuff - eg required fields, minimum length etc - v useful :)
 
Dj_Jestar said:
Have just seen this.. you're point is spot on. Worry about getting an application up and running, then refactor if necessary.
Click to expand...

Doing validation before querying the database isn't premature optimisation; it's just doing things in the order they naturally make sense to be done in.
 
You must log in or register to reply here.
Back
Top Bottom