Passing values from jQuery to PHP

Question

Here's the situation:

I'm using jquery.validate.js to validate my forms, but I need to add a server-side validation layer. jQuery Validate uses class names within form-elements to determine what it should do -- I want to fetch those class names into PHP so that I can perform the same validations on the server-side.

I'm hoping to do something like this:

foreach($_POST as $key=>$value) {
     $class=array(...// get this #key element class name list with jQuery
     $error=...// based on the class names, perform specific PHP validations
     if($error=="")
         return true;
     else
         return false;
}

Question is, can I do this? Can I fetch element class names w/ jQuery and pass them to PHP?

Answer 1

As mentioned above, you can use AJAX and JSON to pass the values to PHP. This will, however, not provide more secure validation than your regular JS validation (since your PHP will still depend on your JS)

If you choose to use this method, here are some improvements to the script provided previously by Evgeniy Savichev

<script type="text/javascript">
params = {
    elementName : {
        className : $('elementId').attr('class'),
        elementValue : $('elemenetId').val()
    },
    anotherElement : {
        //etc
    }

}

$.post('http://host/validate_script.php', params, onValidate);

function onValidate(data)
{
    alert(data);
}
</script>

However a better solution is to automatically generate and validate your form elements. The Zend Framework has a great class for doing so. I've included a simplified version of how something could look in case you decide to write your own script.

I hope this can be of some help to you

• Wim

  $elements = array(
      'email-field' => array('email', 'required'),
      'integer'  => array('integer')
  );
  
  if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
      $error = false;
      foreach($elements as $elementName => $validators) {
          if (array_key_exists($elementName, $_POST)) {
              foreach ($elements[$elementName] as $validator ) {
                  switch($validator) {
                      case 'email':
                          if (filter_input(FILTER_VALIDATE_EMAIL, $elementValue)) {
                              $error = true;
                          }
                          break;
                      case 'integer':
                          // etc
                          break;
                      default :
                          break;
                  }
              }
          } else {
              if ( in_array('required', $validators) ) {
                  $error = true;
              }
          }
      }
      if ( $error ) {
          // etc
      }
  }
  ?>
  

Answer 2

Never trust the client(browser)!

You should never allow anything on the client to dictate to the server how to test the validity of posted information.

This is a very bad idea.

Answer 3

client-side:

function validate()
{
    var params = {
       var1: {key:$('#field1').get(0).className, value:$('#field1').get(0).value},
       var2: {key:$('#field2').get(0).className, value:$('#field2').get(0).value},    
       ...
    }
    $.post('http://host/validate_script.php', params, onValidate);
}
function onValidate(data)
{
    alert(data);
}

hope this will help... sure it's a simple way and you can do it more formalized.

Answer 4

You could get jQuery to send the class names along with the form - HOWEVER this leads to serious security issues. Seeing as everything posted to your server is really done by your users browsers, your users will have the ability to then change your validation rules and as such bypass them, and that would make your entire purpose here useless. I would instead suggest the following.

Make a function in php to take in the name of a form element and return appropriate class names. When generating each form element for the form, call this function to get the class names (and then applying the jQuery validation). When you read your form in your PHP code - use the same function to get the class names and then you know which validation rules to apply in your server side php code.

Hope it made sense.

Answer 5

serializeArray will convert your form data to JSON:

var json = $('#formid').serializeArray();

Typically you can send the entire JSON string to the server which can take it from there.