PDA

View Full Version : problem with input validation



stevemtno
08-28-2006, 08:31 PM
HI Everyone,

I'm hoping someone out there will be able to tell me what's wrong here. I've got a web-based db, and I'm having a problem with the input validation. When I check the form, everything works fine. Here's the scenario:

There are 2 fields (radio buttons) on the form: RM_OR_Death and RM_OR_Injury. If the user selects "No" for RM_OR_Death and "Yes" for RM_OR_Injury, then it's required for the user to select something from the RM_OR_Nature_Of_Injury field (dialog list). The first value in the list is "None|" (that's None with a pipe character after it, no alias).

The problem is that even though the input validation works EVERY TIME when I test it, somehow users (and not always the same user) are able to submit a document even though they've selected "No" for RM_OR_Death, "Yes" for RM_OR_Injury, and "None" for RM_OR_Nature_Of_Injury. Again, every time I try this, the input validation works perfectly. I'm pasting the code being used below, Hopefully, someone will be able to spot an error. I've been working on this for 3 days now with the other developers (most of whom have far more web experience than I) and we havent' been able to come up with anything.

Thanks in advance (and sorry about the word wraps),

Steve

(note - the body part section below isn't the problem as far as I know, it's just included to show the end of the function)

// RM_OR_Injury[0]=Yes RM_OR_Injury[1]=No
// Injury field is hidden when Death is selected; verify presence of Iinjury field
if (form.RM_OR_Injury) {
alert("Nature of Inj TXT= [" + form.RM_OR_Nature_Of_Injury[form.RM_OR_Nature_Of_Injury.selectedIndex].text + "]\nNature of Inj Val= [" + form.RM_OR_Nature_Of_Injury[form.RM_OR_Nature_Of_Injury.selectedIndex].value + "]")
// check for default as no selection
// if (form.RM_OR_Nature_Of_Injury[form.RM_OR_Nature_Of_Injury.selectedIndex].text == form.RM_OR_Nature_Of_Injury[0].text ) {
if (form.RM_OR_Nature_Of_Injury.selectedIndex==-1 || form.RM_OR_Nature_Of_Injury[form.RM_OR_Nature_Of_Injury.selectedIndex].text == 'None' || form.RM_OR_Nature_Of_Injury[form.RM_OR_Nature_Of_Injury.selectedIndex].value== '' ) {
if (form.RM_OR_Injury[0].checked) {
allErrMsg = allErrMsg + " * Select best description for nature of injury \n";
if (nSub=="") { nSub="RM_OR_Nature_Of_Injury" }
} else {
// ok so far
}
} else {
// some injury-type is selected
if (form.RM_OR_Injury[0].checked) {
// no problem
} else {
// automatically assure Injury=YES whenever a known injury-type is seleced
if (form.RM_OR_Nature_Of_Injury[0].text == "Unknown") {
// never mind
} else {
alert("NOTE - Bodily Injury changed to YES\n\n based on Nature of Injury");
form.RM_OR_Injury[0].checked= true;
}
}
}
// Similar verification for Body Part injured when Injury field is present; introduced Jan 2005
if (form.RM_OR_BodyPart[form.RM_OR_BodyPart.selectedIndex].text == form.RM_OR_BodyPart[0].text ) {
// AR# 457047 - "The body-part field needs to be changed so it is not a required field."
// if (form.RM_OR_Injury[0].checked) {
// allErrMsg = allErrMsg + " * Select closest body part for location of injury \n";
// if (nSub=="") { nSub="RM_OR_BodyPart" }
// } else {
// // ok so far
// }
} else {
// some body part is selected
if (form.RM_OR_Injury[0].checked) {
// no problem
} else {
// automatically assure Injury=YES whenever an body pary is seleced
alert("NOTE - Bodily Injury changed to YES\n\n based on Body Part injured");
form.RM_OR_Injury[0].checked= true;
}
}
} // end IF RM_OR_Injury exists

blm126
08-28-2006, 11:22 PM
Javascript is disabled in the users web browser. All validation should be done server side.