comparing and validating two fields?

[sakib000]

Hello friends i m not familiar with php. I can do most of the thing with js but need little help in php. I have a form where user need to re-enter email address and password, i need a php to compare if these inputs are same or not?

Here is the form html

Code:

<form id="form1" method="post" action="">
    <table width="500" border="0" cellspacing="0" cellpadding="4">
      <tr>
        <td width="161">Email</td>
        <td width="323"><label>
          <input type="text" name="email" id="email" />
        </label></td>
      </tr>
      <tr>
        <td>Re-Enter Email</td>
        <td><label>
          <input type="text" name="email2" id="email2" />
        </label></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>Password</td>
        <td><label>
          <input name="password" type="password" id="password" size="6" maxlength="12" />
        </label></td>
      </tr>
      <tr>
        <td>Re-enter password</td>
        <td>
            <input name="password2" type="password" id="password2" size="6" maxlength="12" />        </td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>Select Plan</td>
        <td><select class="element select medium"  id="select" name="product"> 
			<option value="1" selected="selected">--Please select--</option>
<option value="Silver Plan - 129.95 USD" >Silver Plan - 129.95 USD</option>
<option value="Gold Plan  -  299.95 USD" >Gold Plan  -  299.95 USD</option>
<option value="Platinum Plan - 499.95 USD" >Platinum Plan - 499.95 USD</option>
		</select></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
    </table>
    <label><br />
    </label>
    <br/>
              </form>

How can i do this in my processmail.php

[city_coder]

Do you not think as you do JS that it would be best that the JS figure it out whether 2 fields are the same first?
1. If the javascript catches that they're not the same then its quicker for the user as they dont have to submit and find out they mistyped after its been brought back from the server?
2. Less strain on the server.

Granted its easy enough to compare two strings in PHP but my thinking is speed and ease of use for the developer and the user.

[boogyman]

Do you not think as you do JS that it would be best that the JS figure it out whether 2 fields are the same first?
1. If the javascript catches that they're not the same then its quicker for the user as they dont have to submit and find out they mistyped after its been brought back from the server?
2. Less strain on the server.

Granted its easy enough to compare two strings in PHP but my thinking is speed and ease of use for the developer and the user.

anything that is processed in Javascript would need to be reprocessed in php, thus its really not all that useful. I say this because Javascript can be bypassed by a user submitting the information directly to the processing script, or the user disabling Javascript all together, thus leaving no validation which is obviously REALLY BAD.

Edit: begin

oh and not to forget that you Javascript is viewable to everyone, so the user knows exactly how to get around your sanitation in Javascript, where the PHP code is not viewable to the user, therefore the user doesn't know exactly what the sanitation is.

For this same reason, your error messages should be both intelligent and dumb at the same time. I know its an oxymoron, but what I mean by that is you should inform the user which field had an error, but make them ambiguous enough that a malicious user doesn't know your exact sanitation schema

Edit: end

to compare two strings in php use strcmp as shown below

Code:

$tring1 = "something";
$tring2 = "else";

strcmp($tring1,$tring2);

returns 0 if strings are the same
returns > 0 if first string is greater than second
returns < 0 if second string is greater than first

If you are checking password, you really are only concerned with them being equal

Code:

if(strcmp($tring1,$tring2)!=0)
{
     __error__
}
else
{
     __success__
}

[city_coder]

duely noted that JS is viewable, but not if you have it in a seperate file and call it in surely?!

Although i will concede that i do it myself and check it in PHP, above script is bang on if you want to do it right in PHP.

Iv not built anything of a large scale with users signing up in PHP so its not really fair for me to say one way or another, just expressing my opinion.

[boogyman]

duely noted that JS is viewable, but not if you have it in a seperate file and call it in surely?!

wrong... any Javascript file can be viewed by the user. All Javascript files must be in the document root (viewable to web) and therefore can be viewed by the user.

Although i will concede that i do it myself and check it in PHP, above script is bang on if you want to do it right in PHP.

This is where policy comes into play. There needs to be a policy decision created around the validation and sanitation of the information. By checking the input fields in real-time, it allows the user to correct any errors he/she may be accidentally creating, however as we have both stated you would then need to check the inputs again in PHP, because its not wise to trust ANY input from the user, so a second validation is occurring, and you have already told them in the Javascript code the requires to get around the system.

If your policy is that you would like all fields validated before submission in real time, you should use remote-scripting (AJAX) as it is being called these days. AJAX is a type of programming code that sends data to a server-side language like PHP / ASP which performs the validation. This way all of your validation / sanitation is done on the server so the user cannot view processes and you are still checking the data in real-time.

[city_coder]

Thats why your the elite coder and im the newbie :P