Let's say that I have a text input that I don't want to be empty. I can check it through Js and tell the user a message.
As much as I've heard, this isn't very secure and we should check in the backend, too. My question is, if I check that the field is empty through PhP, wouldn't the message that I tell the user from PhP overlap the Js one?
No it won't overlap eachother. The reason you will have to validate it backend too is because if you disable JavaScript those frontend validations won't work.
I will give you an example, using the jQuery Validation Plugin.
Lets say we have the following HTML:
<form id="myform">
<input type="text" name="field1" />
<input type="text" name="field2" />
<input type="submit" />
<?php $error ? $error : '' ?>
</form>
And the following jQuery:
$(document).ready(function () {
$('#myform').validate({ // initialize the plugin
rules: {
field1: {
required: true,
email: true
},
field2: {
required: true,
minlength: 5
}
}
});
});
And the following PHP:
$field1 = $_POST['field1'];
$field2 = $_POST['field2'];
// Validate if fields are matching requirements
if (// Validation fails)
{
$error = 'Some fields are invalid';
}
This is some really poor validation but it's an example.
So this way if the JavaScript does not get executed, PHP will return $error with the error messages.
If you don't know what $error ? $error : '' means, it an equivalent of:
if ($error) {
echo $error;
} else {
echo '';
}
Hope this helps you.