I am redesigning a program that I originally did in perl and validated with javascript. It seems the general logic for validation is to stay away from javascript because it can be turned off.

I'm looking for methods of validation with php. I am using a text file database to store the question and if they are required, easy enough. But conditional validation is something I am curious about. If a question is not required why show the question at all, the page could be refreshed to display the second question if ,for instance, a checkbox is clicked.
Is the onclick element a javascript or html element?
What are some general rules of validation that I may not know?
Am I putting way too much thought into this?

Thank you

"OnClick" is a JavaScript event; if the user has JavaScript disabled it won't work, so if that's a problem you would probably want to rewrite your JavaScript validation logic in PHP. If at all possible, put all the questions on one form so the user only has to submit once. Of course, if there's questions which can be eliminated depending on the answers to previous questions, or if you have dozens of questions, then you might want to break them up into seperate forms...

The problem with putting all of the questions on one form is that there is quite a few of them. It would seem overwhelming to the user. I'm thinking of storing the conditions in the database and then if the questions are needed print on a "conditional page" before going on the the next page.

**Subject Change**
Currently I store the answers in a hidden element until the end of the program. Do you think that storing arrays in hidden element is a good idea? e.g. <input type="hidden" name="Page1Answers" values="name~value&name~value&name~value">
The answers could later be parsed out into a table.

Storing the answers in a hidden element would probably be considered a security risk, unless you validate them again. This is because it would be possible for the user to step through the pages and then on the last page modify the html, for example add some sql injection, and then submit it.

It would be better to store the answers in a session.

graeme.

graemef ok you have my attention. I will google of course for tutorials/articles on storing information in sessions, but do you have an article you found to be helpful with this? Are there limits to storing information in a session? I know only the basics of sessions.

Sessions are fairly straight forward once the web server has been set up correctly. The steps are

1. Start the session with session_start()
2. access the session variables with $_SESSION['mySessionVar']
3. close the session will be managed automatically when the script closes or with session_write_close()

So if you want to set up a session variable called name, and assign into it the value held in the local variable $name, you would do it as follows

$_SESSION['name'] = $name;

Then in a later script you can recover it with

$name = $_SESSION['name'];

Just remember that the session must be started before you try and access any session variables. Also if you are using objects then the objects stored in a session must be defined before the session is started.

I don't know of any limits (I've had sessions of several Kb before now).

I hope that helps,

graeme.