Update 04.2.md
typographical errors and improved readability
This commit is contained in:
Jimmy99
James Miranda
20
en/04.2.md
20
en/04.2.md
@@ -1,12 +1,12 @@
|
||||
# 4.2 Verification of inputs
|
||||
|
||||
One of the most important principles in web development is that you cannot trust anything from client side user forms. You have to verify all incoming data before use it. Many websites are affected by this problem, which is simple yet crucial.
|
||||
One of the most important principles in web development is that you cannot trust anything from client side user forms. You have to validate all incoming data before use it. Many websites are affected by this problem, which is simple yet crucial.
|
||||
|
||||
There are two ways of verify form data that are commonly used. One is JavaScript verification in the front-end, and the other is server verification in the back-end. In this section, we are going to talk about server side verification in web development.
|
||||
There are two ways of verifying form data that are in common use. The first is JavaScript validation on the front-end, and the second is server validation on the back-end. In this section, we are going to talk about server side validation in web development.
|
||||
|
||||
## Required fields
|
||||
|
||||
Sometimes we require that users input some fields but they don't, for example in the previous section when we required a username. You can use the `len` function to get the length of a field in order to ensure that users have entered this information.
|
||||
Sometimes we require that users input some fields but they fail to complete the field. For example in the previous section when we required a username. You can use the `len` function to get the length of a field in order to ensure that users have entered something.
|
||||
|
||||
if len(r.Form["username"][0])==0{
|
||||
// code for empty field
|
||||
@@ -16,7 +16,7 @@ Sometimes we require that users input some fields but they don't, for example in
|
||||
|
||||
## Numbers
|
||||
|
||||
Sometimes you only need numbers for the field value. For example, let's say that you require the age of a user in integer form only, i.e 50 or 10, instead of "old enough" or "young man". If we require a positive number, we can convert the value to the `int` type first, then process it.
|
||||
Sometimes you require numbers rather than other text for the field value. For example, let's say that you require the age of a user in integer form only, i.e 50 or 10, instead of "old enough" or "young man". If we require a positive number, we can convert the value to the `int` type first, then process it.
|
||||
|
||||
getint,err:=strconv.Atoi(r.Form.Get("age"))
|
||||
if err!=nil{
|
||||
@@ -28,7 +28,7 @@ Sometimes you only need numbers for the field value. For example, let's say that
|
||||
// too big
|
||||
}
|
||||
|
||||
Another way to do this is using regular expressions.
|
||||
Another way to do this is by using regular expressions.
|
||||
|
||||
if m, _ := regexp.MatchString("^[0-9]+$", r.Form.Get("age")); !m {
|
||||
return false
|
||||
@@ -89,12 +89,12 @@ All the functions I've shown above are in my open source project for operating o
|
||||
|
||||
## Radio buttons
|
||||
|
||||
If we want to know whether the user is male or female, we may use a radio button, returning 1 for male and 2 for female. However, some little kid who just read his first book on HTTP, decides to send to you a 3. Will your program have have exception? As you can see, we need to use the same method as we did for our drop down list to make sure that only expected values are returned by our radio button.
|
||||
If we want to know whether the user is male or female, we may use a radio button, returning 1 for male and 2 for female. However, some little kid who just read his first book on HTTP, decides to send to you a 3. Will your program throw an exception? As you can see, we need to use the same method as we did for our drop down list to make sure that only expected values are returned by our radio button.
|
||||
|
||||
<input type="radio" name="gender" value="1">Male
|
||||
<input type="radio" name="gender" value="2">Female
|
||||
|
||||
And we use following code to verify the input:
|
||||
And we use the following code to validate the input:
|
||||
|
||||
slice:=[]int{1,2}
|
||||
|
||||
@@ -107,13 +107,13 @@ And we use following code to verify the input:
|
||||
|
||||
## Check boxes
|
||||
|
||||
Suppose there are some check boxes for user interests, and that you don't want extraneous values here either.
|
||||
Suppose there are some check boxes for user interests, and that you don't want extraneous values here either. You can validate these ase follows:
|
||||
|
||||
<input type="checkbox" name="interest" value="football">Football
|
||||
<input type="checkbox" name="interest" value="basketball">Basketball
|
||||
<input type="checkbox" name="interest" value="tennis">Tennis
|
||||
|
||||
In this case, the sanitization is a little bit different than verifying the button and check box inputs since here we get a slice from the check boxes.
|
||||
In this case, the sanitization is a little bit different to validating the button and check box inputs since here we get a slice from the check boxes.
|
||||
|
||||
slice:=[]string{"football","basketball","tennis"}
|
||||
a:=Slice_diff(r.Form["interest"],slice)
|
||||
@@ -132,7 +132,7 @@ Suppose you want users to input valid dates or times. Go has the `time` package
|
||||
|
||||
After you have the time, you can use the `time` package for more operations, depending on your needs.
|
||||
|
||||
In this section, we've discussed some common methods for verifying form data server side. I hope that you now understand more about data verification in Go, especially how to use regular expressions to your advantage.
|
||||
In this section, we've discussed some common methods of validating form data on the server side. I hope that you now understand more about data validation in Go, especially how to use regular expressions to your advantage.
|
||||
|
||||
## Links
|
||||
|
||||
|
||||
Reference in New Issue
Block a user