Perl output Javascript to validate user input

Discussion in 'Perl Misc' started by phal, Apr 4, 2006.

  1. phal

    phal Guest

    HI ALL,

    I know javascript is used for client site, and javascript to validate
    user input can be done easily in the client site. I believe that in
    server site the validation must be faster under Perl script.

    My question:

    If we embed Javascript within Perl script to validate user input, does
    it faster or better?

    As what I understand, I feel the method will bring the server more
    work, because the Perl script has to decipher the Javascript before the
    Javascript can do its work.

    Any idea about this
    phal, Apr 4, 2006
    #1
    1. Advertising

  2. phal

    Guest

    "phal" <> wrote:
    > HI ALL,
    >
    > I know javascript is used for client site, and javascript to validate
    > user input can be done easily in the client site.


    The client can always bypass the javascript validation, and thus the server
    also should validate the user input even if the client already does, at
    least as far security and safety is concerned.

    > I believe that in
    > server site the validation must be faster under Perl script.


    Why do you believe that? Do you mean that Perl must be faster than
    JavaScript when both are on the server side, or that Perl on the server
    side must be faster than JavaScript on the client side?

    > My question:
    >
    > If we embed Javascript within Perl script to validate user input, does
    > it faster or better?


    Which is faster can be measured. You can use Perl's LWP, or Linux's "ab".
    It would depend on what exactly your validation method is how they are
    implemented in each language, not to mention how you are embedding
    JavaScript into Perl. How would you go about embedding the Javascript
    within Perl? Which is better is naturally a matter of opinion. I can't see
    myself considering JavaScript better than Perl at much of anything. But
    here, I might make an exception. If you must to client-side validation
    using JavaScript, and also do the same validation on the server side, it
    might be nice to avoid having to write the same validation in two different
    languages.

    > As what I understand, I feel the method will bring the server more
    > work, because the Perl script has to decipher the Javascript before the
    > Javascript can do its work.


    Well, perl already has to decypher Perl before it can run it, it is not
    obvious that decyphering the javascript too will have a non-trivial impact.
    Try it and see. But if you are so concerned about speed, you should
    already be using mod_perl or something like that which prevents repetitive
    compilation, right?

    Xho

    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
    , Apr 4, 2006
    #2
    1. Advertising

  3. phal

    J. Gleixner Guest

    phal wrote:
    > HI ALL,
    >
    > I know javascript is used for client site, and javascript to validate
    > user input can be done easily in the client site. I believe that in
    > server site the validation must be faster under Perl script.
    >
    > My question:
    >
    > If we embed Javascript within Perl script to validate user input, does
    > it faster or better?
    >
    > As what I understand, I feel the method will bring the server more
    > work, because the Perl script has to decipher the Javascript before the
    > Javascript can do its work.
    >
    > Any idea about this


    The CGI doesn't decipher Javascript, or have anything to do with
    Javascript, it'll simply processes the request and data that's sent to it.

    Validation has to be on the server, since anything could post data, not
    just a browser with, or without, Javascript enabled. Try to do
    validation on the client-side, using Javascript, to improve your user
    experience.
    J. Gleixner, Apr 4, 2006
    #3
  4. phal

    Matt Garrish Guest

    "phal" <> wrote in message
    news:...
    > HI ALL,
    >
    > I know javascript is used for client site, and javascript to validate
    > user input can be done easily in the client site. I believe that in
    > server site the validation must be faster under Perl script.
    >
    > My question:
    >
    > If we embed Javascript within Perl script to validate user input, does
    > it faster or better?
    >


    You can't embed javascript directly in your Perl code and have it run by
    perl. Are you talking about using Javascript.pm? I only skimmed it once out
    of interest, but there's no chance that it will be faster than writing your
    validation functions in Perl. It's just an interface to the libjs library,
    so getting libjs to interpret and run the code and pass back whether the
    value is good or not would, just from common sense, be incrmentally slower
    than just testing the value directly.

    Matt
    Matt Garrish, Apr 5, 2006
    #4
  5. phal

    phal Guest

    I want to do the following,

    First method:

    1- Generate Html from Perl script for user input form,
    2- After user input, the javascript which embed with Perl script to
    check validate in the client side
    3- When the validate is okay, the user input will store in the
    database.


    Second method:

    1- Generate Html from Perl script for user input form
    2- User input will be validate in the server side by Perl Regular
    Expression
    3- If it is valid, the user input will save into the database.

    Third Method:

    1- HTML form along with Javascript display to user
    2- User input will be validate in the client side by javascript before
    pass to CGI script
    3- If valid, then it will save the user input into the database.

    I think the third method is more faster then other method, but it has
    one problem if the javascript disable in the client.
    How do you think about the best method to implement this?
    phal, Apr 5, 2006
    #5
  6. phal

    Matt Garrish Guest

    "phal" <> wrote in message
    news:...
    >I want to do the following,
    >
    > First method:
    >
    > 1- Generate Html from Perl script for user input form,
    > 2- After user input, the javascript which embed with Perl script to
    > check validate in the client side
    > 3- When the validate is okay, the user input will store in the
    > database.
    >
    >
    > Second method:
    >
    > 1- Generate Html from Perl script for user input form
    > 2- User input will be validate in the server side by Perl Regular
    > Expression
    > 3- If it is valid, the user input will save into the database.
    >
    > Third Method:
    >
    > 1- HTML form along with Javascript display to user
    > 2- User input will be validate in the client side by javascript before
    > pass to CGI script
    > 3- If valid, then it will save the user input into the database.
    >
    > I think the third method is more faster then other method, but it has
    > one problem if the javascript disable in the client.
    > How do you think about the best method to implement this?
    >


    The best method is always to validate on both sides. You can't trust that
    your input will come from a browser, so never blindly assume that because
    your script is processing it it must be valid. It will also minimize your
    server load to validate on the client side, and users generally prefer to
    know right away that their input is invalid and not wait for the server to
    process the page and send it back every time. Use javascript for the client
    and perl on the server and get the notion of mixing languages together out
    of your head.

    Matt
    Matt Garrish, Apr 5, 2006
    #6
  7. phal

    Guest

    "phal" <> wrote:
    > I want to do the following,
    >
    > First method:
    >
    > 1- Generate Html from Perl script for user input form,
    > 2- After user input, the javascript which embed with Perl script to
    > check validate in the client side


    So the Perl script merely prints out the Javascript source, along with the
    rest of the html? This is not what we generally call "embed". Embed
    generally means you are running the other language, not merely printing out
    source code written in the other language.

    > 3- When the validate is okay, the user input will store in the
    > database.


    How do you know that the validation is truly OK? Or doesn't it really
    matter? If the end-user can only screw themselves by circumventing
    javascript to get bad data put into the database, maybe this is OK. But if
    they can screw you or other people by doing so, then this is not OK, you
    need to validate on the server.

    >
    > Second method:
    >
    > 1- Generate Html from Perl script for user input form
    > 2- User input will be validate in the server side by Perl Regular
    > Expression
    > 3- If it is valid, the user input will save into the database.


    This is the method I generally use. I can write the validation methods
    in the language I prefer, and it is done in only one place. And it doesn't
    depend on what the client-agent is.

    > Third Method:
    >
    > 1- HTML form along with Javascript display to user
    > 2- User input will be validate in the client side by javascript before
    > pass to CGI script
    > 3- If valid, then it will save the user input into the database.


    What is the difference between the Third Method and the First Method?
    Is it merely that in the 3rd case the html form (with javascript) is served
    from a static file rather than from a CGI?

    If you are justly concerned with speed, then you should serve as much as
    you can from static files rather than from CGI.

    > I think the third method is more faster then other method, but it has
    > one problem if the javascript disable in the client.


    Uh, the 1st method has this problem as well.

    > How do you think about the best method to implement this?


    I think you are probably overly infatuated with speed. And if it is
    justified, then you need to provide more info before we can tell you
    anything worthwhile. How many hits per second are you expecting? What
    percentage of attempts to be expect to be invalid? Are the users mostly on
    an your intranet, or broadband, or dial-up? What are implications of bad
    data? Are you using mod_perl? How good is your team at JavaScript? At
    Perl?

    Xho

    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
    , Apr 5, 2006
    #7
  8. phal wrote:
    > I want to do the following,
    >
    > First method:
    >
    > 1- Generate Html from Perl script for user input form,
    > 2- After user input, the javascript which embed with Perl script to
    > check validate in the client side
    > 3- When the validate is okay, the user input will store in the
    > database.
    >
    >
    > Second method:
    >
    > 1- Generate Html from Perl script for user input form
    > 2- User input will be validate in the server side by Perl Regular
    > Expression
    > 3- If it is valid, the user input will save into the database.
    >
    > Third Method:
    >
    > 1- HTML form along with Javascript display to user
    > 2- User input will be validate in the client side by javascript before
    > pass to CGI script
    > 3- If valid, then it will save the user input into the database.
    >
    > I think the third method is more faster then other method, but it has
    > one problem if the javascript disable in the client.
    > How do you think about the best method to implement this?
    >

    Check out

    CGI::FormBuilder

    it handles both client-side and server-side input validation.

    Mark
    Mark Clements, Apr 5, 2006
    #8
  9. phal

    phal Guest

    I really concern about the speed, and also the validation between
    client and server.
    As what everyone sugguest, but do you think it is slow down if I use
    perl to generate the Javascript along with html form for user input,
    and do the validate in the client side, and then I re-check again in
    the server. I think it is duplicated, but secure then just a single
    way,

    For Mark say, I never try to use CGI::FormBuilder,.
    phal, Apr 5, 2006
    #9
  10. phal

    Guest

    "phal" <> wrote:
    > I really concern about the speed, and also the validation between
    > client and server.


    If you know enough to know that you need to be concerned about the speed,
    then you should probably know enough to be able to tell us what the
    bottleneck(s) are. Network bandwidth? Network latency? Server CPU
    resources?

    > As what everyone sugguest, but do you think it is slow down if I use
    > perl to generate the Javascript along with html form for user input,


    From a CPU perspective, once you are already starting up Perl in order to
    generate the form, you may as well also use it to generate (By which I mean
    print out a hard-coded string containing the javascript source) the
    javascript, unless you have megabytes of javascript. But if you are
    worried about the load on your web-server, you shouldn't be using Perl to
    generate html that can be done statically, anyway.

    On the other hand, if network bandwidth is limiting, then sending
    javascript is going to slow you done, rather it is done with Perl or from
    static files. Of course, if bandwidth is limiting then receiving invalid
    submissions and returning the error messages and re-submitting the
    corrected data is also going to be slow. I think the bloat of javascript
    is likely to take up more bandwidth than an occasional invalid form, unless
    your forms are very large or you users are just banging on their keyboards
    at random.

    > and do the validate in the client side, and then I re-check again in
    > the server.


    > I think it is duplicated, but secure then just a single
    > way,


    If you validate on the server (correctly) then also doing so on the client
    does not add to security. It may enhance the user experience (eliminate
    round trips, provide nicer error messages, etc), and it may reduce server
    load (although it is hard to beleive that that would be significant), but
    it wouldn't increase security.

    Xho

    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
    , Apr 5, 2006
    #10
  11. phal

    phal Guest

    Thank you all for the suggestions, currently, I use localhost to test
    the script. The script will be used for university campus for Intranet
    exam or perhaps for the Internet exam for only the University, I not
    very sure about the speed of the Server. Usually, the server slows down
    when all the students go for the assessments.

    The purpose of the CGI script is to display dynamically of the
    questions bank in the database, and do all the validation of the short
    essay and answer choice for the students who do the assessment. It is
    also used for upload the questions and answers.

    I think to maximize the usage of speed, and also the security concern.
    It is problematic for duplicate doing validate in both the client and
    server. I think it is enough to make it only in server side and display
    a nice error to user, but as someone suggest me to do it both sides to
    make it more secure then just as single way.

    I have think off to do it in both direction, using Javascript and Perl,
    I need to include all the Javascript in the Perl if I need to do the
    validation in client side too.

    How can I maximize the use of Javascript inside Perl? Is it possible
    to generate the Javascript separately then include inside Perl?

    I have one idea to do with that, but I do not know whether it is
    possible or not, using Perl script to generate all the Javascript
    separately and then using Perl script to call the javascript. I think
    it may help to prevent the entire headache from the input which only
    depends to the server.

    I also use perl_mod.
    phal, Apr 6, 2006
    #11
  12. phal

    Joe Smith Guest

    phal wrote:

    > The purpose of the CGI script is to display dynamically of the
    > questions bank in the database, and do all the validation of the short
    > essay and answer choice for the students who do the assessment. It is
    > also used for upload the questions and answers.


    The usual thing to do is to have Javascript verify that all required
    fields have suitable values entered _before_ the the form is submitted
    back to the server. For example, if an input field requires a five
    digit number, verify that the string is five characters long and consists
    of only digits. That is, check the form of the data, not the answer.

    It is not appropriate to see if the answer is correct on the client
    side, since the code that does so can be seen via "View Source", allowing
    for cheating.

    > I think to maximize the usage of speed, and also the security concern.


    From what you've posted, worrying about speed should not be your
    primary concern.

    > It is problematic for duplicate doing validate in both the client and
    > server. I think it is enough to make it only in server side and display
    > a nice error to user, but as someone suggest me to do it both sides to
    > make it more secure then just as single way.


    Client validation and server validation have different uses.
    It is not one-for-one duplication, and not wasted effort.

    > I have think off to do it in both direction, using Javascript and Perl,
    > I need to include all the Javascript in the Perl if I need to do the
    > validation in client side too.


    Not at all. One method is to put a single line of text in Perl to be
    sent to the browser, like:
    <script language="JavaScript" type="text/javascript" src="/js/validate-form-1.js">

    > How can I maximize the use of Javascript inside Perl? Is it possible
    > to generate the Javascript separately then include inside Perl?


    I'd say don't use Javascript inside Perl. Write your Javascript functions
    separately and store them in separate files, as shown above.

    > I have one idea to do with that, but I do not know whether it is
    > possible or not, using Perl script to generate all the Javascript
    > separately and then using Perl script to call the javascript.


    No, no, no. You don't have to have the Perl script call the Javascript;
    you merely generate HTML that causes the client's browser to execute
    the Javascript. '<script src="...js">' is one way of doing that.

    1) Client sends request to server for the next exam question.
    2) CGI program on server sends HTML to the client, in the form of
    constant strings, generated text, and/or URLs the client
    will need to fetch on its own.
    3) When the user clicks on a Submit button, JavaScript running on
    the client decides whether to send the form data to the server,
    or to prompt the user to enter missing information.
    4) The form data being sent to the server may or may not have be
    the result of correct JavaScript execution. The user may be
    running a hacked client that is deliberately sending bad data.
    5) The server must do its own validation, including crucial checks
    that were not included in the client-side JavaScript.

    > it may help to prevent the entire headache from the input which only
    > depends to the server.


    Unless you are willing to accept bad or fraudulent data, you _must_
    do validation on the server. Period.
    Joe Smith, Apr 10, 2006
    #12
  13. phal

    Rich Guest

    On 6 Apr 2006 14:09:48 -0700, phal wrote...
    >
    >Thank you all for the suggestions, currently, I use localhost to test
    >the script. The script will be used for university campus for Intranet
    >exam or perhaps for the Internet exam for only the University, I not
    >very sure about the speed of the Server. Usually, the server slows down
    >when all the students go for the assessments.
    >
    >The purpose of the CGI script is to display dynamically of the
    >questions bank in the database, and do all the validation of the short
    >essay and answer choice for the students who do the assessment. It is
    >also used for upload the questions and answers.
    >
    >I think to maximize the usage of speed, and also the security concern.
    >It is problematic for duplicate doing validate in both the client and
    >server. I think it is enough to make it only in server side and display
    >a nice error to user, but as someone suggest me to do it both sides to
    >make it more secure then just as single way.
    >
    >I have think off to do it in both direction, using Javascript and Perl,
    >I need to include all the Javascript in the Perl if I need to do the
    >validation in client side too.
    >
    >How can I maximize the use of Javascript inside Perl? Is it possible
    >to generate the Javascript separately then include inside Perl?
    >
    >I have one idea to do with that, but I do not know whether it is
    >possible or not, using Perl script to generate all the Javascript
    >separately and then using Perl script to call the javascript. I think
    >it may help to prevent the entire headache from the input which only
    >depends to the server.
    >
    >I also use perl_mod.
    >


    You might be better off using a combination of the two, though I'd at least
    start with the error checking on the server end with Perl. Javascript can make
    form validation pretty, by creating dynamically changes to the HTML without
    communicating with the server, but it has its limitations. In the end, you want
    to be able to check the form data with Perl, since Javascript doesn't guarantee
    that it will be sent in correctly or in a secure manner.

    Rich

    --
    Free download capacity each month, just for being a NewsGuy
    member! BonusBytes(TM) - http://newsguy.com/bonusbytes.htm


    --
    Rich, Apr 10, 2006
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    4
    Views:
    668
    Walter Roberson
    Sep 9, 2005
  2. Replies:
    3
    Views:
    392
  3. Santosh

    Validate User Input before calling java script function

    Santosh, Jun 3, 2006, in forum: ASP .Net Datagrid Control
    Replies:
    1
    Views:
    156
    Scott M.
    Jun 5, 2006
  4. Amit

    JavaScript to validate User input

    Amit, Nov 12, 2007, in forum: Javascript
    Replies:
    6
    Views:
    118
  5. Abhishek
    Replies:
    5
    Views:
    214
    David Mark
    Aug 7, 2008
Loading...

Share This Page