phal said:
The purpose of the CGI script is to display dynamically of the
questions bank in the database, and do all the validation of the short
essay and answer choice for the students who do the assessment. It is
also used for upload the questions and answers.
The usual thing to do is to have Javascript verify that all required
fields have suitable values entered _before_ the the form is submitted
back to the server. For example, if an input field requires a five
digit number, verify that the string is five characters long and consists
of only digits. That is, check the form of the data, not the answer.
It is not appropriate to see if the answer is correct on the client
side, since the code that does so can be seen via "View Source", allowing
for cheating.
I think to maximize the usage of speed, and also the security concern.
From what you've posted, worrying about speed should not be your
primary concern.
It is problematic for duplicate doing validate in both the client and
server. I think it is enough to make it only in server side and display
a nice error to user, but as someone suggest me to do it both sides to
make it more secure then just as single way.
Client validation and server validation have different uses.
It is not one-for-one duplication, and not wasted effort.
I have think off to do it in both direction, using Javascript and Perl,
I need to include all the Javascript in the Perl if I need to do the
validation in client side too.
Not at all. One method is to put a single line of text in Perl to be
sent to the browser, like:
How can I maximize the use of Javascript inside Perl? Is it possible
to generate the Javascript separately then include inside Perl?
I'd say don't use Javascript inside Perl. Write your Javascript functions
separately and store them in separate files, as shown above.
I have one idea to do with that, but I do not know whether it is
possible or not, using Perl script to generate all the Javascript
separately and then using Perl script to call the javascript.
No, no, no. You don't have to have the Perl script call the Javascript;
you merely generate HTML that causes the client's browser to execute
the Javascript. '<script src="...js">' is one way of doing that.
1) Client sends request to server for the next exam question.
2) CGI program on server sends HTML to the client, in the form of
constant strings, generated text, and/or URLs the client
will need to fetch on its own.
3) When the user clicks on a Submit button, JavaScript running on
the client decides whether to send the form data to the server,
or to prompt the user to enter missing information.
4) The form data being sent to the server may or may not have be
the result of correct JavaScript execution. The user may be
running a hacked client that is deliberately sending bad data.
5) The server must do its own validation, including crucial checks
that were not included in the client-side JavaScript.
it may help to prevent the entire headache from the input which only
depends to the server.
Unless you are willing to accept bad or fraudulent data, you _must_
do validation on the server. Period.