Results 1 to 2 of 2
  1. #1
    Join Date
    Sep 2008
    Posts
    13

    check database record with javascript

    short story:

    i need a way to check if a username/email exists in my database with JavaScript, is it doable?

    details:

    so i mad this "form validation" in JavaScript it takes all the user submitted inputs from the form and checks if some conditions such as string length, proper email/date format and so on, are true or false.
    I've done this as a way to avoid being redirected to the php file each time i submit something and then going back if something is wrong and so on.
    Everything is ok except i need a way to check if an username/email already exists in my database before submitting the whole thing to the php file, any help?

  2. #2
    Join Date
    Apr 2004
    Location
    Nr London, UK
    Posts
    831
    You would still have to query something remotely, as to what - that is up for debate.

    I would suggest a simple php option (as you mention) - you could do it via an AJAX call, but is that really sane?

    You will end up doing the initial query -> then the submission query, if that initial is successful at the same time in two tabs, then the first tab succeeds, then the second tab would fail.

    You are doing the work for 0 gain, and more work -> more code -> client side and server side to me is rather silly - (especially for an email check (return code validations, return results, fails etc. etc. etc. and all the error handling that goes with it - the other things are simple additions of validation)

    So, on that basis, I would suggest avoiding it.

    Secondly it gives people a direct link to finding out your clients by testing email addresses.

    Now, you say that you could try this anyhow by entering emails until it replies on say a login system you would say: invalid username or password, not suggesting which it is (I always try to say that rather than "invalid password" or "no such user" etc. as that is giving far too much info away.

    The other thing I worry about is "email format" - you don't just check for "@" and at least one "." - because there are a few that fail when you enter hyphens, or subdomains or other such items - and that just makes me annoyed.

    You end up having to do this all server side anyhow (not that it harms doing it in depth) - especially since ANYTHING in the clients control can be forged so has to be checked.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •