Is it necessary to use both exceptions and filter for the sign up form?

[cherri8]

Hi I also have more questions. i'll be using the the most simpler way to catch errors on the exceptions page which is shown below but i think it is too long still.I used die statements before but i heard that causes the script to end.for all my errors i dont want to tell people if they have done it correctly like in checkPwd(2) so can i just leave echo empty?.on the site they had the 2 in the brackets of checkPwd(2) (the site did say checkNum(2) ) is it necessary to have a 2 there?.i also plan to use preg match in my exceptions to see if people use numbers ,lettters,and etc...I try to check if the questions been answer but i get nothing in the search....thanks function checkPwd($pwd){if($pwd==null || $pwd==""){throw new Exception("please fill in password");}return true;}try{checkPwd(2);//This text is only shown if the exception is not thrown.echo ' ';}catch(Exception $e){echo 'Message: ' .$e->getMessage();}

[cherri8]

i also dont understand what this means: "Note: Exceptions should only be used with error conditions, and should not be used to jump to another place in the code at a specified point." is it saying that else if or switch statements and etc can not be used?

[justsomeguy]

You can remove the echo if you don't want to output anything. The parameter that is passed to checkPwd is the password to check, so that code is validating whether or not "2" is a valid password, which it is because the only requirement is that the password is not blank.

is it saying that else if or switch statements and etc can not be used?

No, it's saying that as a programming practice you should only use exceptions for what they're designed for, error handling, and not as a control structure to just jump to another piece of code when an error didn't actually happen.

[davej]

I'm trying to use something like this;

function checkInput($in, $name){   if($in==null)   {	  echo 'Error: ' .$name. ' is missing<br/>';   }   elseif ( trim($in) == "" )   {	  echo 'Error: ' .$name. ' is missing<br/>';   }   else   {	  return TRUE;   }    return FALSE;}

But really this is just a fallback to use if Javascript is disabled. Really you want Javascript to do this.

[cherri8]

You can remove the echo if you don't want to output anything. The parameter that is passed to checkPwd is the password to check, so that code is validating whether or not "2" is a valid password, which it is because the only requirement is that the password is not blank. No, it's saying that as a programming practice you should only use exceptions for what they're designed for, error handling, and not as a control structure to just jump to another piece of code when an error didn't actually happen.

Thanks I understand now.I was thinking that I can check all the stuff in form at the same time by using this ||.I have an example below .i hope it is correct.one more question can i leave the field in the two throw new exception empty by taking out the error and replace with this ' ' or NULL ? class customException extends Exception{public function errorMessage(){//error message$errorMsg = $this->getMessage().'All fields are required';return $errorMsg;}}try{try{if($username==NULL||$username==""|| $password==NULL|| $password==""|| $email==NULL|| $email==""){//throw exception if fields are emptythrow new Exception('Error:');}}catch(Exception $e){//re-throw exceptionthrow new customException('Error:');}}catch (customException $e){//display custom messageecho $e->errorMessage();}

[cherri8]

I'm trying to use something like this;

function checkInput($in, $name){   if($in==null)   {	  echo 'Error: ' .$name. ' is missing<br/>';   }   elseif ( trim($in) == "" )   {	  echo 'Error: ' .$name. ' is missing<br/>';   }   else   {	  return TRUE;   }    return FALSE;} 

But really this is just a fallback to use if Javascript is disabled. Really you want Javascript to do this.

thanks yah it wont be good if they disabled it because i'll be using database.

[thescientist]

ideally you should be validating on both ends. JS just offers a UI convenience in that you can return the errors to the user without having to submit the form first.

[justsomeguy]

I'm not sure what you're asking in post 5, but you can use the empty function instead of checking for null or an empty string, e.g.: if (empty($username) || empty($password) || empty($email)) I'm not sure why you have 2 try/catch blocks though, I don't see a reason for more than 1 there.

[cherri8]

I'm not sure what you're asking in post 5, but you can use the empty function instead of checking for null or an empty string, e.g.: if (empty($username) || empty($password) || empty($email)) I'm not sure why you have 2 try/catch blocks though, I don't see a reason for more than 1 there.

In the php tutorial try and catch is used 2 times for the re-throwing exceptions.i meant if i could check errors for more than one variable at the same time by doing this : if($username==NULL||$username==""|| $password==NULL|| $password==""|| $email==NULL|| $email=="") instead of doing this: if($username==NULL||$username=="") ------------------------------------------I want to leave these two that are bolded with '' or NULL because i want to use one message which is: All fields are required.I wasnt refering to the empty function.Sorry for being confusing lol.im new with web programing. throw new Exception('');throw new customException(''); class customException extends Exception{public function errorMessage(){//error message$errorMsg = $this->getMessage().'All fields are required';return $errorMsg;}}try{try{if($username==NULL||$username==""|| $password==NULL|| $password==""|| $email==NULL|| $email==""){//throw exception if fields are emptythrow new Exception('');}}catch(Exception $e){//re-throw exceptionthrow new customException('');}}catch (customException $e){//display custom messageecho $e->errorMessage();}

[cherri8]

ideally you should be validating on both ends. JS just offers a UI convenience in that you can return the errors to the user without having to submit the form first.

Oh I thought that user will see errors before submitting with exceptions.I'll have to study more.I dont even know where the errors would appear with exceptions.I'll would like for the users to see errors beside each form field.

[justsomeguy]

This is the same thing with less code, which is probably easier to understand:

try{  if(empty($username) || empty($password) || empty($email))  {    //throw exception if fields are empty    throw new customException('');  }}catch(customException $e){  //display custom message  echo $e->errorMessage();}

Oh I thought that user will see errors before submitting with exceptions.

PHP only runs when the form is submitted, regardless of how you do error checking or whatever else the code does. If you want to use PHP to validate and still want errors to show before the form submits then you'll need to use ajax to send the request to validate the form, get the response back from PHP, and decide whether you show error messages or submit.

[cherri8]

This is the same thing with less code, which is probably easier to understand:

try{  if(empty($username) || empty($password) || empty($email))  {	//throw exception if fields are empty	throw new customException('');  }}catch(customException $e){  //display custom message  echo $e->errorMessage();}

PHP only runs when the form is submitted, regardless of how you do error checking or whatever else the code does. If you want to use PHP to validate and still want errors to show before the form submits then you'll need to use ajax to send the request to validate the form, get the response back from PHP, and decide whether you show error messages or submit.

thanks .you all are great help.ill check out ajax.

[davej]

This is the same thing with less code, which is probably easier to understand:

try{  if(empty($username) || empty($password) || empty($email))  {	//throw exception if fields are empty	throw new customException('');  }}catch(customException $e){  //display custom message  echo $e->errorMessage();}

PHP only runs when the form is submitted, regardless of how you do error checking or whatever else the code does. If you want to use PHP to validate and still want errors to show before the form submits then you'll need to use ajax to send the request to validate the form, get the response back from PHP, and decide whether you show error messages or submit.

I have been criticized by those who feel that every error should throw an exception, but to me that code seems rather crazy. The problem with throwing an exception is that if a typical compiler did that it would only report your first compile error rather than providing a list of all detected syntax errors. I like the idea of throwing exceptions for critical errors. I don't think AJAX would be used just to request a server-side validation. It would make the submission after a Javascript client-side validation was successful, then as the PHP received the data it would do a secure server-side validation and then accept the data.

[justsomeguy]

The problem with throwing an exception is that if a typical compiler did that it would only report your first compile error rather than providing a list of all detected syntax errors.

This isn't a compiler, this is an application. If the application has bad data you probably don't want to continue. You generally want to avoid doing something like updating a database with bad data. Compilers generally do only report the first error though, if there is a syntax error and the code structure can't be determined then the compiler usually stops there instead of trying to parse the rest of the bad code.

I don't think AJAX would be used just to request a server-side validation. It would make the submission after a Javascript client-side validation was successful, then as the PHP received the data it would do a secure server-side validation and then accept the data.

Right. It might not be worth it to do the extra work for Javascript validation, the page won't refresh anyway. Send the ajax request and check the response, and either the data was processed correctly and you move on or there were errors and you display the messages.

[davej]

This isn't a compiler, this is an application. If the application has bad data you probably don't want to continue. You generally want to avoid doing something like updating a database with bad data. Compilers generally do only report the first error though, if there is a syntax error and the code structure can't be determined then the compiler usually stops there instead of trying to parse the rest of the bad code.

Well, a compiler was the only example that popped to mind and may not be the best example, but it seems like throwing exceptions has become the new style for handling any error now, and I just don't know if I agree with that because it limits what you can do.Is there a good "Best practices" list for Php that mentions this topic? Thanks.

[justsomeguy]

it seems like throwing exceptions has become the new style for handling any error now, and I just don't know if I agree with that because it limits what you can do.

I don't think I agree, since you can catch and handle an exception you can pretty much do whatever you want when the error happens. Contrasted with a fatal error, where the execution simply stops. An alternative would be to use set_error_handler to define a function that gets called whenever an error happens, and trigger_error to cause an error. Other than that, there's a lot of discussion on error handling in PHP. http://www.google.com/search?client=opera&rls=en&q=php+error+handling+best+practices&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest