| « Announcement: Yet Another New Look | Yee-hawtf! » |
When Doug D. was asked to investigate a data truncation issue, he figured it'd be pretty easy. He clicked through the application to test it out, and discovered that validation was only handled client side. After turning JavaScript off, he could submit text boxes with more text than would fit in the database column.
There was just one problem; he didn't see the client-side validation code next to the other functions defined on the page. He scrolled down to the submit button to see what it did in its OnClick.
<input onclick="var flag = true;
flag = validateRecord(form.res_Addr_1,form.res_City_1,form.res_County_1, form.res_State, form.res_Zip);
if (flag == true)
{ // validate start Date and End Date
var dateflag = true;
var day = "";
dateflag = validate(form.res_MM, day,form.res_YYYY);
if (dateflag == true)
{
dateflag = validate(form.res_MM_end, day, form.res_YYYY_end);
if (dateflag == true)
{
dateflag = ComparedDate(form.res_MM,"01",form.res_YYYY, form.res_MM_end,"01", form.res_YYYY_end);
if (dateflag == true)
{
// check to see if it is a new record or existing record
if (editResRecord == -1)
{ // new record
// add the year values in the array, so we can use the value later on to see if resident information contains records up to 7 years
stYear.push(parseInt(form.res_YYYY.value)); // start year
// add record in the text area
pushOn(RecordArray, MsgArray,form.DisplayRecord);
ClearResidentField();
form.totalResRecord.value = RecordArray.length;
form.res_Addr_1.focus();
}
else
{ // existing record that are being edited
stYear[editResRecord] = form.res_YYYY.value
//1) Loop through each array value and add all it all together as a record
var FinalMessage = "";
FieldInfo("ADDRESS:" , form.res_Addr_1.value, 0, "1");
FieldInfo("CITY:" , form.res_City_1.value, 1, "1");
FieldInfo("COUNTY:" , form.res_County_1.value,4, "1");
var i = form.res_State.selectedIndex;
FieldInfo("STATE:" , form.res_State.options[i].value ,2, "1");
FieldInfo("ZIP:" , form.res_Zip.value,3, "1");
FieldInfo("FROM:" , form.res_MM.value, 5, "1"); //start month
FieldInfo("/" , form.res_YYYY.value, 6, "1"); //start year
FieldInfo("TO:" , form.res_MM_end.value, 7, "1"); // end month
FieldInfo("/" , form.res_YYYY_end.value, 8, "1"); // end year
for (var i= 0; i < MsgArray.length; i++)
{
if (MsgArray[i] != null)
{
FinalMessage = FinalMessage + MsgArray[i];
MsgArray[i] = "";
} // end if
} // end for
RecordArray[editResRecord] = FinalMessage;
DispArray (RecordArray, DisplayRecord)
ClearResidentField();
form.res_Addr_1.focus();
editResRecord = -1 // change the edit record flag back to false
form.totalResRecord.value = RecordArray.length;
}
} // end if
} // end if
} // end if
} // end if
" type="button" value="Add / Update Record" />
Doug moved the code to its own separate function and added server-side validation.
|
What kind of idiot knows Javascript, but doesn't know that you can (and should) put client-side event handlers into methods? Especially since he already is calling methods in the onclick code. Javascript ain't ASP.NET, buddy. There's no separation of code/presentation unless YOU make it happen.
I'm guessing this is the result of a lazy programmer. "Eh, I wrote it and it works, so I never need to touch it again unless something is wrong." |
flag = validateRecord(form.res_Addr_1,form.res_City_1,form.res_County_1, form.res_State, form.res_Zip);All this silly indentation... if (validateRecord(form.res_Addr_1,form.res_City_1,form.res_County_1, form.res_State, form.res_Zip) && Why do so many programmers don't know bit operators? |
Re: OnClick Does What?!
2008-01-21 08:37
•
by
Phleabo
(unregistered)
|
I have no idea what point you're trying to make. Are you trying to say that the project manager mandated that the coder not use functions or other basic hallmarks of good style? |
| « Announcement: Yet Another New Look | Yee-hawtf! » |
Not Dorothy:
