Terminating submit / return false

[phppup]

While working with some PHP (contained within the same webpage) it occurred to me that using JavaScript to evaluate a form submission could alleviate server traffic; it seemed like a good idea that if the form was incomplete the JS could terminate the form and the PHP would never be run.

As a preliminary step, i adapted this code

Quote

<script>

document.getElementById("btn").addEventListener("click", displayDate);

function displayDate() {

alert (Date());  
return false;
} 

</script>

My expectation was that when BTN was clicked, the ALERT would fire, and RETURN false would prevent other processes from running (similar to a DIE() in PHP).

Instead, the ALERT was triggered, but my PHP error/confirm msgs followed.

Rather than leave the validation to PHP, i thought I'd ask for some insight here.

Thanks.

[Strider64]

e.preventDefault() will stop the HTML button from firing:

    submit.addEventListener('click', (e) => {
        e.preventDefault();
        sendEmail.phone = phone.value;
        sendEmail.website = website.value;
        sendEmail.response = submit.getAttribute('data-response');
         if (sendStatus.name && sendStatus.email && sendStatus.comments) {
            saveRequest(sendUrl, sendUISuccess, sendUIError);
        } else {
            notice.style.display = "block";
            notice.textContent = "Name, Email, and Message Required!";
        }
    }, false);

 

[Barand]

Or you could use HTML "required" attribute E.G.

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-language" content="en">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Example</title>
</head>
<body>

    <form>
        Username*:<br>
        <input type="text" name="username" required autofocus><br>
        Email*:<br>
        <input type="email" name="email" required><br>
        <br>
        <input type="submit" value="Submit">
    </form>
    
</body>
</html>

You still need to validate in your PHP code as there is no guarantee that the input came came from your form.

[phppup]

On a somewhat related issue, I've seen a lot of 'ideas' floated "on the internet" and was wondering about this:

Quote

<?php

echo "<script> alert('test');

</script>";

?>

In this snippet, does PHP move the JavaScript code for client side accessibility? Or does this example add an additional burden to the server by transferring JS requirements to a server side function?

Edited March 7, 2021 by phppup
Typos

[requinix]

If those words you wrote were intended to ask about whether your PHP script has to be executed in order for that Javascript to be sent to the client, the answer is yes.

Perform obvious validation with Javascript (which you include with the form or in an external .js script), like checking required fields and value formats, then do the same stuff in PHP plus whatever else because you can't trust Javascript validation to be secure.
You can use form field attributes like "required" and "pattern" to make the browser do that validation instead of needing Javascript, but in exchange for the convenience you give up most customization of the error messages. Which may be perfectly fine for you.