I’m testing mostly the site in Google Chrome (last version), and just noticed that Opera (latest version) allows you to bypass the MANDATORY REQUIREMENT to fill the age. It simply ignores this field and even the form is successfully sent.

Link to form

And also probably some old browsers still manage to curse people with IMPOSSIBLE gender values, for example.

Those. Opera in this case ignores both JS and PHP validation. Is it generally legal to work like PHP and browsers?

I use the rules:

 $rules[] = array( 'gender', 'required', 'message' => 'Укажите пол' ); $rules[] = array( 'birthYear', 'required', 'message' => 'Укажите год рождения' ); $rules[] = array('gender', 'in', 'range' => array("f", "m", "?"), 'message' => 'Укажите пол.');

Update

Added another rule:

 $rules[] = array( 'birthYear', 'length', 'min'=>$AGE_START, 'max'=>$AGE_END, 'tooShort' => 'Укажите год рождения', 'tooLong' => 'Укажите год рождения', );

Opera is no longer buggy.

  • look at an example of your rules in the model - korytoff
  • and how do you save this model in the controller - korytoff
  • @korytoff -> save (), but are there other ways?) - Vitalik Z
  • And how do you put down the properties of the model? Maybe you have defaults? - korytoff
  • directly $ form-> gender = $ _POST ['Form'] ['gender']; - Vitalik Z

1 answer 1

Any data can come to your server from the client (in this case, the browser). Data validation should always be on a server other than JS . If your registration passes even without required fields, it means you have an incorrect PHP code with validation.

UPD

It is better not to access the $_POST array directly. In addition, there is an empty value in your drop-down list. One browser sends it to you, the other does not. It turns out when referring to $_POST['Form']['gender'] in one case, your string is empty, in another case null (not a fact, this is my guess).

Check the $_POST array in the controller in different browsers:

 var_dump($_POST); die();

You can either help the saveAttributes () method, or at least check for a null value:

 if(isset($_POST['Form']['gender']) && $_POST['Form']['gender'] != '') { $form->gender = $_POST['Form']['gender']; }
  • so it is there .. something of type if ($ form-> validate ()) {} I would be very happy if it’s about MY code. - Vitalik Z
  • @VitalikZ server part is not dependent on the client, it's in your php code. - webDev_
  • @VitalikZ updated the answer, look - korytoff
  • Ok, I'll take it all, thanks! - Vitalik Z