User input validations
In order to combine the greatest possible comfort for the user with the greatest possible security for your website, the data validation takes place in 2 “steps”.
On the client
The first validation of the user input takes place on the browser side when the user clicks the submit button. This is done using JavaScript.
The browser-side data validation is used to show the user incorrect entries immediately. They help the user to make all entries correct before the form is submitted and the data is processed. Browser-side validation can fail for a variety of reasons. For example, because JavaScript is deactivated in the browser, and it can also be circumvented programmatically.
On the server
The second validation of user input occurs after the data has been sent to the server. This is done on the server with PHP before the transmitted data is further processed in any way.
Unlike browser-side JavaScript validation, server-side validation cannot be bypassed or tampered with by the user. It serves to ensure the security of your website. It ensures that the transmitted data really corresponds to the formats you require and is “clean”.
Note: If Visforms finds incorrect user input during server-side data validation, the form is immediately displayed to the user again with the corresponding error messages.
Valid user input that the user has already made are automatically transferred to the resubmitted form.
Supported data validations
The criteria according to which the user input can be validated depends on the selected field type. Supported field types are listed in this article: Supported HTML Controls.
Please note that only the “Required field” validation option forces a user to enter an entry in a field. All other options listed below accept empty user input as a valid value. Your validation rules only come into play when a user has actually provided input. Your job then is to verify that the “format” of the user input is correct.
Unless otherwise noted, the validation options can be specified in the field configuration under the “Basic settings” tab.
Validation | Description | Supported Field Type | Remark |
---|---|---|---|
Required field | User must type in field | All field types except "hidden" | Please note: only this validation option forces the user to type in the field. |
Verifies that user input is in valid email address format. | Field type driven validation that is automatically applied when a field is of type "email". | ||
URL | Verifies that the user input is in a valid URL format beginning with http. |
|
Field type driven validation that is applied automatically when a field is of type "URL". |
Number | Checks that user input contains only positive or negative numbers. |
|
Field type driven validation that is automatically applied when a field is of type Number. |
Date | Verifies that the user input matches the date format chosen in the field configuration. |
|
The date formats DD.MM.YYYY, MM/DD/YYYY and YYYY-MM-DD are supported. |
Min Length | "Text fields": Minimum number of characters that the user must enter in the field. Checkbox Group: Minimum number of checkboxes in the group that the user must check. |
|
If you have activated the "HTML editor" option for a textarea type field, i.e. if a text editor is displayed to the user, the number of characters entered may not be determined correctly (too large). |
Max length | "Text fields": Maximum number of characters that the user can enter in the field. Checkbox Group: Maximum number of checkboxes in the group that the user can check. |
|
If you have activated the "HTML editor" option for a textarea type field, i.e. if a text editor is displayed to the user, the number of characters entered may not be determined correctly (too large). If you do not specify a maximum number for a checkbox group, the user can check all checkboxes in the group. |
Minimum value | Smallest allowed numerical value. |
|
|
Maximum value | Largest allowed numeric value. |
|
|
Minimum date | Smallest allowed date value. The value can be specified as:
|
|
This validation type is only available in the Visforms Subscription available. |
Maximum date | Largest date value allowed. The value can be specified as:
|
|
This validation type is only available in the Visforms Subscription available. |
Integers only | Only whole numbers without decimal places may be entered |
|
In the computer world, unlike in the German-speaking world, the point is used as a decimal separator, while the comma is a thousands separator. If you enable this validation, input of the form 1.111 is valid, while 1.111 is invalid. |
Custom Validation | Individual validation of the user input against a so-called regular expression that you can freely define. |
|
|
Allow multiple selection | Several options of a list box can be selected at the same time. |
|
The default is that only one option can be selected from a list box. |
Same value as | Validate that user input in one field has the same value as in another field. |
|
Only fields of the same field type can be checked for identical user input using the "Same value as" validation. |
Allowed file extension | Allow file extension(s) of a file to be transferred with the field. |
|
This validation is set in the form configuration under the "Advanced" tab. |
Maximum file size | Maximum file size of a file that can be submitted with the form. |
|
This validation is set in the form configuration under the "Advanced" tab. In the field configuration, you can specify field-specific rules. |
Enforce unique values | Enforce that within records submitted for a form, user input in this field is unique. |
|
This option is set in the field configuration under the "Advanced" tab. If you want to use this validation, you must ensure that the form option "Save data" is activated. A "Enforce Unique Values" validation is always performed server-side. |
Visforms uses the jQuery “Validator” plugin for browser-side validation of user input.
Individual error messages
If required, you can define an individual error message for each field. This is displayed when the browser-side validation shows that the user input is incorrect. Usually this is not necessary.
Standard error messages
If no individual error message is stored, the standard error messages for the respective error type are output. The standard error messages are stored in language files. If you don’t like the text of a standard error message, you can use the Joomla! Override Language Manager.
You cannot enter texts in the field configuration that will be displayed as error messages in case the server-side validation detects incorrect user input. Standard texts are always used here, but you can also use the Joomla! Language Manager can customize.