Anytime you let users input a value that you plan on using in a program you're introducing a chance for something to go wrong. As a programmer, you need to be concerned with making sure that the user enters data you're expecting. When a number is required, what happens if the user enters letter "z"?
Typically, once the user submits their data, some sort of validation is run on it to ensure that the data is acceptable. A simple example looks like this:
search_btn.onRelease = function() {
var filtered = ""; // save the filtered string
var current = ""; // current character in keyword
// loop over the keyword text string
for (var i = 0; i < keywords_txt.text.length; i++) {
// filter out invalid characters. The invalid characters
// are ( ) { } ! @ $ and ^
current = keywords_txt.text.charAt(i);
if (current == "(" || current == ")"
|| current == "{" || current == "}"
|| current == "!" || current == "@"
|| current == "$" || current == "^") {
// skip over character
} else {
// add character to filtered text
filtered += current;
}
}
// display results to output window
trace(filtered);
}
Is there anything wrong with the above example? It finds any of the invalid characters listed and strips them out of the text entered in the keyword text field. It does what is was supposed to do.. but yet, there's still something wrong with it.
When performing data validation, it's always best to validate data by what characters are accepted, rather than what characters are not accepted. By checking for the characters defined as invalid we allow room for error.
What if I miss a case in the if statement? What if I make a typo and } is replaced with ]? What if another invalid character is discovered later, after the program is already in use? How can I possibly know all of the invalid characters beforehand... and if the list gets long, how can I easily maintain it in the future?
All of those questions can be addressed by simply validating data by a list of allowed characters. No longer do we have to worry about missing an obsure character we might not have thought to exclude, and we don't have to deal with a long list of excludes anymore either. The revised code might look like this:
search_btn.onRelease = function() {
var filtered = ""; // save the filtered string
var current = ""; // current character in keyword
// loop over the keyword text string
for (var i = 0; i < keywords_txt.text.length; i++) {
// only allow 0-9, a-z, A-Z and space..
// filter out everything else
current = keywords_txt.text.charAt(i);
if (current >= "a" && current <= "z"
|| current >= "A" && current <= "Z"
|| current >= "0" && current <= "9"
|| current == " ") {
// add character to filtered text
filtered += current;
}
}
// display results to output window
trace(filtered);
}
As you can see, the revised code looks pretty much the same, but is much more powerful at making sure the input is valid. By saying "I'm only allowing these characters" and testing for them, you can improve your data validation routines for user input without worrying about a user "slipping something in" that might go unnoticed.
This approach in general is pretty obvious, but I wanted to point it out as it may not be something you've ever thought about... Always program for the worst-case scenario - your programs will end up being more robust and fault-tolerant in the end.
Nice examples Darron!
One of the things I like about Flash is the fact that you can prevent the user reliably from entering invalid data, thus making validation often unnessecary - and the prevention follows the same 'disallow anything which is not explicitly allowed' policy:
my_txt.restrict = "A-Z 0-9";
(restrict() is also available as a method of the TextInput class)
Good call Andreas, I probably should've given a better example.. something along the lines of entering a phone number with a mask: (xxx) xxx-xxxx. In that case, you can use restrict, but the data may still not be valid.
Just a quick note that restrict is Flash 6+.
When I made this post I actually had ColdFusion form validation in mind, and this "only validate against what you allow" is more of a general rule of thumb of programming. I just decided to give a Flash implementation example.. 'cuz hey, Flash rules.
hi, how to do a validation for Flash communication server when user want to login?
Excelent post, Darron.