Board Logo

Date Range Restriction
ScotDiddle - 3/13/2008 at 05:25 PM

Hello All,

At times, my users may wish to extract data from the DB that is between two dates. My allowed dates are for only those items which have a date_value in the DB record (generated via PHP DB Query). If my DB has two months worth of data, and the user selects the last day of the first month as the starting date in his date range, is there any way to further restrict the allowed dates available in my ending_date calendar to exclude those dates that are prior to the beginning_date selected by the user in calendar_1. I know I can do it via post-form-submit processing via PHP, but I am hoping there is a javascript solution.

Thanks, Scot L. Diddle, Richmond VA


tigra - 3/14/2008 at 02:57 PM

you'll need to dynamically populate mindate/maxdate configuration of the calendars based on the information in your database and the restrictions you want.

BTW: you still need to double-check the range on the server side. Data received from the client should never be trusted.


ScotDiddle - 3/18/2008 at 06:24 PM

Hello,

Stop me if you've head this before... ( I hit Post Reply once before ) but it seems to have ended up in bit-bucket.

Thanks for the input... Are you saying that my only option is to rebuild the ALLOWED_DATES parm 'post submit' via PHP, similar to what I did to build the ALLOWED_DATES originally ? Is there a way to do this via JS ?

Point taken about verifying the user date server side... However, my users ( read Boss, and Big Boss Big Boss ) are "fill in your own adjective here", so I hacked the Tigra JS and made the Modal input field READONLY, and issue and onClick Alert telling my punkin' users that they must use the calendar control. The dates displayed by the calendar control DO exist in the DB, and they can't enter an invalid date, or an invalid date format. Ya gotta love your users, but you don't have to trust them. :)

Scot L. Diddle, Richmond VA


tigra - 3/19/2008 at 04:28 PM

JavaScript in the browser will not know what is the valid date range unless you get the information from the database and feed it to the browser via some javascript variable or configuration parameter. There is no need to update that information via the javascript after the page is loaded because there is no new information after that (at least no information that browser can find out without additional requests to the server). That's why it seems like a reasonable solution to query the database before displaying the form, find out what valid range is and put that data in the calendar configuration so nothing outside this range can be selected.

On trusting users (or rather client side part of the system): whatever measures you implement there are no guarantees you'll get the valid information from the client. JavaScript can be disable or whole form submission can be spoofed. Anyway, server side validation is the must for the security and stability of the system.


Softcomplex: http://www.softcomplex.com/
Back to forum: http://www.softcomplex.com/forum/