SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict
    Join Date
    Jun 2008
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    validation of a form

    should user submitted values always be validated through php even if they're already validated trough JavaScript? Please suggest

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,000
    Mentioned
    101 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sandy1028 View Post
    should user submitted values always be validated through php even if they're already validated trough JavaScript? Please suggest
    They should ALWAYS be validated and sanitized server side in PHP (or whatever the server-side language happens to be). Javascript can be usefull for submitting each field to be validated and sanitized by PHP as it's filled in. Never, ever trust any data that has been submitted by the user in any way (GET array, POST array, cookies, etc).
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    Non-Member
    Join Date
    Oct 2013
    Posts
    1
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I don't know how to validate a site's form.
    Last edited by DaveMaxwell; Oct 10, 2013 at 12:43.

  4. #4
    Patience... bronze trophy solidcodes's Avatar
    Join Date
    Jul 2006
    Location
    Philippines
    Posts
    933
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    @raudpkumm ;
    http://php.net/manual/en/function.filter-var.php

    The question is filter_var is enough?
    Quality codes are optimized and tested...
    Click here for inspiration..

  5. #5
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,118
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by sandy1028 View Post
    should user submitted values always be validated through php even if they're already validated trough JavaScript? Please suggest
    Yes indeed, as explained above. JS validation is just for convenience (user gets prompted without page refreshes). But the user can turn off JS with the click of a button, and bots can bypass it too. So in terms of security, it's like putting a protective fence around your house by no lock on the gate.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •