Have you considered using an input of type “number” and then setting a minimum of 1 on it?
Simple example…
Btw, make sure you are always validating on the server-side as well. Someone can always edit the HTML inline and inject their own values into the input field.
Yeah so the data you submit in your form is sent to your server for processing. I assume you are going to process the submitted data using PHP or some other server-side language (ASP.NET, Python or whatever). The data that comes from your form cannot be trusted because the user can alter the form in their browser and essentially have any data they want sent in the form.
You mitigate this by reading the value submitted from your form (for this number field for instance) and you check to make sure that it is a number and in the range starting from 1 etc.
Only if all the data on the form has been validated do you then use that data to do whatever you are going to do, store it in a database etc.
Many people new to programming don’t realize this and assume that if they use Javascript or something, or HTML specific fields like the number field, that they are secured from malicious users injecting unwanted data and values into their forms. You always have to validate on the server before you work with data submitted by users.
Pshaw. What self respecting spammer actually uses forms
(for clarity, i’m being satirical; Martyr’s absolutely correct, but…)
Nothing stops me from just sending whatever your Form’s Action attribute says is your form processor absolutely anything i like - I dont have to use your form, I can just create an HTML request with the data, and send it directly to your processor. No restrictions there.
(That’s why we can never trust user input on the backend.)
