confused and dazed Posted August 5, 2014 Share Posted August 5, 2014 (edited) Hello internet, I was not sure if I should put this in JAVASCRIPT or php – in the end the form gets submitted so I decided to put this in the PHP forum. Here is my dilemma – I have several JAVASCRIPT checks to make sure people fill out their name, phone number, feedback content, and have a valid email address. On occasion it seems like people are getting around that JAVASCRIPT just to prove a point. Blank forms are being submitted. What can I do to prevent this? Edited August 5, 2014 by confused and dazed Link to comment Share on other sites More sharing options...
JamesB Posted August 5, 2014 Share Posted August 5, 2014 Java and JavaScript are 2 completely different languages. You will need server-side data validation (in PHP). Client side data validation (in JavaScript) is optional. Make sure all your form values are being validated in PHP. Link to comment Share on other sites More sharing options...
confused and dazed Posted August 5, 2014 Author Share Posted August 5, 2014 Meant Javascript. I will place checks there as well. The question still remains though... HOW are they doing it.... Link to comment Share on other sites More sharing options...
dsonesuk Posted August 5, 2014 Share Posted August 5, 2014 They disable JavaScript, no JavaScript, no JavaScript validation, THAT is why you should have serverside validation from the beginning, and use JavaScript only to give user friendly validation, that does not require to be submit and reload everytime like what the server side validation would require. 1 Link to comment Share on other sites More sharing options...
niche Posted August 5, 2014 Share Posted August 5, 2014 (edited) If they can see it in your source code, they can defeat it, if there's a weakness. Server side gives a hacker very little to work with even when you have a weakness (except for big weaknesses). Never used JS for that purpose. Therefore, never occurred to me that a user could shut off their JS for that reason. Thanks as usual dsonesuk. I didn't know that I didn't know that! Edited August 5, 2014 by niche Link to comment Share on other sites More sharing options...
confused and dazed Posted August 5, 2014 Author Share Posted August 5, 2014 I try to keep all JS and CSS in remote files that are called in the <head></head> of my page. I only do in-line CSS when necessary and typically never any JS. Never thought about folks shutting off the JS... Thanks for that bit of info! Link to comment Share on other sites More sharing options...
dsonesuk Posted August 5, 2014 Share Posted August 5, 2014 I use addon for firefox called NoScript, stops annoying popups, flash movies playing, which I'm not interested in. It gives a list of javascript scripts attempting to run from the site, and i can select from that list what i do or no not want to run. Also spambots don't need JavaScript so they would easily get through a js only validation form. Link to comment Share on other sites More sharing options...
confused and dazed Posted August 5, 2014 Author Share Posted August 5, 2014 I get it... vulnerable... that’s why I seek all of your help. Thanks for tips as well. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now