Jump to content
confused and dazed

How can Folks keep bypassing my Java when submitting a form

Recommended Posts

Hello internet,

I was not sure if I should put this in JAVASCRIPT or php – in the end the form gets submitted so I decided to put this in the PHP forum. Here is my dilemma – I have several JAVASCRIPT checks to make sure people fill out their name, phone number, feedback content, and have a valid email address. On occasion it seems like people are getting around that JAVASCRIPT just to prove a point. Blank forms are being submitted. What can I do to prevent this?

Edited by confused and dazed

Share this post


Link to post
Share on other sites

Java and JavaScript are 2 completely different languages.

 

You will need server-side data validation (in PHP).

Client side data validation (in JavaScript) is optional.

 

Make sure all your form values are being validated in PHP.

Share this post


Link to post
Share on other sites

They disable JavaScript, no JavaScript, no JavaScript validation, THAT is why you should have serverside validation from the beginning, and use JavaScript only to give user friendly validation, that does not require to be submit and reload everytime like what the server side validation would require.

  • Like 1

Share this post


Link to post
Share on other sites

If they can see it in your source code, they can defeat it, if there's a weakness. Server side gives a hacker very little to work with even when you have a weakness (except for big weaknesses).

 

Never used JS for that purpose. Therefore, never occurred to me that a user could shut off their JS for that reason.

 

Thanks as usual dsonesuk. I didn't know that I didn't know that!

Edited by niche

Share this post


Link to post
Share on other sites

I try to keep all JS and CSS in remote files that are called in the <head></head> of my page. I only do in-line CSS when necessary and typically never any JS.

 

Never thought about folks shutting off the JS... Thanks for that bit of info!

Share this post


Link to post
Share on other sites

I use addon for firefox called NoScript, stops annoying popups, flash movies playing, which I'm not interested in. It gives a list of javascript scripts attempting to run from the site, and i can select from that list what i do or no not want to run. Also spambots don't need JavaScript so they would easily get through a js only validation form.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...