Jump to content

Form Validation With Js Or Php?


kensbeijing
 Share

Recommended Posts

I'd use both, but at least use PHP because a user could easily create his own page to submit something to your website that is not valid.JavaScript just makes it more user friendly because the page doesn't have to be reloaded after validating the form.Make sure you use the mysql_real_escape_string() function to prevent any injections into the SQL Database (Google is your friend).

Link to comment
Share on other sites

If you want both usability and security, then do both. Why not?But as Rocky said, JS can easily be turned of and requests (even POST ones) easily forged. So you at least need a filter at the server-side to validate data.

Link to comment
Share on other sites

Now you know why even the most trivial of blogs and surveys require people to register, verify and email address, and then login before they can actually post data. Like everything else, though, it's just one more imperfect layer of pseudo-safety.The bigger problem is not not illegal posts, as you call them, but attacks, eg., 1000 big posts in 5 minutes, that can clobber your bandwidth and make your host shut down your site. Crackers do that just for fun. You might also want to look into a widget that locks out more than, say, 10 posts/hour from the same IP.Another widget might simply look for unusual activity at regular intervals.Security is a lot of headaches.

Link to comment
Share on other sites

How do I prevent people from forging the post form?
You can't. It's just the way HTTP works - ANY data gets sent in ANY (undefined) fashion, and A response is sent. What you CAN do is to check the data submitted, and act only upon valid one, and present an error otherwise. The exact response the user agent (be it a browser, search engine or something else) will receive depends entirely on you.A great tool that can enspire you and make you understand (if you haven't already) is Fiddler (see my signature). Just open it, then open IE, go to your form and submit some data. Then go to Fiddler, on the left click the name of your form interpreter, and on the right click "Raw" in both the "Request" and "Response" sections. If your head hasn't exploded after you see (and realize) what's in there, post again.
Link to comment
Share on other sites

How do I prevent people from forging the post form? Surely with the validation and that, they can still post valid data illegally (not using the form).
That's what server-side validation is for. The request may get past the client, but will still be caught as it enters the server.
Link to comment
Share on other sites

How do I prevent people from forging the post form? Surely with the validation and that, they can still post valid data illegally (not using the form).
That's what server-side validation is for. The request may get past the client, but will still be caught as it enters the server.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...