I'm modifying a certain application (Coppermine Photo Gallery) and adding custom profile fields. Here's a question, is it advisable to check an input value twice, first using JavaScript and then using a server side script? For example, let's say that I add a new field 'Phone Number.' I verify the input value using JavaScript. Once it verifies it, the data is sent to the server. Should the server (or PHP) check it again ...?
Yes, I first check it with Javascript and a nice dialog box will appear if they enter something wrong, very convenient because they don't have to type it again. But if someone want to hack you, they can download your page, delete your javascript code and target your website address (something like <form action="http://ww w.yoursite.com/index.php?option=submit method="post">) and ... as you knew
Or they could simply have javascript turned off. It is best to have both if it is a key piece of data. If it is a nice to have than must have then you could simply use javascript and accept that you may receive some spurious data - for something like a telephone number just because it passes validation doesnt actually mean it is a real number or theirs so there is a slight question of server load -v- return
absolutely you must do a double validation on every data that you get from users. We cant know what actually they wrote in the text field, maybe a valid data, maybe a invalid data, or the most worst scenario, a snippet of script that may harm your system..
It is a waste of time to implement Javascript form checking, just use the server side checking. The user won't have to type everything over again if you fill the fields with the $_POST values. Peace,
I wouldn't agree with that. You can create some real nice Javascript warnings for invalid data. That is NOT to say that you shouldn't do server side checking also. This is very important. It's incredibly easy to pass false data to the server by bypassing Javascript so always always double check
the advantages of using jscript to do the form checking is that it's fast (because you dont have to send the data to the server to check them) and quite reliable. So server side checking is more to recheck if the user block the jscript from executing.
Hi, Yes, You can use Javascript for that kind of checking by using different alert option in your program .
Its called validation.. Answer is yes, you should always validate client input on the server, if you want you can provide client side validation also, as it will validate user input in the browser and hence will save one round trip from the server. but server side validation is must bcoz application shouldnt depend on client side validation only.