Hi, I am creating a contactus form, which when submitted sends an email to the sites admin. As the form is not placing data into the database, but simply sending an email containing the submitted data to the admin's email, do I need to do any PHP validation? Or can I just use the client side JavaScript? If a hacker disables JavaScript, I'm worried that they may use it for malicious purposes. Thanks for any help!
Thanks buldozerceto, +ve rep added, but am I thinking that the form data/email won't even enter the server, it will just be sent to the admin email address. Since none of the data will enter the database, why check it in the first place? *confused*
You should validate server side, someone could use the form to span you so you might want to validate IP upon sending the mail. Use client side scripting to ameliorate your user's experience (like validating an empty field) but always protect your entries.