On 12/08/16 09:58, Rowan Collins wrote: >> From a practical point of view of cause, the validation of inputs may >> well be done in the browser so that the constraints get passed TO some >> html5 check, or javascript function. So having uploaded the form one >> COULD simply tag a variable as valid? > > Just a reminder to you and anyone else reading: NEVER TRUST USER INPUT. > You can add all the JS in the world to your forms, but a user can always > ignore that and craft their own input with whatever data they like in it.
Many of my systems run on secure intra-nets and much of the 'safety concerns' that have been brought up recently as 'essential' simply don't apply. YES for web services that anybody has access to then 'NEVER TRUST USER INPUT' is the rule, but for a simple local network only system then one can trust that the browser is doing the right thing. It's one of the reasons I've not been able to convert a number of sites since they don't have a problem :( -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
