It makes perfect sense now. Thanks for clearing it up for me Chris :)
-Peter
On Fri, 2004-01-09 at 15:29, Chris Shiflett wrote:
--- Peter Vertes <[EMAIL PROTECTED]> wrote:
> Just to play devil's advocate; why would you validate data on the
> server if you have a _javascript_ that checked th
--- Peter Vertes <[EMAIL PROTECTED]> wrote:
> Just to play devil's advocate; why would you validate data on the
> server if you have a JavaScript that checked the user's input before
> it gets submitted to the server? I mean the whole point of you having
> that JavaScript is to make sure the the co
[snip]
why would you validate data on the server
if you have a JavaScript that checked the user's input before it gets
submitted to the server ? I mean the whole point of you having that
JavaScript is to make sure the the correct data gets entered so why
bother checking it once again on the server
On Fri, 2004-01-09 at 14:22, Chris Shiflett wrote:
But, no matter what, always validate data on the server. Otherwise, it's
like being a teacher and having your students grade their own work; it
only works when everyone is honest (and I can guarantee you that won't be
the case on a public Web
--- Matt Grimm <[EMAIL PROTECTED]> wrote:
> Is there a distinct advantage to doing form validation / error checking
> on the server side using PHP?
Yes, security.
Basically, I never think of it as client-side *versus* server-side. I
think of it more like this:
1. Server-side data validation? YES
On Fri, 2004-01-09 at 13:07, Matt Grimm wrote:
Is there a distinct advantage to doing form validation / error checking on
the server side using PHP? That's how I've always done it because I know
PHP better than _javascript_, but wouldn't it make sense to validate as much
of your form as possi
> Is there a distinct advantage to doing form validation /
> error checking on
> the server side using PHP?
The actual code you use to validate remains hidden from a potential
malicious user, while javascript code can be seen, so if there is a
hole in your error checking, it can be found easier.
T
On Fri, 2004-01-09 at 11:07, Matt Grimm wrote:
> Is there a distinct advantage to doing form validation / error checking on
> the server side using PHP? That's how I've always done it because I know
> PHP better than JavaScript, but wouldn't it make sense to validate as much
> of your form as poss
to recheck what Javascript can do now - it's pretty extensive
for a client-side scripting language.
-M
-Original Message-
From: Matt Grimm [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 1:08 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Form validation: client- or server-side?
Matt --
...and then Matt Grimm said...
%
% Is there a distinct advantage to doing form validation / error checking on
% the server side using PHP? That's how I've always done it because I know
1) I hate JavaScript.
2) Don't trust anything coming from a client.
You should be validating on the
Is there a distinct advantage to doing form validation / error checking on
the server side using PHP? That's how I've always done it because I know
PHP better than JavaScript, but wouldn't it make sense to validate as much
of your form as possible using JavaScript before the form was ever posted?
11 matches
Mail list logo