RE: [PHP] Help: Suggestions for multi page form validation
If it's okay I'll throw out two more questions then. 1-Probably a silly question, but is a faux pas if I don't do client side [javascript] validations ? 2a- Textboxes - provided I'm not allowing special characters (only alphanumeric) does this alone protect me from things like sql injections ? 2b- Do selects (menus, dropdowns) need to be validated for string content. aka, can crafty hackers turn these into a way to enter some funky data ? Thank you , Stuart --- Graham Cossey [EMAIL PROTECTED] wrote: Personally I would do as you suggest in 1. I would think your users would get rather annoyed if they had gone through several form pages to be told at the end of an error in form page1. So, page2 validates page1 etc. I would assume that page2 already does some processing of page1 anyway, as I believe you are adding the for. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Help: Suggestions for multi page form validation
I do not do any javascript validation, and try to avoid it if at all possible as you cannot guarantee that the client has JavaScript enabled, much like relying on cookies. If you are concerned about 'crafty hackers' you'll probably need to check every form element. You probably also want to check somehow that page2.php is actually being called from page1.php and not by any other means. Others on the list are much better equipped to deal with these matters than I, as I don't currently lock down my application to this degree. If you have not already, get along to Chris Shiflett's site, it's got some great info. http://shiflett.org especially: http://shiflett.org/articles HTH Graham -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: 19 October 2004 10:26 To: Graham Cossey; [EMAIL PROTECTED] Subject: RE: [PHP] Help: Suggestions for multi page form validation If it's okay I'll throw out two more questions then. 1-Probably a silly question, but is a faux pas if I don't do client side [javascript] validations ? 2a- Textboxes - provided I'm not allowing special characters (only alphanumeric) does this alone protect me from things like sql injections ? 2b- Do selects (menus, dropdowns) need to be validated for string content. aka, can crafty hackers turn these into a way to enter some funky data ? Thank you , Stuart --- Graham Cossey [EMAIL PROTECTED] wrote: Personally I would do as you suggest in 1. I would think your users would get rather annoyed if they had gone through several form pages to be told at the end of an error in form page1. So, page2 validates page1 etc. I would assume that page2 already does some processing of page1 anyway, as I believe you are adding the for. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Help: Suggestions for multi page form validation
Yes, this is a great reminder, as I thought about it. Man, can one form be so time consuming ? :) Stuart --- Graham Cossey [EMAIL PROTECTED] wrote: You probably also want to check somehow that page2.php is actually being called from page1.php and not by any other means. HTH Graham -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: 19 October 2004 10:26 To: Graham Cossey; [EMAIL PROTECTED] Subject: RE: [PHP] Help: Suggestions for multi page form validation If it's okay I'll throw out two more questions then. 1-Probably a silly question, but is a faux pas if I don't do client side [javascript] validations ? 2a- Textboxes - provided I'm not allowing special characters (only alphanumeric) does this alone protect me from things like sql injections ? 2b- Do selects (menus, dropdowns) need to be validated for string content. aka, can crafty hackers turn these into a way to enter some funky data ? Thank you , Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php