Hi Tee, What John is saying is that AJAX is JavaScript yes, but it can also make calls to the server (using the XMLHttpRequest object) thus it validates using server-side technologies such as PHP. But what is misleading is that validation using AJAX can be disabled quite easily simply by disabling JavaScript rendering a nice big security hole. That is where the true server-side validation must double-check.
Actually, as Mike said you can and should use both. Server-side validation makes the user wait, so using JavaScript is a good thing as it is reactive and keeps the user informed as to what is going on. If you are interested, I wrote a small JS library that may be of use to you. It is a plug'n'play like JS file to automagically validate basic forms which is totally unobtrusive and promotes separation of concerns. To add extra fancy AJAX stuff is a matter of overriding a class and implementing your specific needs. I've still got a bit of work to do on it, but you can certainly get an idea. The url is: http://www.onegeek.com.au/articles/programming/javascript-form-validation.php I'd be happy to help you if you need, just shoot us through an email. Cheers, Matt On 2/12/08, Mordechai Peller <[EMAIL PROTECTED]> wrote: > > tee wrote: > > Hi, I have a question about server-side vs client-side validation. I > > always use a same PHP form script that works really great and it's > > server-side validation using condition and requirement, and I like the > > feature better than client-side's. A website I was working on, client > > wants client-side validation, something fancy, something Ajax. I like > > to stick with this form script because it has a great support for > > anti-spam; I suppose I can turn off the server-side validation if > > client-side validation is used, but I am concerned with the > > accessibility issue - I am particular curious how screen readers treat > > client-side validation. > > As important as accessibility is, there is an issues many times more > important which is relevant to your question: security. Unless you > implement sever-side validation (either in addition to client-side, or > instead of), neither yours, nor your visitors data is safe. For example, > via SQL injection your database can become an open book to a cracker. > > > ******************************************************************* > List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm > Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm > Help: [EMAIL PROTECTED] > ******************************************************************* > > ******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************
