Page 1 of 1

PHP validation better then java script ?

PostPosted: Thu Sep 25, 2008 5:06 am
by jack1983
Hi,
I use PHP validation for my sites it is better then java script validation ?

Re: PHP validation better then java script ?

PostPosted: Fri Sep 26, 2008 9:52 am
by Daeva
Ideally, you should use both. The PHP validation is necessary. Here are several scenarios.
Functional:
I'm browsing your site and filling out your form, but I have Javascript disabled (or i'm attempting to gain access to your site, or hack it so I did this on purpose).
-In this case, if you lack PHP validation, you're going to get junk data in your database or you're going to compromise your users (look-up: Sql Injection).
I'm browsing your site and filling out your form, with Javascript enabled, but you don't have php validation.
-Lets say you make a mistake in the Javascript, or you haven't accounted for XSS (Cross site Scripting). This will again leave you vulnerable.
I'm browsing your site and filling out your form, with Javascript enabled and you have PHP validation.
-Best scenario. Regardless of whether or not the user has Javascript enabled your PHP validation will catch it.

In addition to that, the Javascript validation will make the user's life easier because you can provide them with visual feedback before they click the submit button, which will save them from an unnecessary postback. Red asterisks next to invalid fields, message boxes, etc...