As a full-time Web programmer, with a keen concern for security, it should be pointed out that Javascript or client-side validation, should only be the first of two validations. Rule 1 of form validation is "trust no input." Javascript can be hacked into submitting nefarious or "tainted" input to the server where the real damage can be done. All user input should be checked or "untainted" server-side as well, especially when that data is being stored in a database (as most forms do). Javascript is great for that quick feedback to the user upon submission, avoiding the trip to the server, but it should never be trusted as the final filter.
Submitted by breadwild on Wed, 03/12/2008 - 03:52.
Hi, if I want to make sure the name field is only text and no special characters or the contact number contain only numbers and no spaces or so, how do one do that?
Javascript validation security issues
As a full-time Web programmer, with a keen concern for security, it should be pointed out that Javascript or client-side validation, should only be the first of two validations. Rule 1 of form validation is "trust no input." Javascript can be hacked into submitting nefarious or "tainted" input to the server where the real damage can be done. All user input should be checked or "untainted" server-side as well, especially when that data is being stored in a database (as most forms do). Javascript is great for that quick feedback to the user upon submission, avoiding the trip to the server, but it should never be trusted as the final filter.
Form Validation
I thought your step-by-step tutorial was excellent and clearly written. Thank you
thank you
thank yo
Specify input
Hi, if I want to make sure the name field is only text and no special characters or the contact number contain only numbers and no spaces or so, how do one do that?