As a full-time Web programmer, with a keen concern for security, it should be pointed out that Javascript or client-side validation, should only be the first of two validations. Rule 1 of form validation is "trust no input." Javascript can be hacked into submitting nefarious or "tainted" input to the server where the real damage can be done. All user input should be checked or "untainted" server-side as well, especially when that data is being stored in a database (as most forms do). Javascript is great for that quick feedback to the user upon submission, avoiding the trip to the server, but it should never be trusted as the final filter.
Submitted by breadwild on Wed, 03/12/2008 - 03:52.
Hi, if I want to make sure the name field is only text and no special characters or the contact number contain only numbers and no spaces or so, how do one do that?
hi, i am new to spry and php forms but am trying to get a 'join mailing list' section on a website. 'enter email' and text box followed by submit button...
does this spry method allow a simple email to be sent (securely, although i dont mind if the email address is visible), containing the users email address? if so, do i then need an external php file to make this happen?
This tutorial is wonderful! I had built a registration page but didn't realize there were so many great options I could add to the text fields. Very easy to follow and the pictures made it even easier. Thank you!
I checked all over the net for a good Feedback form tutorial. This site was clear, to the point, and complete in its instructions. Thanks for the great effort. You are helping a lot of people.
Javascript validation security issues
As a full-time Web programmer, with a keen concern for security, it should be pointed out that Javascript or client-side validation, should only be the first of two validations. Rule 1 of form validation is "trust no input." Javascript can be hacked into submitting nefarious or "tainted" input to the server where the real damage can be done. All user input should be checked or "untainted" server-side as well, especially when that data is being stored in a database (as most forms do). Javascript is great for that quick feedback to the user upon submission, avoiding the trip to the server, but it should never be trusted as the final filter.
Form Validation
I thought your step-by-step tutorial was excellent and clearly written. Thank you
thank you
thank yo
Specify input
Hi, if I want to make sure the name field is only text and no special characters or the contact number contain only numbers and no spaces or so, how do one do that?
Validation works with Firefox?
I used spry to validate my forms. The forms validate in IE but not in firefox. Any idea why this would happen?
email
hi, i am new to spry and php forms but am trying to get a 'join mailing list' section on a website. 'enter email' and text box followed by submit button...
does this spry method allow a simple email to be sent (securely, although i dont mind if the email address is visible), containing the users email address? if so, do i then need an external php file to make this happen?
So helpful!
This tutorial is wonderful! I had built a registration page but didn't realize there were so many great options I could add to the text fields. Very easy to follow and the pictures made it even easier. Thank you!
Feedback Form Tutorial
I checked all over the net for a good Feedback form tutorial. This site was clear, to the point, and complete in its instructions. Thanks for the great effort. You are helping a lot of people.
Forms submit question
Can a form be set up so just those names or emails on a list are able to submit the information?