...

View Full Version : Confusion regarding JavaScript form validation and its being turned off by end user



Maven000
09-04-2011, 11:14 AM
Hello all, I am a student and new to JavaScript, my problem is I am willing to do JavaScript form validation for emails , text etc.
But on one of the forum I found out JS is not a very good way to do validation as JavaScript can be easily turned off by end-user and we shld always do server side validation also, but due to some concerns I want to stick to JavaScript (client side) validation.

My scenario is somewhat like Iíve a form and a button in it which on being clicked calls a JavaScript function that will validate the fields and then submit the form through form.submit();


So my question is if JavaScript is turned off on end user then with validation the end user will also be not able to submit the form as the form is being submitted in a JavaScript function (which is turned off)? If this is thn cool.

But is it somehow possible to hack this procedure, and one can skip the JavaScript validation but can still submit the form?


My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
Thankyou!

Philip M
09-04-2011, 11:31 AM
But is it somehow possible to hack this procedure, and one can skip the JavaScript validation but can still submit the form?

My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
Thankyou!

Yes, it is perfectly possible. You must ALWAYS validate information to be included in a database server-side. It is asking for big trouble to rely on Javascript.

http://sbpoley.home.xs4all.nl/webmatters/formval.html

VIPStephan
09-04-2011, 11:47 AM
My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)

These concerns are easy to come around by properly programming the form processing script in the first place (PHP/MySQL sanitation (http://www.krio.me/cleaning-php-input-variables-before-mysql-insertion/), among others).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum