Go Back   CodingForums.com > :: Client side development > JavaScript programming
Reload this Page Confusion regarding JavaScript form validation and its being turned off by end user

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 09-04-2011, 11:14 AM   PM User | #1
Maven000
New to the CF scene

 
Join Date: Feb 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Maven000 is an unknown quantity at this point
Question Confusion regarding JavaScript form validation and its being turned off by end user
Hello all, I am a student and new to JavaScript, my problem is I am willing to do JavaScript form validation for emails , text etc.
But on one of the forum I found out JS is not a very good way to do validation as JavaScript can be easily turned off by end-user and we shld always do server side validation also, but due to some concerns I want to stick to JavaScript (client side) validation.

My scenario is somewhat like I’ve a form and a button in it which on being clicked calls a JavaScript function that will validate the fields and then submit the form through form.submit();
  • So my question is if JavaScript is turned off on end user then with validation the end user will also be not able to submit the form as the form is being submitted in a JavaScript function (which is turned off)? If this is thn cool.
  • But is it somehow possible to hack this procedure, and one can skip the JavaScript validation but can still submit the form?

My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
Thankyou!
Maven000 is offline   Reply With Quote
Old 09-04-2011, 11:31 AM   PM User | #2
Philip M
Supreme Master coder!

 
Philip M's Avatar
 
Join Date: Jun 2002
Location: London, England
Posts: 17,036
Thanks: 197
Thanked 2,411 Times in 2,389 Posts
Philip M has a spectacular aura aboutPhilip M has a spectacular aura aboutPhilip M has a spectacular aura about
Quote:
Originally Posted by Maven000 View Post
But is it somehow possible to hack this procedure, and one can skip the JavaScript validation but can still submit the form?

My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
Thankyou!
Yes, it is perfectly possible. You must ALWAYS validate information to be included in a database server-side. It is asking for big trouble to rely on Javascript.

http://sbpoley.home.xs4all.nl/webmatters/formval.html
__________________

All the code given in this post has been tested and is intended to address the question asked.
Unless stated otherwise it is not just a demonstration.
Last edited by Philip M; 09-04-2011 at 11:48 AM..
Philip M is offline   Reply With Quote
Old 09-04-2011, 11:47 AM   PM User | #3
VIPStephan
The fat guy next door


 
VIPStephan's Avatar
 
Join Date: Jan 2006
Location: Halle (Saale), Germany
Posts: 7,602
Thanks: 5
Thanked 865 Times in 842 Posts
VIPStephan is a jewel in the roughVIPStephan is a jewel in the roughVIPStephan is a jewel in the rough
Quote:
Originally Posted by Maven000 View Post
My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
These concerns are easy to come around by properly programming the form processing script in the first place (PHP/MySQL sanitation, among others).
__________________
Don’t click this link!
VIPStephan is offline   Reply With Quote
Reply

Bookmarks

Tags
form, javascript, validation

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 05:39 PM.
Advertisement
Log in to turn off these ads.