smc Posted July 3, 2007 Share Posted July 3, 2007 Hey everyone, I'm diving into client side scripting and I'm wondering if I should validate variables in both PHP and JS or if it is only needed in the JS? I'm not aware if a user can 'hack' their way around it by putting it in the URL or by other means. Thanks! Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted July 3, 2007 Share Posted July 3, 2007 I would validate in PHP as well. Some users don't have javascript enabled in their browser, so if that fails, you are going to need something to fall back on. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 3, 2007 Share Posted July 3, 2007 JS would be fine for verification, but ultimately you want the validation on the page that cannot be manipulated. I can create a script that would post to your script which would then bypass the jscript validation system. Use javascript to Verify, and PHP to validate as that is where the data cannot be altered anymore before database insertion. Quote Link to comment Share on other sites More sharing options...
Caesar Posted July 3, 2007 Share Posted July 3, 2007 I would do some simple initial checking in the JS...and then include a PHP function that will cleanse & validate any user input before it is used. Quote Link to comment Share on other sites More sharing options...
smc Posted July 3, 2007 Author Share Posted July 3, 2007 Alright thanks for your input! Quote Link to comment Share on other sites More sharing options...
True`Logic Posted July 3, 2007 Share Posted July 3, 2007 JS can be hacked several ways.. simplest is url inject (in the address bar type like.. javascript:void(cookie="VAR=VALUE") doesn't always work, depends on how you set up the code.. the point is, it's always best to use php over javascript, in my opinion you should get rid of the JS completely and go pure php (in validating/handling data) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.