[SOLVED] Validate in JS and PHP?

[smc]

Hey everyone,

 

I'm diving into client side scripting and I'm wondering if I should validate variables in both PHP and JS or if it is only needed in the JS? I'm not aware if a user can 'hack' their way around it by putting it in the URL or by other means.

 

Thanks!

[pocobueno1388]

I would validate in PHP as well. Some users don't have javascript enabled in their browser, so if that fails, you are going to need something to fall back on.

[per1os]

JS would be fine for verification, but ultimately you want the validation on the page that cannot be manipulated. I can create a script that would post to your script which would then bypass the jscript validation system. Use javascript to Verify, and PHP to validate as that is where the data cannot be altered anymore before database insertion.

[Caesar]

I would do some simple initial checking in the JS...and then include a PHP function that will cleanse & validate any user input before it is used.

[smc]

Alright thanks for your input!

[True`Logic]

JS can be hacked several ways.. simplest is url inject (in the address bar type like.. javascript:void(cookie="VAR=VALUE")

 

doesn't always work, depends on how you set up the code.. the point is, it's always best to use php over javascript, in my opinion you should get rid of the JS completely and go pure php (in validating/handling data)