|
|
Posted by 1001 Webs on 11/12/07 21:57
On Nov 12, 9:44 pm, Tim Streater <timstrea...@waitrose.com> wrote:
> In article <1194893219.052938.123...@i13g2000prf.googlegroups.com>,
> Andy Dingley <ding...@codesmiths.com> wrote:
>
> > On 12 Nov, 15:56, Tim Streater <tim.strea...@dante.org.uk> wrote:
> > > In article <1194880439.017332.232...@d55g2000hsg.googlegroups.com>,
> > > 1001 Webs <1001w...@gmail.com> wrote:
>
> > > > Neither XHTML nor JavaScript are required to design websites nowadays.
>
> > > OK, so how do I do data validation based on user input?
>
> > It's not a _requirement_. You can still do it purely server-side,
> > which you ought to support as a fallback anyway for both security and
> > accessibility reasons.
>
> Of more importance, actually, is the second question I asked, about
> modifying one <select> based on the results of another. In some cases I
> use Javascript all by itself, when the contents of the select are
> limited to a few values, and if, for example, the user choosing "A" in
> <select> 1 means they must be prevented from choosing "B" in <select> 2.
>
> Where I really need to restrict the contents of another <select> I put
> it in an iFrame, which is passed the results of <select> 1 and then
> displays <select> 2. I still have to use javaScript to ensure that the
> iFrame <select> is passed a useful parameter and so displays right
> subset of values.
>
> My app simply doesn't scale without this sort of technique.
>
> Which is why I complain when I see blanket statements like "JavaScript
> is not required to design websites these days".
And why do you have to use Javascript?
Client-side support for Javascript, as it happens with CSS
implementation, is inconsistent across browsers. Some browsers support
scripts very well and others bits and pieces or even nothing at all.
Furthermore, many people turns off Javascript, for security issues.
And hackers can disable your client-side checking in order to feed you
bad data. If you rely solely on client-side checking, you're bound to
get hacked eventually.
One big advantage to server-side validation is that you can use PHP,
which has a wide variety of functions and language features to help
you chop and change strings, check numbers are within ranges, and so
on.
If you use PHP, validation tasks are significantly simplified by the
PEAR Validate class, which provides ready-made methods for common user
validation tasks.
Furthermore, you can use PHP to connect to a database to check whether
a username exists, for example, which is simply impossible using
client-side scripting.
This download lists the more useful PHP validation tools and also
explains how you can use them to increase the overall security of your
Web applications.
http://downloads.techrepublic.com.com/download.aspx?docid=178272
Also read:
http://www.hudzilla.org/phpbook/read.php/7_7_3
Navigation:
[Reply to this message]
|