Posted by Marcus Bointon on 05/10/05 19:57

On 10 May 2005, at 17:13, Alain Williams wrote:

>> Well, no-one said it was easy... but you don't have to do it for
>> every browser, because it can always fall back to server-side
>> validation (which you must do anyway when JS is unavailable). Client-
>> side validation is better for both the visitor (much faster) and the
>> server (reduced load). I've had a look at formsess (which does seem
>>
>
> Client side is nice because it makes things better for the user.
>
> Server side IS A MUST -- you CANNOT trust the end user machine, you
> HAVE to
> do server side validation even if it has been checked at the client
> end.
> Think of the cost of getting cr*p data into your database/... because
> something might not have been checked. A browser may have javascript
> switched off or be in the hands of someone malicious who wants to
> break
> your application.

Er... that's exactly what I meant.

Marcus
--
Marcus Bointon
Synchromedia Limited: Putting you in the picture
marcus@synchromedia.co.uk | http://www.synchromedia.co.uk

• Next in forum: Re: [SMARTY] SmartyValidate Javascript?
• Prev in forum: Re: [SMARTY] assign?
• Thread view: Re: [SMARTY] SmartyValidate Javascript?

[Reply to this message]