Posted by Advo on 10/17/06 08:42

Gordon Burditt wrote:
> >Basically, im redesigning a form page on our website.
> >
> >Currently the user submits the form, it does a few javascript checks
> >and either submits to the "processstuff.php" page, or gives the user a
> >JS error message.. where they have to go back and fill the details in.
>
> Remember, spammers, bots, viruses, and other nasties tend not to
> use Javascript. And anyone can turn it off.
>
> >Im trying to optimise and make this form/page as best as it can be.
> >
> >Do you think it would be a better idea to continue using JS or use JS
> >then submit to the php page(where it checks some other details(postcode
> >validation) and submits, or just solely use php validation?
>
> You *MUST* use php validation for security. Javascript is useful
> for excluding users who refuse to turn it on or don't know how to
> turn it on, and it can make the page a bit friendlier.

Yea i get what you mean and see why its needed really.

This is how im thinking it should go in my head:

user submits form > JS checks If valid > next page, if not valid > go
back(msgbox), THEN send form variables to php processing page (store as
session) > Perform php validation > if false, return to the page and
put the session variables in the form fields so they dont need to fill
it in all again?

That about right?

[Back to original message]