Form Validation
Moderator: General Moderators
Form Validation
which form validation method do you prefer - PHP or Javascript? both have cons and pros, but which do you use?
Javascript is client side. This means super fast validation and that the form will definately be valid when submitted. PHP validation is done on the server so It will validate input which was not validated because the client had javascript disabled. It also has the advantage of being able to use certain resources like MySQL and others.
Lastly even if you are successfully using javascript for validation you must still validate with PHP for security reasons.
What I don't like is when people do javascript validation with tacky pop up alerts. Personally I would use a hidden div. Then at least it is part of the page.
Lastly even if you are successfully using javascript for validation you must still validate with PHP for security reasons.
What I don't like is when people do javascript validation with tacky pop up alerts. Personally I would use a hidden div. Then at least it is part of the page.
just could you please explain this part? you don't like popup messages telling 'Email address is invalid'? why? also, how do you use that div?What I don't like is when people do javascript validation with tacky pop up alerts. Personally I would use a hidden div. Then at least it is part of the page.
Ok Ree! I hate pop up messages because it makes me feel like the webserver is controlling my browser and I am not the one in control. Have a look at my email validation test page. Enter an email address and then jump to the next cell. It checks the email address (onblur) but without a pop up alert. Try it to see what I mean but remember this is only a test so the layout is very basic.
As already posted, you ALWAYS have to do server-side validation.
1. Users may have JavaScript turned off
2. Malicious attackers could be directly feeding your server bad data, etc.
The number one rule of defensive web-programming: Never Trust the User! (Or things under his/her control.)
After you have your server-side validation working properly, if you can add on a client side one, that will help responsiveness concerns and is therefore a good thing, just don't rely on it.
1. Users may have JavaScript turned off
2. Malicious attackers could be directly feeding your server bad data, etc.
The number one rule of defensive web-programming: Never Trust the User! (Or things under his/her control.)
After you have your server-side validation working properly, if you can add on a client side one, that will help responsiveness concerns and is therefore a good thing, just don't rely on it.