validation to insert data into DB

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

beginner2php
New php-forum User
New php-forum User
Posts: 1
Joined: Fri Aug 10, 2012 2:18 pm

validation to insert data into DB

Postby beginner2php » Fri Aug 10, 2012 2:34 pm

Hi,

Actually I'm confused a little between usage of client side and server side validation. Do i use client side validation to check if a required field is left blank or of a valid format then use server side validation to escape special characters then inserting into the database?

if that's the case, what if i wanna insert an email into a database, and javascript validation passed and it's a valid email, should i use a further server side validation? real escape characters or filter_var to check again if it's valid?or simply i get the value in the text field and process to the database once it passed the client side validation?

Thx

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: validation to insert data into DB

Postby johnj » Sun Aug 12, 2012 5:56 am

Honestly you should use both. Client side validations are there to help a genuine user to enter the right data. Server side validations are mostly there to protect the server from malicious users.

...what if i wanna insert an email into a database, and javascript validation passed and it's a valid email, should i use a further server side validation?...

YES. if it passed js validation that means we have helped the user to enter the right data. We still need server side validations to protect the server/application from malicious users.


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest

cron