Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

question about when to validate data

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Re: question about when to validate data

Postby Alexej Kubarev » Fri May 16, 2008 3:31 am

validation on client side makes it looks "nice", so thats of course to be implemented.
However client-side means it can be easily turned off or just passed by.

so thats where server side comes in.

Basically you should validate always where there is a risk data has been manipulated.
Basic rule to follow is: "Never trust user input".

So.. i would suggest making a "pretty" validation and notification in JavaScript, then if that validation passes do another one on the server side and redirect back with some url parameters so that you can show notifications about failed validation
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron