question about when to validate data

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Post Reply
User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2214
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Re: question about when to validate data

Post by Alexej Kubarev » Fri May 16, 2008 3:31 am

validation on client side makes it looks "nice", so thats of course to be implemented.
However client-side means it can be easily turned off or just passed by.

so thats where server side comes in.

Basically you should validate always where there is a risk data has been manipulated.
Basic rule to follow is: "Never trust user input".

So.. i would suggest making a "pretty" validation and notification in JavaScript, then if that validation passes do another one on the server side and redirect back with some url parameters so that you can show notifications about failed validation

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests