Home/ Questions/Q 8808247
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T02:34:27+00:00

all. I want to share some issue that happen in my code. I have

  • 0

all. I want to share some issue that happen in my code. I have a HTML form that posted and saved to mysql database using php. I give a validation form if the total of data isn’t 100, it can’t posted. I do this restriction in client side or HTML using javascript.
something like this :

$("#submit").click(function(event) {

                    var total_I     = $("#total_I").val();
                    var total_III   = $("#total_III").val();
                    var total       = 0;
                    /* stop form from submitting normally */
                   if($("#eval-form").validate().form())
                   {

it works perfectly when we do some test plan. But when this website is launched and accessed approximately 500 user in a time, there is some data that have data less than 100 saved in database.
My question is, How to overcome this problem? Is there any method to restrict this condition better ?
first, thanks to your answers

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I were to write a book on web security, the title would be “Never Trust The Client”.

    You don’t really control the client, so if javascript is turned off or someone puts together a custom query, or if a client just isn’t behaving correctly, you could get bad data.

    Client-side validation is an excellent tool from a user-interface point of view. It catches errors earlier and when properly implemented can lead to less frustration on the part of users.

    As a security or policy-enforcement measure, client-side validation is useless. You have to check the data you actually receive on the server side, even if it means duplicating the work done on the client.

    • 0