Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a lengthy form which heavily uses client-side validation (written in jQuery). To prevent users with disabled JavaScript submitting the form, I have included a hidden field which is populated with “javascript_enabled” value by jQuery. If JS is disabled in the browser, then the filed is left blank and the form will not be submitted.
The question is – is this enough and I should feel safe, or do I have to include a server side validation for every field too?
No. Client side validation is only here for the comfort of the user, not to protect your server.
All client side actions are easy for the user to change.
To protect your server you MUST add server side validation.