I was wondering if it is really necessary to validate in both JS and

Question

0

Asked: May 16, 20262026-05-16T07:33:50+00:00 2026-05-16T07:33:50+00:00

I was wondering if it is really necessary to validate in both JS and

0

I was wondering if it is really necessary to validate in both JS and PHP?
I have my submit button with JS document.myform.submit()sending with PHP POST to the same page.
If a user disables JS he can not send the form anyway.
So I wanted to ask about security, can someone send the variables in another way bypassing the javascript? How would they do this?
And if they can, the answer if I should validate in PHP as well would be YES, right?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T07:33:50+00:00

yes, someone can send the variables using urllib2 in python for instance. This is very easy to do. If you are only going to do one set of validations, do it server side. doing it client side is nothing more than a courtesy to your users.

as an example of how easy it is:

import urllib2

variables = {'variable1': value1, 'variable2': value2}
urllib2.urlopen('http://yoursite.com/index.php/yourform', variables)
# your form has now been spoofed.

Adding headers and cookie management to spoof any user agent is just as trivial

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I was wondering if it is really necessary to validate in both JS and

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply