Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If I have a form, say a simple contact me form with inputs for name, email, message, etc. And I have the form set to submit using Ajax after the JavaScript validation has returned true on all inputs.
Do I still need to validate the inputs using PHP? If JavaScript is turned off, how could the form still submit? And if the form can’t submit because the JavaScript is off, how could that cause any harm?
It’s best to do validation at server-side as end-user can do more than just turn on/off JavaScript.
As JavaScript is available at client-side, a malicious user can alter the client-side validation to make malicious inputs pass the client-side validation.
It’s always better to trust inputs that are server-side validated than trusting users to not alter JavaScript behavior.