Home/ Questions/Q 6012159
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T02:21:48+00:00

When my form loads on the page, the submit button is disabled by default.

  • 0

When my form loads on the page, the submit button is disabled by default. Is it possible for a user to submit the form with this submit button disabled? (Either maliciously or by accident.)

I ask because I have the form information being validated by Javascript upon submit, but I of course am validating the information in my PHP script. That being said, do I need to really validate that information on the server side? The submit button becomes enabled via Javascript. So, if a user disables JS (thus getting by the JS validation), can they even submit the form? My guess is no, but I am looking for a firm answer.

If the answer is no, then I don’t really need to do the PHP validation because the user CANNOT get by the JS validation, correct?

Thank you!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A user can bypass a disabled submit button, and any client side restrictions for that matter. There is no such thing as client side security. To deal with hackers, you must always put your validation on the server side. Client side validation is just for appearances.

    To be specific, they could bypass the disbaled submit button in the following ways:

    • Enabling it via a JavaScript console (e.g Firebug)
    • Enabling it via editing the DOM.
    • Just sending an HTTP request directly without using the form
    • 0