Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Feb 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Confusion regarding JavaScript form validation and its being turned off by end user

    Hello all, I am a student and new to JavaScript, my problem is I am willing to do JavaScript form validation for emails , text etc.
    But on one of the forum I found out JS is not a very good way to do validation as JavaScript can be easily turned off by end-user and we shld always do server side validation also, but due to some concerns I want to stick to JavaScript (client side) validation.

    My scenario is somewhat like I’ve a form and a button in it which on being clicked calls a JavaScript function that will validate the fields and then submit the form through form.submit();

    • So my question is if JavaScript is turned off on end user then with validation the end user will also be not able to submit the form as the form is being submitted in a JavaScript function (which is turned off)? If this is thn cool.
    • But is it somehow possible to hack this procedure, and one can skip the JavaScript validation but can still submit the form?


    My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
    Thankyou!

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,252
    Thanks
    203
    Thanked 2,557 Times in 2,535 Posts
    Quote Originally Posted by Maven000 View Post
    But is it somehow possible to hack this procedure, and one can skip the JavaScript validation but can still submit the form?

    My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
    Thankyou!
    Yes, it is perfectly possible. You must ALWAYS validate information to be included in a database server-side. It is asking for big trouble to rely on Javascript.

    http://sbpoley.home.xs4all.nl/webmatters/formval.html
    Last edited by Philip M; 09-04-2011 at 12:48 PM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #3
    The fat guy next door VIPStephan's Avatar
    Join Date
    Jan 2006
    Location
    Halle (Saale), Germany
    Posts
    8,877
    Thanks
    6
    Thanked 1,035 Times in 1,008 Posts
    Quote Originally Posted by Maven000 View Post
    My primary concern is not to let pass any malicious or improper data (sql-injections, poorly formatted strings etc. to the server db)
    These concerns are easy to come around by properly programming the form processing script in the first place (PHP/MySQL sanitation, among others).


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •