question about when to validate data

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Fri May 16, 2008 3:31 am

validation on client side makes it looks "nice", so thats of course to be implemented.
However client-side means it can be easily turned off or just passed by.

so thats where server side comes in.

Basically you should validate always where there is a risk data has been manipulated.
Basic rule to follow is: "Never trust user input".

So.. i would suggest making a "pretty" validation and notification in JavaScript, then if that validation passes do another one on the server side and redirect back with some url parameters so that you can show notifications about failed validation
Best Regards,
Alexej Kubarev
Zend Certified Engineer
Image Image
Post Reply