Menu
I am building a website and I have a questions with forms on login/registration page. I have a few standard javascript validations on the login page. My questions is should I just disable the login button if javascript is disabled or should I keep PHP validations on the server side code?
Which is a better approach in terms of security? I am planning to keep login/registration button disabled and only enable it by javascript. That way I can avoid writing PHP side validation of the same JavaScript that is already there. Is it a secure way of doing it?
Thanks
566
Overall, use PHP. Javascript can be easily fooled and/or turned off entirely. At that point your server gets supplied with whatever Mr Malicious End User wants you to have, and you won't be stopping them.
Use PHP for validation, and if you want it to look fancy, put javascript on top. But ALWAYS server-side validate.
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
