Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should you do validation on the server side?

Should you do validation on the server side, or is it ok to just do the validation on the client side?

@TheTXI

I am happy your amazed I just did not want to leave anything out that could potential change someone answer to give me false information.


It seems alot of people touched on what I was going after but the part of the Ajax should have been kept in my question as this was the most important part.

However reading the posts I know see that a bad person could just easily load up firebug and change my button to a submit button and do a post. Or some other way.

like image 468
chobo2 Avatar asked Jul 14 '09 14:07

chobo2


People also ask

Should validation be done client side or server-side?

In general, it is best to perform input validation on both the client side and server side. Client-side input validation can help reduce server load and can prevent malicious users from submitting invalid data.

Should input validations be done on the server?

Input validation must always be done on the server-side for security. While client side validation can be useful for both functional and some security purposes it can often be easily bypassed. This makes server-side validation even more fundamental to security.

Where should form validation be done?

You should always check the data in the backend. So, while providing frontend validation is nice in concerns of usability, it's totally not neccessary. Backend validation on the other hand is and it's the only way to have sane data.

Why do we need server-side validation?

With the help of server-side validation, we can get protection against malicious users. On the other hand, the user input validation that takes place on the client side is called client-side validation. Scripting languages such as JavaScript and VBScript are used for client-side validation.


1 Answers

Browser/client-side validation is a convenience. You cannot rely on it. You absolutely need to duplicate any client-level validation with server-side validation.

like image 197
cletus Avatar answered Oct 29 '22 13:10

cletus