PHP - Restricting Post Data At Client Side Failed
Solution 1:
If I were to write a book on web security, the title would be "Never Trust The Client".
You don't really control the client, so if javascript is turned off or someone puts together a custom query, or if a client just isn't behaving correctly, you could get bad data.
Client-side validation is an excellent tool from a user-interface point of view. It catches errors earlier and when properly implemented can lead to less frustration on the part of users.
As a security or policy-enforcement measure, client-side validation is useless. You have to check the data you actually receive on the server side, even if it means duplicating the work done on the client.
Solution 2:
When you do a validation with Jquery, client side, is better to replace it also on server side.
So on the script in PHP (I assume it form your tag) you can insert a second validation of the data.
This will keep sure the data are following your validation.
Post a Comment for "PHP - Restricting Post Data At Client Side Failed"