How safe is it to do form validation via javascript?

Y

yosiaproger2019-10-28 22:04:41

PHP

yosiaproger, 2019-10-28 22:04:41

Hello! Recently I started to study the creation of sites and there was such a problem: is it safe to use javascript for form validation? After all, js code is in the public domain and everyone can see it. Also, can the user somehow change my js code? Maybe it's still worth doing validation through php?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

DevMan, 2019-10-28
@yosiaproger

validation must be done both on the client (for responsiveness, and there is nothing to drive invalid data over the network), and on the server (actually for verification).

A

Adamos, 2019-10-29
@Adamos

It is worth a priori to assume that your form is filled out not by a user on the site, but by a Chinese bot that does not launch any browser. And stupidly sending fields filled with whatever he wants to your server.
Accordingly, you can not rely not only on the fact that your scripts will check something there, but even on the seemingly given input restrictions, such as the fact that the result of this select can only be a number. Sooner or later it will turn out to be a SQL injection string, e.g.

A

Alexander Sukhanov, 2019-10-28
@xazbix

is it safe to use javascript for form validation?

Safe for what?
This validation only helps the user enter the data correctly.
Yes, and there somewhere is the receiver file of your form
No, of course, but it can send data to the receiver
If you write these data to a database or a document, then of course you need to.
And if you just throw it on soap, do it without fanaticism :)