#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    204
    Rep Power
    3

    Is jquery validate plugin only secure?


    Im making a new site and php form validation takes so many time. So im wondering how secure a jquery validate validation only is?

    What if someone turns off javascript and if you do it jquery only do you still check and sanitize in php? Im curious about your anwsers.
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,113
    Rep Power
    9398
    Originally Posted by notflip
    do you still check and sanitize in php?
    Yes. The only point to using a Javascript validator should be to spare the user of having to reload the page to find out they made a mistake.

    Of the most important rules of web development is to never trust the client. Don't trust the browser, don't trust the user, don't trust the Javascript, don't trust the form data, and don't trust the uploads.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    what's also important to understand is that people don't even need to open your HTML pages in a browser to send requests. I can open cURL, telnet or whatever and send you any HTTP request I want. So validating data is only possible on the server. Anything before that has absolutely no effect on what I can or cannot do.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    9
    Rep Power
    0
    Using jQuery or any other client side script to validate user input is only really for usability, to make your visitors experience as nice as possible.

    Any validation MUST be done on the server side as it is the only way you can ENSURE the data is same and secure.

    Hope this helps,

    Leon.
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    204
    Rep Power
    3
    Originally Posted by revillwebdesign
    Using jQuery or any other client side script to validate user input is only really for usability, to make your visitors experience as nice as possible.

    Any validation MUST be done on the server side as it is the only way you can ENSURE the data is same and secure.

    Hope this helps,

    Leon.
    Thanks everyone for the answers! It's clear!
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    9
    Rep Power
    0
    Not a problem, let me know if you need any more help

    Leon.

IMN logo majestic logo threadwatch logo seochat tools logo