1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:34 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

form validation

form validation

         

danilski

10:15 am on Jun 7, 2007 (gmt 0)

10+ Year Member



Guys, I have a form on html page, where validate the inputs of the form with javascript, and then post the form to a .php page, where the inputs are received using $_REQUEST method and inserted into MySQL database.

Is there any sequrity issue with that? Or must I use server side validation instead?

Any comments are hightly appreciated.

Yours,

Dan

Habtom

10:39 am on Jun 7, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hello,

The following should help you secure your system:

>> When you write into the database:
$message = unhtmlentities (addslashes (trim ($_REQUEST['message'])));

>> When you read from the database:
$message = stripslashes (htmlspecialchars ($_REQUEST['message']));

Habtom

dreamcatcher

11:32 am on Jun 7, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



where validate the inputs of the form with javascript

If all you are using is javascript, then a visitor can easily disable js in their browser and bypass your checking. You should always do a server side check as well.

dc

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:34 am May 2, 2026