--- Matt Grimm <[EMAIL PROTECTED]> wrote: > Is there a distinct advantage to doing form validation / error checking > on the server side using PHP?
Yes, security. Basically, I never think of it as client-side *versus* server-side. I think of it more like this: 1. Server-side data validation? YES 2. Client-side data validation? Maybe Client-side validation can save people from having to submit their data before realizing a problem. This does nothing for security, but it can be convenient for your users. Of course, this can be more annoying if there are several errors. In addition, I think it's very unprofessional to have a popup appear to display the errors. If you're going to do any client-side validation, you should do something more sophisticated than popping up a JavaScript error message. :-) But, no matter what, always validate data on the server. Otherwise, it's like being a teacher and having your students grade their own work; it only works when everyone is honest (and I can guarantee you that won't be the case on a public Web site). That's my opinion... Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
