[jQuery] Re: Validation: Which and why...
I'm thinking now that I'll use jQuery validation methods from the start which can make the form more interactive and interesting. If the form validates within jQuery then I'll pass it to my php validation method. In this case, I'll use to php to re-validate the form under stricter criteria and employ a "honeypot" in php, an invisible field that usually only a bot would fill out. Why not just use php validation, though, and echo jQuery from within my php? I suppose the answer would be that using only jQuery validation form start will be much faster and more "fun". Once the form validates and is ready to submit it's passed along to the php validation which is a bit slower but is secure.
[jQuery] Re: Validation: Which and why...
I'm thinking now that I'll use jQuery validation methods from the start which can make the form more interactive and interesting. If the form validates within jQuery then I'll pass it to my php validation method. In this case, I'll use to php to re-validate the form under stricter criteria and employ a "honeypot" in php, an invisible field that usually only a bot would fill out. Why wouldn't just use php validation, though, and echo some jQuery from within my php? I suppose the answer would be that using only jQuery validation form start will be much faster and more "fun". Once the form validates and is ready to submit it's passed along to the php validation which is a bit slower but is secure.
[jQuery] Re: Validation: Which and why...
I've updated the Goals section a bit: http://docs.jquery.com/Plugins/Validation/Reference#Goals Jörn On Wed, Jan 7, 2009 at 11:24 PM, Tristan Burch wrote: > > It seems like a good idea to to both. That way if the user does have > JavaScript disabled, there is still validation on the server side. > > On Wed, Jan 7, 2009 at 1:47 PM, Will Anderson > wrote: > > > > I choose to validate from PHP because of a couple things. > > > > 1. It's more secure because nobody can see my PHP code, but they can > > see my jQuery code. > > 2. If the user has JavaScript disabled, or for some other reason the > > jQuery is unable to validate the code, it will still be validated. > > > > On the other hand, validating with jQuery can be a bit faster, so as > > long as security isn't a big concern, it can be a good choice as well. > > > > Hope this helps, > > Will > > > > On Jan 7, 4:43 pm, Nikola wrote: > >> I am wondering what the relative advantages / disadvantages are of > >> validating purely in php vs. in jQuery. > > >
[jQuery] Re: Validation: Which and why...
It seems like a good idea to to both. That way if the user does have JavaScript disabled, there is still validation on the server side. On Wed, Jan 7, 2009 at 1:47 PM, Will Anderson wrote: > > I choose to validate from PHP because of a couple things. > > 1. It's more secure because nobody can see my PHP code, but they can > see my jQuery code. > 2. If the user has JavaScript disabled, or for some other reason the > jQuery is unable to validate the code, it will still be validated. > > On the other hand, validating with jQuery can be a bit faster, so as > long as security isn't a big concern, it can be a good choice as well. > > Hope this helps, > Will > > On Jan 7, 4:43 pm, Nikola wrote: >> I am wondering what the relative advantages / disadvantages are of >> validating purely in php vs. in jQuery. >
[jQuery] Re: Validation: Which and why...
Great information, I have some very strong ideas of when and how I'll impliment jQuery and php validation now. Thanks much, Nikola
[jQuery] Re: Validation: Which and why...
> I am wondering what the relative advantages / disadvantages are of > validating purely in php vs. in jQuery. Neither is a replacement for the other, so using both is the best solution. Client-side validation with jQuery lets you give the user feedback without requiring a page reload. That tends to be less jarring for the user. You can also often autofill or autocomplete some fields using ajax based on information the user gives in real time. Server-side validation is the only way to guard against attacks like SQL injection and cross-site scripting, and it is also the last-ditch check in case the user had Javascript enabled.
[jQuery] Re: Validation: Which and why...
I like to implement all my validation logic server side and to make it more userfriendly I like to ajax my forms and send the validation errors back as json. I know this might not be the prefered method for some but it means you only have to write your validation code in one language. (because as Will mentioned you absolutley must do server side validation) It also means you can validate things like usernames and email properly, eg they have to be unique so you can check the database :). Cheers, Cam On Thu, Jan 8, 2009 at 2:08 PM, Nikola wrote: > > Thanks for the info, I was thinking along the same lines but wasn't > altogether sure.
[jQuery] Re: Validation: Which and why...
Thanks for the info, I was thinking along the same lines but wasn't altogether sure.
[jQuery] Re: Validation: Which and why...
I choose to validate from PHP because of a couple things. 1. It's more secure because nobody can see my PHP code, but they can see my jQuery code. 2. If the user has JavaScript disabled, or for some other reason the jQuery is unable to validate the code, it will still be validated. On the other hand, validating with jQuery can be a bit faster, so as long as security isn't a big concern, it can be a good choice as well. Hope this helps, Will On Jan 7, 4:43 pm, Nikola wrote: > I am wondering what the relative advantages / disadvantages are of > validating purely in php vs. in jQuery.