NYCPHP Meetup

[Analysis & Solutions]

Hi Jim:

On Fri, Jul 19, 2002 at 10:44:12AM -0400, Jim Hendricks wrote:
> > You still need to do validation on the server anyway, so now you're
> > maintaining two code bases.
>
> I disagree.  If there is a validation to be done on the client, I do it
> there, no form
> processing will allow submit without the data having been validated.

So, what's keeping me from saving your HTML to disk, editing it to remove
the Java'sCrap validation, refreshing, entering bogus data that'll mess up
your system into the reworked form and then submitting the form?  
Nothing.  Even if you do referrer checking, I can forge that.  In short,
if you want security, data must be validated on the server.


> > Then, if the user has Java'sCrap turned off or not present, are they even
> > able to submit your form.  I've seen plenty of forms that won't.
>
> Haven't had a user complain yet, and I own my own software dev company in
> which we have produced a number of web apps that use javascript.

Perhaps because they figure it's not worth doing business with such a 
firm.  I certainly don't.


> > But they all fall flat on their face when JS is off/unavailable, making
> > your site unusable.
>
> True, but if the client wants to get rid of the page redraw & associated
> delay
> during validation, then you WILL do JS and let the client know that the app
> will not work with JS turned off.

Nope.  If a firm doesn't trust my professional judgement, we're not meant 
to be doing business together.

--Dan

-- 
               PHP classes that make web design easier
        SQL Solution  |   Layout Solution   |  Form Solution
    sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY     v: 718-854-0335     f: 718-854-0409