On Jan 15, 2008 10:46 AM, Daniel Brown <parasane@xxxxxxxxx> wrote: > On Jan 15, 2008 10:38 AM, Richard Lynch <ceo@xxxxxxxxx> wrote: > > > > > > On Tue, January 15, 2008 9:02 am, Per Jessen wrote: > > > Nathan Nobbe wrote: > > > > > >> i think this ties into the thread tedd started a week or so ago > > >> about the best approach for collecting user data. > > >> it would be much easier to validate if there were 3 text input > > >> fields > > >> to collect the data, rather than 1, free-form field. > > > > > > I would stick to one date field with a simple javascript validation > > > (using a regex) at entry time followed by a semantic check that the > > > given day exists in the given month/year. > > > Of course, if you'd rather not use javascript, you could validate the > > > whole thing after POST. > > > > You have to validate after POST anyway; The JS can be bypassed/off. > > > > JS validation is eye-candy and reduces strain on the server by legit > > users. It is in no way, shape, or form to be considered actual > > validation of incoming data. > > I was going to say the exact same thing, almost verbatim. > > By only doing JavaScript validation, you're not guaranteed to get > the correct information from "smart" phones, Lynx users (some of us > still exist!), or a handful of other legitimate web surfers.... let > alone those who may choose to post to your form using cURL. >:-o and the best part is youre susceptible to attackers who want to inject invalid data into your script to see what they can break ;) -nathan
