Re: checking user input of MM-DD-YYYY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 15, 2008 10:46 AM, Daniel Brown <parasane@xxxxxxxxx> wrote:

> On Jan 15, 2008 10:38 AM, Richard Lynch <ceo@xxxxxxxxx> wrote:
> >
> >
> > On Tue, January 15, 2008 9:02 am, Per Jessen wrote:
> > > Nathan Nobbe wrote:
> > >
> > >> i think this ties into the thread tedd started a week or so ago
> > >> about the best approach for collecting user data.
> > >> it would be much easier to validate if there were 3 text input
> > >> fields
> > >> to collect the data, rather than 1, free-form field.
> > >
> > > I would stick to one date field with a simple javascript validation
> > > (using a regex) at entry time followed by a semantic check that the
> > > given day exists in the given month/year.
> > > Of course, if you'd rather not use javascript, you could validate the
> > > whole thing after POST.
> >
> > You have to validate after POST anyway; The JS can be bypassed/off.
> >
> > JS validation is eye-candy and reduces strain on the server by legit
> > users.  It is in no way, shape, or form to be considered actual
> > validation of incoming data.
>
>    I was going to say the exact same thing, almost verbatim.
>
>    By only doing JavaScript validation, you're not guaranteed to get
> the correct information from "smart" phones, Lynx users (some of us
> still exist!), or a handful of other legitimate web surfers.... let
> alone those who may choose to post to your form using cURL.  >:-o


and the best part is youre susceptible to attackers who want to inject
invalid data into your script to see what they can break ;)

-nathan

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux