Ashley Sheridan wrote:
Bit of advice though, don't use Javascript to submit a form. Firstly,
Javascript isn't available on all browsers, and on those it is available
on, not everyone has it turned on. The W3C has the stats for Javascript
being unavailable in a browser at about 5%.
Yup.
Just the other day a company lost my business because after registering
for their web site, the login form did not work w/o JavaScript.
Interesting that the registration form itself did.
A freaking login form that had nothing but an e-mail address, password
field, and a button that was not a standard submit button, but a html
button elements with a JavaScript event attached to it.
There was no valid reason for them to require JavaScript for that, I do
not mind allowing JavaScript for local server if the site is of value to
me but the fact that they used JavaScript for a submit button in a form
that had two very standard fields told me that they did not know what
they are doing, indicating they probably did not have their site
properly protected from XSS injection, and I'm not going to white list a
web site that I have reason to suspect may not have proper server side
protection against XSS injection.
My guess is they don't even have a web master but are using some cms
that autogenerates everything for them, which probably means any input
validation is rather weak.
Use JavaScript when it is the best tool for the job. It is not the best
tool for form submission. Client side form validation, sure - it's nice
for catching problems before the user submits so he doesn't have to
submit again, but not for the submit action itself.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
