I've built a registration form, and I have implemented the jQuery Validation plugin by JÖRN ZAEFFERER, including stylizing the error messages with CSS, I want now to add a layer of PHP to validate a second time, in case JS is turned off then following that I will run the data through security : hash/salt/encryption etc, before inserting the data into a mySql table, then writing a program to get the account verified by email as part of the sign up process.
I'm self-taught so can anyone with more experience explain the best practices with this process. Questions I have are : Where should the PHP go, embed in the html file, in a seperate php file which the form action = "" submits to, or in an include file? What are the best practices as regards security, if I'm using a salt or a hash or an encrytion function should that be in an include file? The final question is : Is jQuery validation a waste of time, would it be better just to do it with PHP, if you do both, does the PHP embed itself in a HTML file or is it better for security to put it elsewhere.
This is the first time I've done this, but it's just simply taking input putting it in the database securely, verifying by email, and then logging in the new user to then go and use the website.
I'd love to know best practices to begin with, so if there are any good articles on the web, please link me to them.
Thanks
Ant Power
