I have done extensive client-side validation through the help from jQuery. Now come to the server side validation, if I found some fields are not valid, can I simply return an error to client and without any useful message?
My assumption is that the user has to enable JavaScript in order to access my webpage. The user will not see the form if the web browser disabled the JavaScript. I can simply use noscript to do that. If they submit the information through the form I designed, there should be no invalid field submitted to server. Thus, if I found any invalid field in server side, then my form is corrupted by some hacker rather than some regular users.
Does my understanding make sense to you?
< The following message is appended based on comments from many experts here > I am sorry that I didn't mention my question clearly here. I always do server side validation b/c I should not trust any user input.
However, my point here is that whether or not I should pass the server side error message to the user. Since, if a user uses my form and submits the form to server PHP, there should never be an invalid field. If such thing happens, then I assume that some hackers are playing with my PHP. So I would like to ignore them.
The major reason why I try to avoid passing the server side error messages back to client is that I didn't find a better solution to do so. I have posted several related questions here without good suggestion or examples.
< --- END ---- >
Thank you
