PHP - 服务器端验证 - 这是一个好方法吗？
I have done extensive client-side validation through the help from jQuery. Now come to the server side validation, if I found some fields are not valid, can I simply return an error to client and without any useful message?
Does my understanding make sense to you?
< The following message is appended based on comments from many experts here > I am sorry that I didn't mention my question clearly here. I always do server side validation b/c I should not trust any user input.
However, my point here is that whether or not I should pass the server side error message to the user. Since, if a user uses my form and submits the form to server PHP, there should never be an invalid field. If such thing happens, then I assume that some hackers are playing with my PHP. So I would like to ignore them.
The major reason why I try to avoid passing the server side error messages back to client is that I didn't find a better solution to do so. I have posted several related questions here without good suggestion or examples.
< --- END ---- >
6条回答 默认 最新
- 已采纳 dongyan1899 2010-08-06 20:27点赞 评论 复制链接分享
- doubi4617 2010-08-06 20:22
Client side validation is only for users that actually use your site. Spam-bots, etc can easily omit it, so there always should be validation at the server site. When validation error is occurred a message should be sent back to user, that informs what is wrong.
Never use only client side validation. It can be only an extras.点赞 评论 复制链接分享
- dtcaw02086 2010-08-06 20:24
- dpevsxjn809817 2010-08-06 20:25
I always send a useful error message back. You will likely need a way for the server to report other error conditions anyway (database errors, etc.).点赞 评论 复制链接分享
- duanli12176 2010-08-06 20:28
You should always always have server-side validation.
I would suggest you to have a look at:
The client side validation is always a good idea and you should go for it but server-side validation should be a must and good coding practice.点赞 评论 复制链接分享
- doudou20080720 2010-08-06 20:35
Validation of anything on the client is only useful to help your users catch mistakes like "oh, you didn't give us a Last Name, please go fill that in". Someone such as myself can simply send any request I desire what-so-ever to your server, be able to deal with it, or be ready to deal with a potentially corrupted database and a CD-Rom of your customer's CreditCard numbers floating around Estonia.
Having the server reply with the form depends on how your structure your code-- eg, if it's ajax or whatever. But reporting the problem is always nice to have.点赞 评论 复制链接分享