jQuery vs PHP validation considerations

Question

I use jQuery to validate data. Submit only happens when everything is ok. Obviously, it is processed by PHP to inject into my database.

Is jQuery validation enough? Do I have to validate it again with PHP script. Is it possible for users to bypass jQuery validation? What should I do to make it secure and safe?

You can never trust client-side validation. **ALWAYS** validate server-side. Client-side validation is easy to bypass and should only be used for convenience for the user. — John Conde, Mar 07 '14 at 02:36
I would not even consider doing client-side validation. If anything like that, i would use Ajax. — Hunter Mitchell, Mar 07 '14 at 03:22
More information: http://stackoverflow.com/questions/162159/javascript-client-side-vs-server-side-validation — Jeroen Vannevel, Mar 08 '14 at 11:58

score 0 · Answer 1 · edited May 23 '17 at 12:10

0

Client side validation should only be used to enhance the users experience i.e. present them with errors straight away rather than having them notified of the errors after submitting. A user can manipulate the JavaScript validation or even turn it off.

You need to always do validation on the server.

JavaScript: client-side vs. server-side validation

edited May 23 '17 at 12:10

Community

1
1

answered Mar 07 '14 at 02:42

row1

5,498
3
44
69

jQuery vs PHP validation considerations

1 Answers1