ASP 101 - Active Server Pages 101 - Web05
The Place ASP Developers Go!



Windows Technology Windows Technology
15 Seconds
4GuysFromRolla.com
ASP 101
ASP Wire
VB Forums
VB Wire
WinDrivers.com
internet.commerce internet.commerce
Partners & Affiliates
ASP 101 is an
internet.com site
ASP 101 is an internet.com site
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash



 Top ASP 101 Stories Top ASP 101 Stories
Connections, Commands, And Procedures
What is ASP?
VBScript Classes: Part 1 of N

QUICK TIP:
Connection Pooling lightens the load
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates


Quick Tips


Always Validate Input On The Server

In order to obtain an immediate response to incorrect form input, many developers employ client-side scripting. While this is a great tool and should certainly be employed where applicable, it's no substitute for good server-side validation.

Suppose a particlarly obstinate user doesn't like your validation code. What's to stop them from disabling javascript in their browser? They can then submit whatever they like and your validation code will never run.

Let's take this scenario to the next level. You decide to modify your form to use the OnClick event of your submit button in order to submit the form. At first, this would appear to solve the problem by requiring client-side script execution in order to even get the data to the server, but does it really? Nope... not only have you now upset all your users who don't have client-side scripting enabled, you haven't solved the fundamental problem. There's nothing to stop our crafty hypothetical user from saving the HTML source of your form, modifying it to do whatever they want, and then using their browser to submit it back to your server!

So the lesson here is... use server-side validation for everything that's important. Client-side validation works great as an additional check and to provide clients with a richer web experience, but when it comes down to it you can never really tell what's being sent to your server unless you take the time to look.


Previous      Show All Tips      Next

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.


Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback

Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers