Comments on: Unobtrusive PHP ? http://cssgallery.info/unobtrusive-php/ Resources for web developers Tue, 06 Jul 2010 15:11:07 +0000 hourly 1 http://wordpress.org/?v=3.0 By: norman784 http://cssgallery.info/unobtrusive-php/comment-page-1/#comment-2973 norman784 Wed, 13 May 2009 15:34:47 +0000 http://cssgallery.info/?p=326#comment-2973 But, the problem, if I have understand is, the HTMl can be changed with tools like firebug, and the validation will no longer secure regards But, the problem, if I have understand is, the HTMl can be changed with tools like firebug, and the validation will no longer secure

regards

]]> By: Niels Bom http://cssgallery.info/unobtrusive-php/comment-page-1/#comment-1544 Niels Bom Wed, 18 Feb 2009 17:03:38 +0000 http://cssgallery.info/?p=326#comment-1544 Well the problem you're trying to tackle is (imho) defining in only one location what a certain form element is supposed to deliver. And what validation rules it has to obey. My suggestion: hang it all on the input name 'email'. You can easily attach jQuery to that form element, don't need a class for that. Do the JS validation through AJAX and call the same serverside function to evaluate the validity of the emailadress. Then when the form is really submitted to the server the contents of the emailfield go through the same function. Well the problem you’re trying to tackle is (imho) defining in only one location what a certain form element is supposed to deliver. And what validation rules it has to obey.

My suggestion: hang it all on the input name ‘email’. You can easily attach jQuery to that form element, don’t need a class for that.

Do the JS validation through AJAX and call the same serverside function to evaluate the validity of the emailadress. Then when the form is really submitted to the server the contents of the emailfield go through the same function.

]]> By: david http://cssgallery.info/unobtrusive-php/comment-page-1/#comment-1089 david Wed, 04 Feb 2009 09:14:02 +0000 http://cssgallery.info/?p=326#comment-1089 How would you add multiple rules? This is also a security hole because a hacker only needs to change the fieldname to bypass validation rules. For js validation it doesn't matter because it's backed up by serverside validation. Another thing to keep in mind is that is you process the value using another (POST) variable you still have to return it to the original value in case of errors in the validation How would you add multiple rules?

This is also a security hole because a hacker only needs to change the fieldname to bypass validation rules. For js validation it doesn’t matter because it’s backed up by serverside validation.

Another thing to keep in mind is that is you process the value using another (POST) variable you still have to return it to the original value in case of errors in the validation

]]>