client and server validation

[ringo747]

hi,

im writing a cms for uni project and just looking for some info on validation.

I was thinkin of using ajax for real-time client side validation. Is this probably the best technology to use? cms will be written in PHP.

I'm not very sure about what takes place on server validation though. Surely client side validation will ensure validity of data unless parameter values are hacked or suchlike. Anybody advise me on how to go about server validation?

I'm currently looking into preventing sql injection attacks etc.

Thanks in advance.
Jonny

 

[ringo747]

Hackers won't use your pretty site to send data. They'll fire off HTTP requests filled with evil stuff. So check on the server; use client-side javascript checking to reduce server load caused people who've just made typos etc - this also makes things easier for them, as they don't need to wait for a page load.

thanks for that. is server validation just checks to ensure that the data sent is of a valid type and is stripped off all /\'" characters?

 

[ringo747]

I'd rather have a Javascript alert than have an entire page refresh and probably lose some of the values I entered - password fields, for example

yeah for sure. I need to include ajax somehow in my cms so client side validation is probably the best opportunity to show it off. I could be wrong though im only a newb to thing stuff!

Thanks for the help guys.