Should I validate data in javascript and php?

Asked

Viewed 117 times

0

I have a file that sends some data to another page with ajax. These data are mostly numbers, and are not stored anywhere. Just picked up some data on inputs and send to the archive php with ajax, and then return these calculated values to the page.

first) Do I have to validate these values? For I valid them before with JS, but do I have to validate in php, even if only the returns to the main page?

2nd) We imagine that a person accesses this first page, or the second one directly with Curl, or something like that. It sends the method post, and returns the values of the calculations. Suppose she doesn’t have these calculations, and she goes to my page to get them... I would not want that to happen, for that, what I can do not accept that the person sent a direct request to either of the two pages. Or is there no possibility?

  • 1

    On the 2, impossible to block, can only complicate a little. How to protect an Ajax request - and there are more posts talking about item 2 than that. It is suggested that in the next questions do not mix two different subjects, which increases the chance of good answers, and then each answer can be given by a person who understands separately from each subject as well.

2 answers

2

1) Always validate data!

2) Study more about protection CSRF. If you want to prevent robots from accessing this page directly, then I suggest you put a CAPTCHA.

1

Always validate a user’s data entry on the server side, in your case, with PHP.

Do not rely only on the client-side part, with Javascript. This part is merely visual and aid for navigation and usability. It is also important, but still needs to validate on the server because nothing prevents data from being sent by other means than a conventional web browser.

  • Daniel, it is possible to block the sending of robots if they try to send directly by post?

  • 1

    About bots, you usually use captcha. You obviously also need to have CSRF "basic protection": http://answall.com/questions/116490/o-que%C3%A9-attack-csrf-and-what-damage-it-can-cause

Browser other questions tagged

You are not signed in. Login or sign up in order to post.