George Whiffen wrote: >>The best way to do this is server side with strlen(). You can use >>javascript or maxlength, but if a user wants to get around it, they can. >> >>---John Holmes... >> >> >> > >John, > >The best way to do this is with both. maxlength/Javascript as a courtesy, > strlen for security. > >As you say, you can NEVER rely on any kind of client-side check, all checks >must be done on the server side. So, it's tempting to skip client-side checks, >but making the user wait for server side execution before any checks are done >is actually very rude. Every time I see server-only checks for required fields etc., >I switch off and lose confidence in the site. > >George >
George, You are absolutely correct in your assertions. However, because it has become far too common for developers to rely completely on client-side checks (please only send me good data, mmmkay?), many people focus on educating others about the security implications involved. Personally, I stay away from javascript anyway, just because it usually looks cheap. :) Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
