Home > Back-end >  When making a form, what's the difference between required in html and checking it later in php
When making a form, what's the difference between required in html and checking it later in php

Time:01-27

I'm new to web development and I don't know whether it's better to check that user filled out all the fields in a form by using "required" or to check it later using php with empty() and then return user to the front page. What are the upsides and downsides of each method?

I tried both of them and the only difference I could think of is the "Please fill out this field" box when using the html way.

CodePudding user response:

The bottom line here is that your server-side code cannot cannot trust anything it receives from the client-side.

A web application receiving a HTTP request has no way of knowing whether that request came through a user-interface where some validation was applied to the data before sending, or if someone modified that user interface to remove some checks (which is easy in a browser if you have a little knowledge of the Developer Tools), or if (for example) it came from some sort of bot firing requests directly at your server, or if someone simply opened up PostMan and made the HTTP request by hand.

Therefore, in terms of security and validation, you must implement server-side validation and security procedures if you want to ensure the security and validity of your application and its data.

Client-side validation is great for improving the user experience and performance of your application (so that the user doesn't have to wait for a round-trip to the server before they get feedback on the validity of data they are trying to submit), but since it easily can be bypassed or disabled you cannot rely on that alone to protect your application.

CodePudding user response:

Setting required in html tells users that a field is required and prevents someone from accidentally submitting a form with an empty field. However, people can still send the form with a missing field manually, by creating a request outside of a browser. The PHP should be able to handle that, though it can be as simple as returning an error.

In general, you should use client-side validation like required to tell users what to do, and server-side validation to prevent unintended behavior by bypassing the client.

CodePudding user response:

It is necessary to check the accuracy of the data sent to the server, so you must set conditions for it in the server, so that invalid data is not entered into the database. But it is better to have controls in html, this work has made the server not to constantly check and reject a wrong request, so use both of them together.

CodePudding user response:

Those are both necessary for making a secure and robust app. That is front-end and back-end validation.

The front-end validation makes it so the user cannot accidentally fill unwanted data into the fields shown. That ensures that users are using the app as intended.

The back-end validation makes sure that the values that are coming in are always values that are expected. What makes this different is that people can bypass front-end validation quite easily, and thus they will abuse this by inserting bad data in your app which can break your whole app completely.

  • Related