依赖 HTML 'required'用于简单的表单验证 [英] Relying on HTML 'required' for simple form validation

问题描述

我的问题很简单，我正在使用 HTML、PHP 和 jQuery 为我的网站编写一个简单的登录/注册表单.

My question is simple, I'm writing a simple login/registration form for my website using HTML, PHP and jQuery.

当我可以在每个输入上使用 HTML-s required 标签并使用 PHP 检查用户名可用性和密码匹配时，是否也需要在 PHP 中编写表单验证?

Is it neccesary to write the form validation in PHP also when I could use HTML-s required tag on each input and use PHP to check for username availability and password match?

我认为在后端也进行验证是一种很好的做法，但 HTML 中的必需"函数似乎可以解决所有这些问题?这是否容易被误用，仅依靠 HTML 进行简单表单验证的一般缺点是什么?

I believe it is good practice to also have a validation in the back-end but it would appear that the 'required' function in HTML takes care of all that? Can this be misused easily, what are the general drawbacks of solely relying on HTML for simple form validation?

推荐答案

是否也需要用 PHP 编写表单验证

Is it neccesary to write the form validation in PHP also

您永远不能依赖任何形式的客户端验证.它总是可以绕过的.

You can never depend on any form of client side validation. It can always be bypassed.

人们可能正在使用不支持 HTML 5 验证属性的浏览器，或者可能使用 DOM 检查器来删除它们.

People might be using browsers that don't support HTML 5 validation attributes, or might use a DOM inspector to remove them.

可以通过关闭 JavaScript 轻松绕过 JavaScript 解决方案.

JavaScript solutions can be trivialy bypassed by turning off JavaScript.

可以复制/粘贴、编辑表单，然后从用户拥有的页面提交.

Forms can be copy/pasted, edited and then submitted from a page owned by the user.

HTTP 请求可以手动构建，无需靠近表单.

HTTP requests can be constructed by hand without going near a form.

等等.等

只能为方便用户而提供客户端验证.对您系统的保护只能在服务器端处理.

Client side validation can only ever be provided for the convenience of the user. The protection of your systems can only be handled server side.

这篇关于依赖 HTML 'required'用于简单的表单验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！