依靠HTML'required'进行简单的表单验证 [英] Relying on HTML 'required' for simple form validation

问题描述

我的问题很简单，我正在使用HTML，PHP和jQuery为我的网站编写简单的登录/注册表单。

是否需要编写表单在PHP中进行验证，当我可以在每个输入中使用HTML-s必需标记并使用PHP来检查用户名可用性和密码匹配吗？

我相信这是一种很好的做法在后端也有验证，但是看起来HTML中的'required'函数会处理所有这些？这可能会被轻易滥用，单纯依赖HTML进行简单表单验证的一般缺点是什么？

解决方案

是否需要在PHP中编写表单验证

你永远不能 em>任何形式的客户端验证。它总是可以被绕过。

人们可能使用不支持HTML 5验证属性的浏览器，或者可能使用DOM检查器将其移除。

通过关闭JavaScript，JavaScript解决方案可以被忽略。

表单可以被复制/粘贴，编辑，然后从用户拥有的页面提交。

HTTP请求可以手动构建而不用靠近表单。

等。等等。

只能为了用户的方便而提供客户端验证。只能在服务器端处理您的系统的保护。

My question is simple, I'm writing a simple login/registration form for my website using HTML, PHP and jQuery.

Is it neccesary to write the form validation in PHP also when I could use HTML-s required tag on each input and use PHP to check for username availability and password match?

I believe it is good practice to also have a validation in the back-end but it would appear that the 'required' function in HTML takes care of all that? Can this be misused easily, what are the general drawbacks of solely relying on HTML for simple form validation?

解决方案

Is it neccesary to write the form validation in PHP also

You can never depend on any form of client side validation. It can always be bypassed.

People might be using browsers that don't support HTML 5 validation attributes, or might use a DOM inspector to remove them.

JavaScript solutions can be trivialy bypassed by turning off JavaScript.

Forms can be copy/pasted, edited and then submitted from a page owned by the user.

HTTP requests can be constructed by hand without going near a form.

etc. etc.

Client side validation can only ever be provided for the convenience of the user. The protection of your systems can only be handled server side.

这篇关于依靠HTML'required'进行简单的表单验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！