验证JSP和HTML表单，服务器端还是客户端或两者？ [英] Validating JSP's and HTML Forms, Server-side or Client-side, or both?

问题描述

我知道我可以通过谷歌的HTML表单验证并获得10亿个教程。我很清楚我可以使用简单的JavaScript来验证表单输入，但我被告知这不一定是一种有效的方法。我也听说验证客户端和服务器端代码是最佳实践。好！那么，除了在两者上编写代码之外，这意味着什么呢？这是否意味着我使用JavaScript和其他Servlet进行了一些操作，还是这意味着我在两者上都编写了相同的验证方法？

我真正的问题是，任何人都可以告诉我如何验证我的HTML表单。我使用的是JSP和Servlet，而且我有大量的表单验证。

我已经用Java中的正则表达式进行了小的表单验证，但是想要弄清楚Im在我写更多的代码之前，我会在正确的轨道上前进。

请仅提供有效的答案，如果我想对我缺乏经验的负面反馈，我会去Reddit。

谢谢！

解决方案

需要验证，因为您不能依赖客户端验证。用户可以禁用，绕过或更改它。

客户端验证非常方便，因为它已经占用了一些服务器负载，并且在用户必须等待服务器

没有客户端的服务器没问题，没有服务器端的客户端是不允许的。

您如何在服务器端进行验证真的取决于您。现有的图书馆可以帮助你，但是正则表达式也很好。请仔细阅读为什么需要验证，所以您不要忘记检查是否存在可能的攻击。<​​/ p>

客户端验证同样适用。 JQuery验证模块相当不错，但你可以自己写，没问题。

I am aware that I can Google "HTML Form Validation" and would get a billion tutorials. I am well aware that I can use simple JavaScript to validate form input, but I have been told that this is not necessarily an efficient method. I have also heard that it is a best practice to validate both client and server-side code. OK! Well, What exactly does this mean besides writing code on both? Does it mean I do some with JavaScript and other with Servlet's or does it mean that I write identical validation methods on both?

My real question is can anybody give me insight and direction as how to go about validation my HTML forms. I am using JSP's and Servlet's and I have tons of form validation to do.

I have already done minor form validation with regex in Java, but want to figure out if Im heading in the right track before I write any more code.

Only productive answers please, If I wanted negative feedback on how inexperienced I was, I would have gone to Reddit.

Thanks!

解决方案

• Serverside validation is needed because you cannot rely on clientside validation. Users can disable, bypass or change it.
• Clientside validation is handy because it already takes some load of the server and it alerts the user on common mistakes before he has to wait for the server to reply.

Serverside without clientside is ok, clientsite without serverside is a no-no.

How you validate on the serverside is really up to you. There are existing libraries out there that help you, but regexes are fine too. Do read up about why you need to validate, so you don't forget to check against possible attacks.

Same thing goes for clientside validation. The JQuery Validate module quite nice, but you can write your own, no problem.

这篇关于验证JSP和HTML表单，服务器端还是客户端或两者？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！