简体繁体 English

验证表单输入客户端（JS）与服务器端

[英]Validating Form Input Client-side (JS) Vs Server-side

原文 2011-02-04 20:37:36 6 6 php/ jquery/ validation/ forms

I'm making a form in a server using PHP, but I'm considering on using jQuery for the form submittion. 我正在使用PHP在服务器中制作表单，但是我正在考虑使用jQuery进行表单提交。

So, what option is better? 那么，哪种选择更好呢？ A PHP script that takes the form, validating stuff right there and sending messages when something is wrong, or a jQuery script that sends the form without reloading? 一个采用表格形式的PHP脚本，验证那里的内容并在出现问题时发送消息，或者是一个jQuery脚本而无需重新加载就可以发送表格？ What are the pros and cons? 优缺点都有什么？ Thank you beforehand! 预先谢谢你！

6 个解决方案

You should do both! 你们两个都应该做！

Server side validation is always more secure then on client site. 服务器端验证总是比客户端站点更安全 。

Client site validation is great for the usability because the user will get an instant feedback from the script if something went wrong. 客户端站点验证对于可用性非常有用，因为如果出现问题，用户将从脚本中获得即时反馈。 And the user don't have to send the data to the server first before he gets some feedback. 而且，用户在获得一些反馈之前不必先将数据发送到服务器。

I always put the validation on the server-side at a minimum as client-side logic is ultimately unreliable (what happens if someone disables javascript? Opens firebug to change things?). 我总是至少在服务器端进行验证，因为客户端逻辑最终是不可靠的（如果有人禁用javascript会发生什么情况？打开firebug进行更改？）。 I treat client-side validation as a bonus for UX. 我将客户端验证作为UX的奖励。 That's not to say you can't use something like the jQuery validate plugin to add client-side logic on top of it, but I wouldn't rely only on client-side logic. 这并不是说您不能使用类似jQuery validate插件的方法在其之上添加客户端逻辑，但是我不会仅依赖于客户端逻辑。

I've found myself becoming fond of the MVC famework from Microsoft because version 3 has very nice integration between the server-side validation logic and the jQuery validate plugin. 我发现自己喜欢Microsoft的MVC框架，因为版本3在服务器端验证逻辑和jQuery validate插件之间具有很好的集成。 Haven't looked in a while but there might be something like that in a PHP framework? 没一段时间，但是在PHP框架中可能有类似的东西吗？

Never trust the client. 永远不要信任客户。 Thus, JavaScript form validation can only be a plus, for user convenience, but never be your only validation mechanism. 因此，为了用户方便起见，JavaScript表单验证只能是一个加号，而决不是您唯一的验证机制。 With a bit of webdev knowledge you can work around JavaScript and send forms with data you like. 掌握一点Webdev知识，您就可以使用JavaScript并发送包含所需数据的表单。

JavaScript validation with informative messages can be a huge plus for users though, so you should definitely consider it as a user-level validation. 但是，具有信息性消息的JavaScript验证对于用户而言可能是一大优势，因此，您绝对应该将其视为用户级验证。

Also, remember there may be users who do not use JavaScript by default. 另外，请记住，可能有些用户默认不使用JavaScript。

I use both. 我都用。 For a validation example.. I will have a php function called "saveData()" and it would throw an exception if its missing some form data. 对于验证示例。我将有一个名为“ saveData（）”的php函数，如果它缺少某些表单数据，它将抛出异常。 On the other hand, if they have javascript enabled, they can submit the form and immediately find out if they are missing data, rather than reloading the page to find out. 另一方面，如果他们启用了javascript，则他们可以提交表单并立即查找是否丢失了数据，而无需重新加载页面来查找。

Assuming you mean to use javascript to validate and then send it serverside (which, as @pekka says, is a given), then you have as pro/con for jQuery/javascript this 假设您的意思是使用javascript进行验证，然后将其发送到服务器端（如@pekka所说，这是给定的），那么您具有jQuery / javascript的pro / con

pro: 优点：

quick and easy validation. 快速简便的验证。 You can do this per-field, not everything at once. 您可以按字段执行此操作，而不是一次执行所有操作。

con: 缺点：

some people still don't like extra/unneccesairy javascript in their pages. 有些人仍然不喜欢他们页面中的多余/多余的JavaScript。 But i don't think that's a big con. 但我认为这不是一个大骗局。

Client side validation has nothing to do with security . 客户端验证与安全性无关 。 Its purpose is only to improve performance to create a better user experience. 其目的只是为了提高性能以创建更好的用户体验。

Server side validation is all about security . 服务器端验证完全是关于安全性的 。

Any client side validation must be done on the server side (the other way around is not a must). 任何客户端验证都必须在服务器端进行（另一种方法不是必须的）。