• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL

Chapter 13. Form Data Validation > Putting It All Together

Putting It All Together

Before you run off and plug <cfform> and <cfinput> into all your templates, there are some other details that you should know:

  • Not all browsers support JavaScript. Most newer ones do, but there still are older ones out there. Browsers that don't support JavaScript will generally ignore it, enabling your forms to be submitted without being validated if only client-side validation is used.

  • You should combine the use of JavaScript validation with server-side validation. These will never fail validation if the browser does support JavaScript, and if the browser doesn't, at least you have some form of validation.

  • Don't rely solely on automatically generated server-side validation (via embedded hidden fields). Clever hackers could quite easily remove those hidden fields and submit your form without server-side validation.

  • The JavaScript code can be quite lengthy. This will slightly increase the size of your Web page and thus the time it takes to download it from your Web server.

  • Mix and match validation types. Use <cfinput> and use it to generate multiple validation types, the more validation you do the safer your applications will be.

  • Manual server-side validation is your last defense. Regardless of the validation options used, it's safest to always use manual server-side tests (either using <cfparam> or <cfif> statements). If you are using <cfinput>, users will never get caught by those tests, so you may not need to even worry about prettying up the error messages. But for that mischievous user who just wants to find a way in, manual server-side validation is your last defense.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint