Is there a distinct advantage to doing form validation / error checking on the server side using PHP? That's how I've always done it because I know PHP better than _javascript_, but wouldn't it make sense to validate as much of your form as possible using _javascript_ before the form was ever posted? I'm just talking about the basics, like empty required fields, illegal characters, string lengths, etc.
I would shove off as much work as possible for the client to do on his/her machine and not bog down my server which could be busy serving pages/processing bigger and better things. Plus it also cuts down on bandwidth because you only send the form to the server if the _javascript_ checked everything and didn't find any errors. The downside is that you have to make sure the client has _javascript_ turned on otherwise your form authentication will not work and the code for your _javascript_ is available to the user to see and if you have any bugs in it then they can see and work around it.
I guess it would depend on the site you are planning to do the authentication on. If the site is not super busy, bandwidth is not an issue and your server is not pegged at 100% most of the time then I would suggest using PHP to validate your forms because it's "safer" since the client can not see your code and it doesn't matter if the user has _javascript_ turned on of off. Just my $0.02...
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
|
signature.asc
Description: This is a digitally signed message part
