0

So I am designing a HTML5 site and I have some data in textfields for example, "password" that I need to store into the database on the Apache server. So far I have designed a simple HTML5 site which is capable of passing data to a PHP script for the handling of server information.

If I plan to use Javascripts to implement login/registers, etc is it possible for the Javascript to parse data to my PHP script and will there be any security flaws involved by doing this? Is it also advisable/recommended to have my HTML5 page parse data directly to the PHP page for the handling of storage or are there better methods/means out there?

Improve this question
2
  • Anything the browser handles, the user has access to. That means that validating via Javascript is safe because you're simply imposing restrictions. But when doing security stuff, like comparing hashes, that interfaces with your database, which you do not want to give direct access to your user. Commented May 7, 2013 at 2:29
  • What about my understanding on the logic behind data parsing? Does HTML>JS>PHP>Server work? And is HTML>PHP advisable? Commented May 7, 2013 at 2:31

1 Answer 1

Reset to default
1

Using Javascript to pass the data back to the server is fine, but comes with a few caveats.

First off, you might want to consider a fallback for browsers that don't have js available.

Secondly, and much more importantly: Never trust the client. It's difficult to guarantee that data you receive on the server will have gone through all the checks in the browser. The simplest way to deal with it is to make any validation / cleaning that you do on the frontend in javascript also be done on the backend with PHP before you let anything hit your database.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.