Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Basic PHP Website (2018) Adding a Basic Form Validating Form Data

James Barrett
James Barrett
13,253 Points

Is there need for such validation?

Hi,

In my own project, I have created Javacript validation for the input fields. Will the server side validation for input be necessary? I have included the PHP validation for ensuring that there are no spam bots as this was useful to me.

Thanks, James.

2 Answers

Benjamin Larson
Benjamin Larson
34,055 Points

Hi James -

While the amount of security precautions you take is somewhat dependent on the kind of data you are handling and the measures you are willing to take, it is always a good idea to have some kind of server-side validation. As you pointed out, there are many spam bots, malicious programs and users with less than cordial intent who can easily bypass different forms of client-side validation. It's still a good idea to keep the client-side validation, however, as it improves the user experience for those legitimate users, while reducing round-trips to the server.

James Barrett
James Barrett
13,253 Points

Thanks for your answer! So with regards to my project, I have name, email, password and more. Will it be necessary to validate those on the server? Or is using a hidden field like Alena does in the video a good enough practice to use?

Benjamin Larson
Benjamin Larson
34,055 Points

Are you storing that data in a database? I'm assuming yes, since you've mentioned a password field. If that's true, you'll want to check out Hampton Paulk's course: PHP & Databases with PDO when you've finished the "Build a Basic PHP Website" course.

The short answer is "yes". Hampton will show you some easy ways to filter input with some existing PDO functions that are now included in PHP.