So is it safe to validate form on client-side only?

Question

Of course, I know that server-side validation is a MUST.

I\'m using jQuery to validate form inputs and using jquery ajax to do server-side(PHP) va

Answer 1

My rules are fairly simple...

1. If you care about your data, then you must validate on the server.
2. If you care about your user experience, then you must validate on the client.

Answer 2

No, it is not safe. You should always validate your data on the server side, after the form has been submitted. Client-side validation and AJAX validation before submitting the form are only enhancing the user experience, by providing quicker feedback on invalid data. Both client-side validation and AJAX pre-submit validation do not and can not protect you from a maliciously crafted form submission. Attackers and abusers usually don't even use a browser in order to submit data to your server.

Answer 3

Since javascript is readable for any visitor, and easily editable with the newest browsers, anyone with a bit programming skills can bypass your javascript validation in no time. So you should validate on the server side also, always.