-2

I am validating all the $_POST fields dynamically. The issue is that visitors can change the name attribute to anything else using Inspect Element and submit the form and the validation will not happen. Like, if the client changes the name attribute from email to a random word, validation will not happen for that field. How can i prevent this. I have to get all the all the post fields dynamically though 

<input type = "text" name = "email[0]">
<input type = "text" name = "aphabets[1]">
<input type = "text" name = "numbers[1]">

foreach ($_POST as $key => $value) {
foreach($value as $k => $v){
if ($key[$i] === "email"){
email($v);
}
if ($key[$i] === "numbers"){
required($v);
}
}
}
function email($v){
//validate email
}
function required($v){
//validate email
}
chris85
  • 23,846
  • 7
  • 34
  • 51
Manu
  • 81
  • 9

2 Answers2

1

You cannot trust the client to tell you what the validation rules are. This includes data you send to the client and want to get back unmodified.

That said…

visitors can change the name attribute to anything else using Inspect Element and submit the form and the validation will not happen

If they change the name to something that you are not expecting to process, then it doesn't make any sense to process it.

have to get all the all the post fields dynamically though

Why do you have to get all the fields?

If the field name doesn't match the pattern you expect, then as well as not knowing how to validate it, you don't know what else to do with it.

It isn't a field that you wrote a form to ask for. Why should you accept it at all?

It is invalid input into your system. Ignore it or throw an error back to the browser.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • No. For it to be possible you would have to trust the data coming from the client and you don't. – Quentin Sep 05 '15 at 22:03
-2

Use can use jquery, Jquery validate plugin and many more..

Davinder kumar
  • 147
  • 2
  • 11