View Single Post
  #10 (permalink)  
Old October 18th, 2006, 02:25 PM
Imar's Avatar
Imar Imar is offline
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi Rit,

Maybe you missed the point from my previous post? If you use client side validation, you *also* need server side validation. You should see client side validation as a courtesy to the user only. It would be too easy to disable client side script (or construct my own form) and upload an .exe file instead of a .jpg file. This could be a potential security risk.

So, use client side validation to make your users happy; you'll prevent them from uploading incorrect files by mistake. Use server side validation to make sure the stuff that is being sent to your server matches your expectations.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Sweet Release by Tindersticks (Track 5 from the album: Can our love...) What's This?