View Single Post
  #10 (permalink)  
Old October 18th, 2006, 02:25 PM
Imar's Avatar
Imar Imar is offline
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts

Hi Rit,

Maybe you missed the point from my previous post? If you use client side validation, you *also* need server side validation. You should see client side validation as a courtesy to the user only. It would be too easy to disable client side script (or construct my own form) and upload an .exe file instead of a .jpg file. This could be a potential security risk.

So, use client side validation to make your users happy; you'll prevent them from uploading incorrect files by mistake. Use server side validation to make sure the stuff that is being sent to your server matches your expectations.


Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Sweet Release by Tindersticks (Track 5 from the album: Can our love...) What's This?