因为以前是用js做验证,但是别人禁掉js那么不为空的验证就没效了,所以后台也要加不为空的验证
但现在大部分都使用了html5 required了
那么后台还需要做不为空的验证吗?
ringa_lee2017-04-17 11:52:36
Backend verification cannot be omitted at any time! !
In addition to what @JellyBool said above, the more important thing is that the request is not necessarily initiated from the browser, but may also be manually constructed by others (perhaps for bad purposes). If some important fields Without verification on the server side, it may become a vulnerability that can be exploited.
So never rely entirely on client-side verification, you should only use client-side verification as an auxiliary means.
大家讲道理2017-04-17 11:52:36
Never trust front-end data.
Never trust front-end data.
Never trust front-end data.
PHP中文网2017-04-17 11:52:36
Personally, I think it is still necessary. The simplest scenario is: if the user is using a lower version of the browser, such as IE8, can you ensure that the required feature of HTML 5 can take effect?
大家讲道理2017-04-17 11:52:36
Can installing a metal detector at the gate prevent gangsters?
Thugs can also climb in through the window
迷茫2017-04-17 11:52:36
The answer on the first floor is correct, the backend is the final guarantee
ringa_lee2017-04-17 11:52:36
The first floor is right, both the front-end and the back-end must have verification, because browsers below ie8 do not support html5. Moreover, front-end data is sometimes unreliable. Front-end verification is only an auxiliary means that can help relieve back-end pressure and provide a better user experience. Never rely solely on the front end to process data at any time.
天蓬老师2017-04-17 11:52:36
If you use node as the backend, there is basically no increase in workload. The verification libraries and statements are common to both the front and back ends. You can copy them directly from the front end to the back end and just change a little bit.
