Quote:
|
Originally Posted by Hunch
Yeah, I got what you were trying to say. I just didn't see the distinction in the same way as you described. There are cases where PHP may not need validation (e.g. prepared statements) or Javascript really should (e.g. untrusted "black box" database connector). My point was just that it's impossible to make such blanket statements about any language. Everything is subject to the context in which its used.
|
In this case I'd disagree. It's pretty obvious that server side code should be tested while, client side is there merely to prevent a legitimate user from failing to complete a form. Anything client can be tampered with, therefore testing client side is a waste for protection, end of story.