Quote:
|
Originally Posted by Hunch
What needs to be validated by PHP?
|
Every user input into a database must be validated/processed. What if my chosen name is 'Delete * from *' ?
From a security perspective you would need encode/stripslashes etc before you inserted your 'name' into the database, regardless of what your intended use for it would be. Else you would potentially allowing malicious code which could destroy your data, hijack your server etc.
...
Regardless of security or not, the only way you would be able enter data into your database would be through PHP, not Javascript.