in my html form there are two fields for password, one password and other confirm password. If the first password field does not match the second password field than do not submit the form to the database.
Asked
Active
Viewed 331 times
-2
-
1If you don't want to add the values to the database, then I guess the "answer" is to not add the values to the database. I imagine you'd want to write some code to check the values and perform the validation logic accordingly. – David Jun 25 '15 at 19:49
2 Answers
0
This is kind of a long shot since I don't know what your code looks like but this is a javascript example of disabling the submit button until passwords match.
var pass1 = document.getElementById('p1');
var pass2 = document.getElementById('p2');
if(pass1.value == pass2.value)
{
document.getElementById("enableButton").disabled = false;
}
else {
document.getElementById("enableButton").disabled = true;
}
Spade
- 591
- 3
- 20
-
I can not recommend this type of verifications to be only executed via javascript. There are quite many users disabling javascript by using browser-plugins etc. - please always add a final validation step on the server-side. Of course, this javascript-validation can help providing a better user-experience. – dhh Jun 25 '15 at 20:19
-
@dhh I agree 100% in the end you must verify with a server side language as well like PHP if you want to block against malicious attempts, but this is just for an example! – Spade Jun 25 '15 at 20:20
0
Without knowing anything about your code - you should (could) do two things:
Verify that both passwords are the same via JavaScript on client side. That will bring up a better user-experience as you are able to display an error message / disable the form submission when the passwords are not the same. But please consider - many users still have disabled javascript by default, so that can not be the only validation.
Verify that the passwords are the same in PHP / Server-side code. How exactly you would achieve that depends on your scripting languages / architecture.
There are some in-depth discussions out there regarding password / authentication best-practices: this discussion or this cheat-sheet at owasp or this one in the php faq. Please take the security fundamentals mentioned there into account, too.
