Im currently working on a register form, and I decided to add some required fields, like email, password etc..
The only validation i want to do on the required fields is simply not null, so i used the required attribute inside of an input element.
Is this safe? Or do i need to use additional PHP validation?
A server side validation is better (if we can't even say needed), and it's really easy to make.
Here's an example if needed :
if(!empty($_POST['pseudo']) && !empty($_POST['password'])) {
//Prevent SQL injection (if you use DB here)
$pseudo = addslashes($_POST['pseudo']);
$password = addslashes($_POST['password']);
}
addslashes() isn't the best way but work on any DB engine, for example it's better to use mysql_real_escape_string() if you have a MySQL engine.
And the associated form :
<form method="post" action="#">
<label for="pseudo">Identifiant</label>
<input type="text" name="pseudo" required>
<label for="password">Mot de passe</label>
<input type="password" name="password">
<input type="submit" value="Connexion" required>
</form>
Using a webpage to send you a form is not the only way in form sending.
Someone can sends you forms with other devices or can skirt your required fields and send you empty data or undesirable data like PHP Injections.
You should make a server side validation.
It might be safe, as far as the most recent browser fully support the attribute. But I don't know what happen if someone use an old version of a browser, so if you're scared about that, a PHP validation won't be too much.
If you want a good example of a registration form, just ask me in private, I'll send it to you !
