在哪里验证?客户端或服务器或数据库端
亲爱的开发人员,
只是为了项目的性能,在哪里验证数据?
假设我在数据库中有一个DATETIME列.
在这里,我可以放置CHECK约束来限制用户输入无效日期.
或者,我可以在客户端的javascript的帮助下进行验证.
或者我可以在服务器端进行验证.
最重要的是我的三个问题,
1.放置所有三个验证是否很好????
2.在DATABASE端进行验证然后再在Client端进行验证有什么用?
所有建议都是可以理解的..
Dear Developers,
Just for the performance of the project, where to validate the data??
Suppose i have a DATETIME column in the database.
Here i can put CHECK constraint to restrict the user to enter the INVALID date.
OR I can VALIDATE with the help of javascript at the client side.
OR I can VALIDATE at the server side.
Above all three my Questions are,
1. Is it good to put all three validations???
2. whats the use of validating at the DATABASE side then validating Client side?
All suggestion will be appreciable..
第一道防线是您的界面,因此您应该在控件上进行验证
1-首先使用Javascript当然会提高您的性能.
2-在您后面的代码中,您必须检查并验证数据.
3-您的防御的最后一行是您的数据库,如果有人不授权访问它,则将是灾难.
提示:与用户打交道时,他们会想象他们正在尝试破坏您的应用程序,因此您必须照顾好他们.
所以答案全部.
最好的问候
M.Mitwalli
Hi ,
The First line of defense is your interface so you should validate on the controls
1 - first using Javascript of course it will enhance your performance .
2 - in your code behind you have to check and validate in your data .
3 - the last line of your defense is your Database and it will be Disaster if someone not authorize reach to it .
Tip: your dealing with users imagine they are trying to destroy your application and you have to take care of them .
So the answer all .
Best regards
M.Mitwalli
所有人都有自己的重要性
参见
客户端验证在性能方面很好,但是如果用户禁用JavaScript,则不会进行验证.
通过服务器端验证,可以有更多的服务器返回行程,从而在客户端脚本可以在没有服务器的情况下完成验证的情况下,反过来又会使用更多资源并减慢站点速度.
所以
您需要同时进行这两个工作,客户端要提供更好的用户体验,服务器端要确保得到的输入是实际验证的,而不仅仅是客户端验证的验证.
数据库约束:使用它们还是丢失它们?
All have there own importance
see
Client side validation is good with respect of performance but if a user disables JavaScript, then no validation will occur.
With server side validation, there are more return trips to the server which in turns uses more resources and slows down the site when a client side script could have done the validation without the server.
So
You need to do both, client side to provide a better user experience, and server side to be sure that the input you get is actually validated and not just supposedly validated by the client.
Database Constraints: Use Them or Lose Them?
在客户端进行验证更好
因为如果您正在使用服务器端验证,则所有数据将被提交到服务器,然后将执行验证(这很浪费)
如果在数据库端进行检查,则还需要建立与数据库的连接,然后您就会知道格式错误.
和客户端验证会限制数据的提交,直到您输入正确的格式为止.
因此,请进行客户端验证.
-------
是的,用户有机会禁用javascript.
因此,请按照Uma sankar所说的两种方法进行操作,以更好地验证您的字段.
通过此链接,您将获得有关检查约束的一些信息
http://docs.oracle.com/cd/B19306_01/appdev.102/b14251/adfns_constraints.htm#i1006547 [ ^ ]
Validating on Client side is better
because if you are using server side validation then entire data will be submitted to server and then the validation will be performed(Which is waste)
If you check at database side then also you need to establish connection to database and then you will come to know that format is wrong.
and Client side validations restrict the submission of data until you enter correct format.
So go with Client side validations.
-------
Yes there are chances that a user can disable javascript.
So perform both ways as said by Uma sankar to get better Validation of your fields.
Go through this link so that you will get some info regarding check constraint
http://docs.oracle.com/cd/B19306_01/appdev.102/b14251/adfns_constraints.htm#i1006547[^]