I want to preface this question by saying I know that client side validation is always necessary, but I want to know this anyway.
Assume the following:
I have a form
<form id="update_form" action="/App/appManage/" method="post">
<input name="data[test]" value="1" type="text" id="AppModified"/>
</form>
And a submit button OUTSIDE of the form.
<a id="update_button" class="btn btn-primary btn-medium">Update</a>
This button submits via the following Jquery:
<script>
$(document).ready(function() {
$("#update_button").click(function() {
$("#update_form").submit();
});
});
//Form Validation
$("#update_form").validate({
rules: {
"data[test]": "required"
},
messages: {
"data[test]": "Please enter a value for this field"
}
});
</script>
There is no ajax involved.
If a user disables javascript and clicks the update button no action takes place. (tested)
If the user hits enter in any of the fields on the form, it does not submit the form (tested)
If the user has javascript enabled and clicks update and the input field is left blank they are not able to submit the form and a message flashes under the field asking you to please fill it out (tested)
On submit the form saves the value entered in the input field to my database.
My question is:
How can someone get a blank value for that field in my database?
P.S. I know there is probably a way, but I want to know what it is! I don't know what to know how to improve my code, or be told that I should be using server side validation to ensure that it's not blank before inserting the record into my database, simply what a malicious user would do verbatim to circumvent my code here.
Just so everyone knows, through a friend I discovered another way to circumvent this type of validation. You can just create the submit element yourself in firebug and submit the form with the field blank like that.