Skip to content

Add Server-Side Form Validation

Description:
Currently, the form only validates input on the client side using JavaScript. However, client-side validation can be bypassed, leading to potential security risks and incorrect data submission. Server-side validation in PHP should be implemented to ensure all submitted data meets the expected formats.

Steps to Reproduce:

  1. Open the form.
  2. Disable JavaScript in the browser.
  3. Enter invalid data (e.g., incorrect email format, empty fields).
  4. Click the "Submit" button.
  5. The form submits without validation.

Expected Result:
The server should validate all submitted data and return appropriate error messages if the input is incorrect.

Actual Result:
The form accepts any input if JavaScript is disabled.

Possible Solution:

  • Add PHP validation functions, such as filter_var($email, FILTER_VALIDATE_EMAIL) for email and regex for name fields.
  • Display error messages within the form.
  • Implement protections against SQL injection and XSS attacks.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information