Do your sites rely on javascript and/or cookies to work right?

[DomainMiner.com]

J/W.

 

[Bob]

I use cookies extensively, especially on sites where you have to "Log In". it is a lot easier (for me at least) to do it this way rather than passing variables in the hyperlink or hidden form fields.

I do not abuse cookies. Typically, I will only store the userid so it can be read and then looked up in a database to get any info I need about the user. All of my cookies are destroyed when the user shuts down the browser.

-Bob

 

[AhmedF]

Cookies a lot .. if you look around on php.net, you can find the header file so that IE6 [on default settings] will accept your cookie.

I stay away from javascript ... and use it only for imageovers.

 

[Bob]

Originally posted by AhmedF
I stay away from javascript ... and use it only for imageovers.

I use JavaScript only for Form Validation. I also do form validation on the PERL / PH level too. Yes, this is double kill, but JavaScript validation is a LOT quicker. But if for some reason the user does not allow JavaScript on their browser, the PERL / PHP script will do the validation as well.

-Bob

 

[NameGuy]

Originally posted by Bob
I also do form validation on the PERL / PH level too.

I always do this because someone can get the source for your page, modify it by taking out the clientside javascript validation, and then submit crap into your database to corrupt it.

I also commonly use this function when adding stuff to database fields because users may embed script that will be executed when you display the values in a web page.

function safehtml($str) {
      //nuke script and header tags and anything inbetween
       $str = preg_replace("'<script[^>]*?>.*?</script>'si", "", $str);
       $str = preg_replace("'<head[^>]*?>.*?</head>'si", "", $str);
       
       //listed of tags that will not be striped but whose attributes will be
       $allowed = "br|b|i|p|u|a|block|pre|center|hr";
       //start nuking those suckers. don you just love MS Word's HTML?
       $str = preg_replace("/<((?!\/?($allowed)\b)[^>]*>)/xis", "", $str);
       $str = preg_replace("/<($allowed).*?>/i", "<\\1>", $str);

       return $str;
}

More handy "safe" functions are here:
http://us4.php.net/strip_tags

 

[.com.net.org]

from your title, I don't think it's wise to rely on JavaScript / Cookie for your site to work right.

 

[darrenl]

I use sessions because then it doesn't store a cookie.

 

[sponk]

Originally posted by Darren06
I use sessions because then it doesn't store a cookie.

same here
But I'm thinking of using cookies in the near future as I want to implement an affiliate program into my site.