Never try and prevent SQL injection solely by JavaScript. What happens if I turn JavaScript off? Your validation fails instantly. What happens if I modify your JS and remove the keywords you are preventing me from injecting?
Always validate it against the server.
More Related Contents:
- How can I prevent SQL injection in PHP?
- SQL injection that gets around mysql_real_escape_string()
- Why is using the JavaScript eval function a bad idea?
- What are good ways to prevent SQL injection? [duplicate]
- SecurityError: Blocked a frame with origin from accessing a cross-origin frame
- JavaScript: client-side vs. server-side validation
- Mongoose and multiple database in single node.js project
- Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?
- Examples of SQL Injections through addslashes()?
- Sanitize/Rewrite HTML on the Client Side
- Are Parameters really enough to prevent Sql injections?
- How does Content Security Policy (CSP) work?
- Detecting if a browser is using Private Browsing mode
- How to read a HttpOnly cookie using JavaScript
- What are “top level JSON arrays” and why are they a security risk?
- Leaderboard ranking with Firebase
- Where to save a JWT in a browser-based application and how to use it
- Cross-site AJAX requests
- Unsafe JavaScript attempt to access frame in Google Chrome
- JSON security best practices?
- How to prevent html/JavaScript code modification
- Is there some way I can “join” the contents of two javascript arrays much like I would do a join in SQL
- CSRF protection with CORS Origin header vs. CSRF token
- Safe value must use [property]=binding after bypass security with DomSanitizer
- What MySQL drivers are available for node.js? [closed]
- Check if a file exists locally using JavaScript only
- Chained Select Boxes (Country, State, City)
- How to secure the JavaScript API Access Token?
- Adding X-CSRF-Token header globally to all instances of XMLHttpRequest();
- Javascript – key / certificate from USB Token