I have seveal forms I made myself, and the php that parses them. In the php I first check each field for length of input and if too long I display a error telling the user that the field of input is too long. Now I was thinking is this realy preventing a buffer overflow if the php form verification is all done server side?

If I checked with javascript client side then that would be no good either because the visitor or client can make changes.

A while back I found in the form search feature, a question about guestbook security. Where server side verification of input is prefered because the client cant make the canges.

What I dont understand is if the large amount of data was submited, and is sent, then the server side script parses it, isnt that when the server would crash, how is it that the server can safely parse all that data?

Edit: I found the post on guestbook security here http://www.antionline.com/showthread...hreadid=236396