Are there browsers that don't support maxlength?

Question

I have a contest entry page on my company\'s website. In order to enter the contest, you create a login, which is just an email and a 4-digit pin. Here\'s the PIN field:

Answer 1

They very likely are bots that read field names and create GET and POST requests based on those rather than using the HTML form like a normal human user would.

This is why client-side validation of form is never enough to ensure data is correct. Client-side validation is nice as it's responsive for end users, but it's not able to prevent bad data from arriving at your server's doorstep.

As an example, let's say I have an input field in a form whose action is GET. My input field's maxlength is 4. When I press submit, I see the URL ending with ?field=1234. There's nothing stopping me from updating that URL to ?field=123456789 and pressing enter. Similar things can be done with POST actions, but a tool is needed to do it.