2

Possible Duplicate:
JavaScript: client-side vs. server-side validation

There are a lot of JavaScript/jQuery client-side form validation scripts out there. But considering that it's client side, it's fairly easy to bypass the validation and submit a form with values that ignore the validation rules. The only solution is to also implement server-side validation as well in order to protect yourself.

Client-side jQuery validation is fun and it looks slick, but if you already have to implement server-side validation then what's the point of the client-side validation? It seems unnecessarily redundant and a waste of development time. Is it useless?

Also, are there any good ways to implement client-side validation that don't require server-side validation?

Community
  • 1
  • 1
Jake Wilson
  • 88,616
  • 93
  • 252
  • 370

5 Answers5

6

Client Side validation can always be bypassed. There's no way around this. Backend validation should always be used when dealing with sensitive information, writing to/reading from a db, or really anything that could be hacked.

Client side validation is just there because it's faster. Much rather know instantly that my email address wasn't formatted correctly than after I've submitted the form, the server checked it out, and sent something back.

Sparky
  • 98,165
  • 25
  • 199
  • 285
idrumgood
  • 4,904
  • 19
  • 29
3

One word: usability. You shouldn't only write you web apps in defense against hackers. There are lots more regular users out there who just want easy-to-use, intuitive software.

FishBasketGordo
  • 22,904
  • 4
  • 58
  • 91
2

It provides better user experience. That's the point. Instead of submitting the form every time and waiting for server response user can see the results of validation immediately after changing form values.

bjornd
  • 22,397
  • 4
  • 57
  • 73
0

You always need server-side validation. Never trust any data coming from the client. Client-side validation is done for a better user experience. User experience is very important if you want people to use your site.

Geoff Warren
  • 414
  • 3
  • 10
0

The idea behind client-side validation is the the system is "fail-fast". If an honest user makes a mistake, she is told at once, which is good for the user (less waiting) and for the server (lighter traffic load).

Server-side validation is always necessary for security to exist; any system of client-side validation that is secure must assume that the user is somehow not in control of his own machine.

apsillers
  • 112,806
  • 17
  • 235
  • 239