3

I use some jquery and JS functions to validate forms and to check for example if that field is empty or password is less than 6 characters, and stuff like that, and I noticed that if someone disabled JS, then these functions would be useless, and no more protection of forms, which can be better made using PHP, so should I avoid them now because this could cause an insult to my website ?

Ali Bassam
  • 9,691
  • 23
  • 67
  • 117
  • possible duplicate of [JavaScript: client-side vs. server-side validation](http://stackoverflow.com/questions/162159/javascript-client-side-vs-server-side-validation) – Felix Kling May 03 '12 at 09:16
  • JS validating of forms on client-side isn't sufficient. You should also check the value sent by the client to the server on server-side. For this is the appropriate php for example. – kapandron May 21 '12 at 19:51

7 Answers7

8

JavaScript is very useful for improving user-interaction, along with reducing the number of requests made on the server; but, as you've pointed out, it can be disabled. To answer your question: No, I wouldn't recommend avoiding the use of JavaScript, but the key is not to rely on it for critical actions, such as validation. You'll want to implement the validation on both the client (JavaScript) and server (PHP) sides. This will ensure that there is no way for the user to completely disable the validation.

In short:

  • JavaScript = Good
  • JavaScript Validation = Nice for the user, but not reliable
  • Server Side Validation = Essential

Side note:

With regards to relying on JavaScript for the overall user interaction, as other answers have suggested, use JavaScript to enhance the overall experience, but don't rely on the user having it turned on. I would recommend a bit of bed time reading of Progressive Enhancement, it's the approach of making something better, with being reliant on it, and can be applied to more than just JavaScript (CSS3 etc).

Richard
  • 8,110
  • 3
  • 36
  • 59
2

You should use javascript and jQuery to enhance the functionality of your site. If someone has javascript turned off you should ensure that the site still works, and they can access all areas - even though there may be some things they cannot see, such as transitions and effects.

With regard to validation, you should ALWAYS validate server side. Client side validation is optional, but a very nice feature to improve the user experience for your visitors.

Rory McCrossan
  • 331,213
  • 40
  • 305
  • 339
  • But my website depends a lot on .fadeIn() and .fadeOut(), with JS disabled, these functions wont work, and lots of contents, they wont be able to reach them – Ali Bassam May 03 '12 at 09:15
  • 1
    If you are relying on javascript for your UI then you either need to rethink your approach, or have a message displayed in an obvious position on the website which explains that javascript is required for your website to function correctly. – Rory McCrossan May 03 '12 at 09:17
  • I used – Ali Bassam May 03 '12 at 09:19
2

I don't mean this as a complaint, more of an observation.

Web developers often grab Javascript libraries as the latest shiny toys with no thought for the consequences. As a Data Governance person, I'm regularly the bringer of bad news, when we do audits on the data collected, and find users who get past the Javascript validation.

"Go back and start again".

Javascript libraries are great for the presentation of data, but should and must not be relied on for data validation and the integrity of user profiles.

Keith Macdonald
  • 21
  • 1
1

You should not avoid using JS and jQuery in your website, but you should avoid using them for validation purposes or business-logic purposes. These should be done in the back-end of the website, not in the UI level.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Raul Rene
  • 10,014
  • 9
  • 53
  • 75
1

A validation should always happen at

  • Client Side - using javascript to enhance the user experience.
  • Server Side - using the preferred server side programming language for security reasons
  • Service Side - if you are following SOA / Web API as part of defensive programming practice. This can also be at the DB level along with Service layer.
Ramesh
  • 13,043
  • 3
  • 52
  • 88
0

You shouldn't really avoid them. What you should do is to implement both client and server validation. Don't rely just on client validation, for the reasons you just mentioned. You should always validate the data when it arrives to server.

Adding client-side validation gives your pages dynamic look and feel. A user does not have to wait for the form to go to server and in case of an error to return back. It is automatically verified without postback.

As I said above, don't rely upon client side validation. Always implement server-side validation also.

Huske
  • 9,186
  • 2
  • 36
  • 53
0

Remember my friend, Java script is client side scripting. its purpose to validate form at client side itself so we can avoid overhead...You must use java script at client side. because PHp is server side language. It will take time to reply.

Ha, Server Side validations are equally important. if you want to do that, then you can use server side language. You can check comment below to my post by halfer. Server side validations are important for security and many more purposes.

That is different thing that somebody disabled js. You can check for the same and give proper message to enable.

Vicky
  • 1,215
  • 6
  • 22
  • 45
  • No, don't use "java script only" - that would be a recommendation to avoid server-side validation, which would leave you open to security risks, database errors, fatal script errors etc. – halfer May 03 '12 at 09:18
  • @halfer-I was talking about client side validation...i really appreciate for your comment..server side validations are equally important. – Vicky May 03 '12 at 09:22
  • 1
    Might be an idea to edit your post then, so it is clear `:)`. – halfer May 03 '12 at 09:26