form validation with javascript vs php

Question

Why should I bother to use JavaScript for form validation when I still have to use PHP since the user could have JavaScript support turned off.

Isn't it unnecessary?

Update:

Ok thanks for your answers. it sounds like a good idea to have it on the client side too. where can I download good JavaScript validations?

Do you know where I can download a validation script like that one in yahoo when you register an account?

Out of the question, the most advanced, and regularly updated validation tool is https://github.com/google/libphonenumber and it's npm port: https://github.com/ruimarinho/google-libphonenumber The problem is that it takes >500Kb to bundle libphonenumber in your frontend app. (https://bundlephobia.com/package/google-libphonenumber@3.2.22) Worth reading, Falsehoods Programmers Believe About Phone Numbers: https://github.com/google/libphonenumber/blob/master/FALSEHOODS.md Given the complexity I would also consider to use specialized online services, eg: https://validatephonenumber.com/ — dsdenes, Aug 20 '21 at 09:41

David Thomas · Accepted Answer · 2009-11-13T11:08:42.843

Javascript validation allows your user to be informed of any errors prior to their submitting the form to the server. This saves irritating page-reloads (since on submit the JS catches the event and validates the form, preventing form-submission if errors are found) and minimises the chances of their having to re-enter information again (and again and again...), or leaving prior to completing the form properly. JS validation is not a substitute for server-side validation (since the user can see the JS, and, by saving the page and amending the JS do whatever they want); but it's a convenience for them.

This is simply part of the concept of progressive enhancement, whereby JS provides a mechanism for enhancing the experience for the user, if it's there and turned on, and hopefully makes their interaction with your site pleasant, or, at least, minimally irritating.

Edited in response to OP's question regarding 'where to download a JS validation tool.'

While I can't -necessarily- recommend any one library (I tend to write my own as required, or borrow from previously self-written examples), a Google search threw these options up:

http://www.jsvalidate.com/
Stephen Walther's page, discussing Microsoft's CDN and jQuery-validation, linking to jQuery Validation plug-in:
jQuery.validate (hosted at MS' ajax.microsoft.com subdomain)
jQuery.validate.min
jQuery validate plug-in homepage (bassistance.de).

so the best practice is to implement form validation for both javascript and php side? — OMGPOP, Aug 26 '12 at 04:03
Absolutely, client-side is merely a functional courtesy to your users, it should never be considered 'secure.' All user-submitted data should be validated and sanity-checked on the server-side before storing. — David Thomas, Aug 26 '12 at 12:50

score 7 · Answer 2 · answered Nov 13 '09 at 02:09

7

You should ALWAYS validate in PHP on the SERVER SIDE and validation in JavaScript is CLIENT SIDE validation for user CONVENIENCE. Thanks to validation on client user may find errors in his form without page relodaing. But user may sent form data without data script validation (for example he may not have JS support in web browser), thus always validate on the server side.

answered Nov 13 '09 at 02:09

mip

8,355
6
53
72

Should I just validate it in JavaScript, and then when it's valid, submit and also validate in PHP just to make sure? And that would require me to check for the exact same thing in both JS and PHP to prevent any inconveniences? – Chris Jul 29 '18 at 22:21

score 3 · Answer 3 · answered Nov 13 '09 at 01:43

3

... as courtesy to the users pretty much. Makes life easier for the ordinary users that simply commit human things from time to time.

answered Nov 13 '09 at 01:43

vector

7,334
8
52
80

1

Seconded. Especially on slow connections, Javascript warnings informing about mistakes are a great enhancement in convenience. – Pekka Nov 13 '09 at 01:55

score 3 · Answer 4 · answered Dec 28 '09 at 09:52

I recommend you using unified server-side and client-side validation using a framework, since it may avoid confronting the user to data valid on client side but rejected by the server, or the opposite (client side too restrictive). Following list of framework give information about server/client side validation: http://en.wikipedia.org/wiki/Comparison_of_web_application_frameworks

score 1 · Answer 5 · answered Nov 13 '09 at 01:44

It's a matter of whether you want your form (and website as a whole) to be interactive-cum-user-friendly or not. You can just let the server-side do the validations and throw the error back to the users but that would be less interactive and less user-friendly than warning the users before they submit the form (although you still need to validate the inputs on server-side no matter what). Just my 2 cents :P

score 1 · Answer 6 · edited Nov 04 '16 at 08:23

1

Yes, it is best practice to validate the user input values from both sides client and server side ,

some cases client was disabled javascript or mobile browser that doesn't javascript, remember there is spammers also.

edited Nov 04 '16 at 08:23

Matt

74,352
26
153
180

answered Feb 02 '11 at 15:09

mahesh

19
1

score 1 · Answer 7 · answered Aug 26 '11 at 06:04

1

I recomend to use Javascript for client side and Php for server side This will make interaction or user friendly site nad reduce reloading page many times in case user submit wrong data

answered Aug 26 '11 at 06:04

Lacksinho

19
1

score 0 · Answer 8 · answered Oct 22 '13 at 18:18

To my mind, only client-side-checking of form input does not work because of security. Imagine you want to check a user password(if "yourpwd" == userinput), with js the user will see the password because it is in the browser-sourcecode .With php, it is not visible because php is for some reason hidden.

form validation with javascript vs php

Update:

8 Answers8

Linked