2

I am making a new system and wanted to know what kind of validations to use for a more convenient coding and a secure system.

Should I use Server-side or Client side validation?

Ann Nacional
  • 75
  • 9
  • 4
    Its good if you put validation both the side. because if you put validation only on client side. that affect fast but if some one disable javascript. than it will create problem. and if you put validation only in server side than it will took some time for response. so better way is to put both of side validation. but secure way is server side validation. – Devsi Odedra Dec 09 '16 at 03:37
  • 1
    Client side validation: absolutely no security, and only there as a convenience for the user. Server side validation: increases security (if coded correctly) and provides convenience for the programmer AND the user (potentially). Both are a good way to go, but ALWAYS, and I mean ALWAYS check and make sure that whatever comes from the user is what you expect. Users are idiots, morons and/or out to wreak havoc, and should never, ever be trusted. – junkfoodjunkie Dec 09 '16 at 03:53
  • Possible duplicate of [JavaScript: client-side vs. server-side validation](http://stackoverflow.com/questions/162159/javascript-client-side-vs-server-side-validation) – Pradeep Kumar Dec 09 '16 at 04:46

3 Answers3

8

You absolutely need server side validation as the client can't force data in with it in place.

Client side is optional, as without it bad data still gets caught via post back. With it, you can warn the user faster that there is an issue.

There's a pessimistic theme I meant to mention - never trust the user. Either they're going to make a mistake, or they're out to break your app.

The1nk
  • 702
  • 14
  • 25
1

I will go with both sides validation. As both have there separate significance. If you just put the validation only on client side then someone can make your life miserable. And if you just put server side validation then for any error every time client have to fill complete data to server and then only he/she will be able to know the error. So if you just show the error right there just by clicking then it will be good for both of you as you don't have to handle erroneous data every time.

Sunil Pachlangia
  • 2,033
  • 2
  • 15
  • 25
0

I second, 'The1nk' points. But one additional point is we have to support the user in-terms of fast-responds for mistakes and purposeful attempts, thus the client-side validation is effective.

Definitely you must go with the Server-side validation and for client side validations, just like in the past you are not required to go with the hard-coded Javascript validations (though can go for complex data validations). If you wanted to use some simple validation there are many features available in HTML 5 which you can use like below,

Must required text fields: add html input attribute 'required' (note: no value for this attribute)

Specific types text fields: there are lots of different types of 'type' attribute values are added in HTML 5 like email, number, date, etc... can use them to validate those fields (there are additional attributes also available for those input types, for example for number min and max attributes)

Some useful links

HTML form input types

HTML form attributes

Since this is pure HTML the long term concern (What if the user disable the JS in browser?) with JS can be somewhat addressed. But, Keep in mind "There are NO Silver Bullet in Software Engineering" - Fred Brooks.

Darshan
  • 49
  • 10