1

I'm making a form in a server using PHP, but I'm considering on using jQuery for the form submittion.

So, what option is better? A PHP script that takes the form, validating stuff right there and sending messages when something is wrong, or a jQuery script that sends the form without reloading? What are the pros and cons? Thank you beforehand!

Samuel Liew
  • 76,741
  • 107
  • 159
  • 260
Carlos
  • 11
  • 2
  • 1
    I think you are misunderstanding something here. There will always be a server-side script (like PHP) on the receiving end, no matter whether you use jQuery or not. I think you are asking about jQuery vs. a standard HTML form. – Pekka Feb 04 '11 at 20:43
  • well, you could argue between a normal 'post' submit and a javascript caught submit that sends an async post, so it's "without reload". – Nanne Feb 04 '11 at 20:45
  • duplicate of http://stackoverflow.com/questions/4405546/client-side-validation-javascript-or-server-side-validation-php – Kissaki Feb 04 '11 at 20:49
  • Not neccesarely Kissaki. Let me do another question. Is it better a PHP script that sends the form to "self", or jQuery? – Carlos Feb 04 '11 at 21:02

6 Answers6

6

You should do both!

Server side validation is always more secure then on client site.

Client site validation is great for the usability because the user will get an instant feedback from the script if something went wrong. And the user don't have to send the data to the server first before he gets some feedback.

gearsdigital
  • 13,915
  • 6
  • 44
  • 73
  • 1
    Just wanted to add that it is not just "more secure" than client side validation, but client side validation has nothing to do with security. Please, do not use client side validations for security purposes (only usability and user experience). As you can see, this subject is "close to my heart" :o). – TCS Feb 04 '11 at 21:06
2

I always put the validation on the server-side at a minimum as client-side logic is ultimately unreliable (what happens if someone disables javascript? Opens firebug to change things?). I treat client-side validation as a bonus for UX. That's not to say you can't use something like the jQuery validate plugin to add client-side logic on top of it, but I wouldn't rely only on client-side logic.

I've found myself becoming fond of the MVC famework from Microsoft because version 3 has very nice integration between the server-side validation logic and the jQuery validate plugin. Haven't looked in a while but there might be something like that in a PHP framework?

Parrots
  • 26,658
  • 14
  • 59
  • 78
1

Never trust the client. Thus, JavaScript form validation can only be a plus, for user convenience, but never be your only validation mechanism. With a bit of webdev knowledge you can work around JavaScript and send forms with data you like.

JavaScript validation with informative messages can be a huge plus for users though, so you should definitely consider it as a user-level validation.

Also, remember there may be users who do not use JavaScript by default.

Kissaki
  • 8,810
  • 5
  • 40
  • 42
0

I use both. For a validation example.. I will have a php function called "saveData()" and it would throw an exception if its missing some form data. On the other hand, if they have javascript enabled, they can submit the form and immediately find out if they are missing data, rather than reloading the page to find out.

Dalton Conley
  • 1,599
  • 2
  • 28
  • 36
0

Assuming you mean to use javascript to validate and then send it serverside (which, as @pekka says, is a given), then you have as pro/con for jQuery/javascript this

pro:

  • quick and easy validation. You can do this per-field, not everything at once.

con:

  • some people still don't like extra/unneccesairy javascript in their pages. But i don't think that's a big con.
Nanne
  • 64,065
  • 16
  • 119
  • 163
0

Client side validation has nothing to do with security. Its purpose is only to improve performance to create a better user experience.

Server side validation is all about security.

Any client side validation must be done on the server side (the other way around is not a must).

TCS
  • 5,790
  • 5
  • 54
  • 86