Is JavaScript validation bad?

Question

It has been long time since we have been validating our forms using JavaScript. I am sure this must be the case with most other developers.

Question:

What if the

Answer 1

You can make server and client-side validation pretty painless by using a framework that supports both. In the past, for ASP.NET I used the Peter Blum validators:

http://peterblum.com/

With this, you drop the validation controls onto your page, hook them up to the inputs (textboxes, drop down lists etc), and specify the validation properties (minimum length, required, error message etc). When the page runs, the framework spits out equivalent code for both the client (JavaScript) and server (ASP.NET) to perform your validation.

Without such a framework, as other posters have pointed out, validation can be laborious.

I'd be interested to know of anything similar for PHP or other technologies.

Answer 2

You have to validate it on sever-side, javascript is good to validate form, but people can disable javascript, or use another javascript to hack it, so validation on server-side is a must.

Answer 3

Javascript validation is good because it provides a better user experience.

You should however never rely on it and should validate on the server regardless.

Answer 4

JavaScript improves user interaction for your product or service. Users interaction (user input and machine response or vice versa) is a vital characteristic of our applications. As we all experienced, products are getting more interactive ever than before. And this interaction part can (only) be crafted in JavaScript (ActionScript for Flash Player). We would all agree with this - there is always a calculated amount of work that can be transited to the client side (machine) to avoid calls without bothering them to send to the server(s). There are many many applications which are heavily dependent on client-script scripting. And if they found you do not allow required scripting they asked for it leaving a message in noscript tag. But I think everyone wants to have it enabled as we all fire up a tab with Gmail, Facebook, etc.

However, this still should not be ignored as we are keen to grap every single opportunity (audience/customer) and work with is at least better than falling apart. It still works!

As a Microsoft Development Platform user, there is a convenient solution on .NET platform. That don't require dual effort on such issues. Make use of your client-side validation while scripting is disabled by using Page.Validate() and Page.IsValid.

protected void Page_Load(object sender, EventArgs e)
{
    if (Page.IsPostBack) {
        Page.Validate(); // If you missed, then you got the second chance ...
    }
}

protected void btnSubmit_Click(object sender, EventArgs e)
{
    if (Page.IsValid) { // Confirm you do a proper validation before moving to perform any process
        Response.Write("Done!");
    }
}

I hope this will help.

Answer 5

In a multi-tiered / service orientated environment validation should exist on multiple levels to allow for better reuse while still maintaining a secure application. Validation on the client side, whether in a desktop app, or web site/application should be there for a better user experience to prevent postbacks to the server everytime for validation, hence costing more bandwidth and user time. If client-side validation cannot be moved entirely to the front end then consider using ajax for a partial postback to a server side validation routine, while retaining a better customer experience but allowing a programmer to maintain the validation rules centrally.

Second to the client side, but more importantly, server side code should validate the data before persisting it via a data layer or passing it to another server side method/service, to employ business rules around the data and help prevent errors in data integrity. Lastly, the persistence layer itself (the immediate interface to the database or other storage mechanism) should validate the data being stored, again to prevent errors in data integrity and possibly further business rules. The last thing you want is a data store with useless data.

Employing this method will keep you data secure and integrity in line. On reuse of either you persistence layer, your data layer or your front-end presentation thereafter, in your own site (or via a web service, desktop application or mobile app), if designed properly, these validation routines are already in place and can be re-employed. This should prove to be of great benefit to you alone, and your colleagues and your management, if you happen work in a team.

Answer 6

You should have multiple layers of validation.

Validation on the client Side

This is definitely useful because validation can be done without having to go to the server. Requests get to the server once they are validated - saves some traffic.

Validation on the server side

If javascript is disabled then the server should also incorporate a level of protection - validation in order to disallow erroneous requests.