• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Client Side vs. Server Side Validation

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a lecturer at my Uni that is taking us for 'E-Commerce'. This lecture is teaching us to validate data on the client side using java-script. I want to raise that validation should be done on the server side so we shouldn't be learning this as java-script can de-enabled and 10% browsers dont have java-script enabled (W3C, 2005).

Is there any other reasons that she be teaching us client side validation using java-script? I want a strong case to backup my claim.
 
Ranch Hand
Posts: 580
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Client-side validation is nice so that you don't bog down your server with invalid requests, but ultimately the server should make sure everything is on the up and up when the request comes in. As you said, the javascript can be disabled on the browser, so you shouldn't rely on that only.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There have been a few discussions on this lately. I can't remember whether they were in the JSP or Servlets forum. Search both.

The bottom line is this:
If it absolutely, positively must be validated, do it on the server.

Some other arguments:
People can turn off Javascript.
Uncaught JS exceptions will stop all JS (which often leads to the form being submitted without validation.)

Client side validation can cut down on network traffic and make for a better user experience so it makes for a nice addition to server side validation.

If it absolutely, positively must be validated, do it on the server.
 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is really no discussion to be had. Ben pretty much said this but in a lot more words than I am going to and all those other discussions basically led to the same conclusion.

Do Both
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If your lecturer insists that server-side validation is not necessary, I would be very leery of anything else that is said.
 
Ranch Hand
Posts: 624
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Most importantly, not doing server side validation is a security risk. Not only can client side validation be turned off, it can be spoofed. I can simply write an HTML page that posts to the server with invalid data; or more importantly malicious data, but with any "isValid" flag set to true. Like Gregg says, do Both.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic