File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Client Side vs. Server Side Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Client Side vs. Server Side Validation" Watch "Client Side vs. Server Side Validation" New topic

Client Side vs. Server Side Validation

Gabe Newell

Joined: Dec 07, 2004
Posts: 19
I have a lecturer at my Uni that is taking us for 'E-Commerce'. This lecture is teaching us to validate data on the client side using java-script. I want to raise that validation should be done on the server side so we shouldn't be learning this as java-script can de-enabled and 10% browsers dont have java-script enabled (W3C, 2005).

Is there any other reasons that she be teaching us client side validation using java-script? I want a strong case to backup my claim.
James Carman
Ranch Hand

Joined: Feb 20, 2001
Posts: 580
Client-side validation is nice so that you don't bog down your server with invalid requests, but ultimately the server should make sure everything is on the up and up when the request comes in. As you said, the javascript can be disabled on the browser, so you shouldn't rely on that only.

James Carman, President<br />Carman Consulting, Inc.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

There have been a few discussions on this lately. I can't remember whether they were in the JSP or Servlets forum. Search both.

The bottom line is this:
If it absolutely, positively must be validated, do it on the server.

Some other arguments:
People can turn off Javascript.
Uncaught JS exceptions will stop all JS (which often leads to the form being submitted without validation.)

Client side validation can cut down on network traffic and make for a better user experience so it makes for a nice addition to server side validation.

If it absolutely, positively must be validated, do it on the server.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15302

There is really no discussion to be had. Ben pretty much said this but in a lot more words than I am going to and all those other discussions basically led to the same conclusion.

Do Both

GenRocket - Experts at Building Test Data
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63874

If your lecturer insists that server-side validation is not necessary, I would be very leery of anything else that is said.

[Asking smart questions] [About Bear] [Books by Bear]
Mark Vedder
Ranch Hand

Joined: Dec 17, 2003
Posts: 624

Most importantly, not doing server side validation is a security risk. Not only can client side validation be turned off, it can be spoofed. I can simply write an HTML page that posts to the server with invalid data; or more importantly malicious data, but with any "isValid" flag set to true. Like Gregg says, do Both.
I agree. Here's the link:
subject: Client Side vs. Server Side Validation
It's not a secret anymore!