Hi Ja, Validation is required before submitting a form to the server(database-mostly) to check for authenticity of certain things. Obviously when you say password cannot be empty, is it a point to send it the server? No. Then you must stop it before it reaches the server. This is client side validation. Now consider, I am trying to compromise someone's account and i send some info in the password. I need to check inthe DB if the info is correct or not. As this info is in the DB i need to do a server side validation.
Why, most importantly, we are talking about it because the sever side trip is expensive in terms of network bandwidth consumption(here which would be invalid request anyway-empty password request), connections and host of other things that are involved with the server side connections( sockets opening, etc-internal). So a server should be hit only when reqd. Thus most applications have a client side and a server side valdiation. Its a good practice also. [ November 09, 2006: Message edited by: RoshaniG Gopal ]
With regard to validation, it's important to understand that whether or not to do server-side validation is never a question. One must always do server-side validation.
As Rosthani mentioned, client-side validation can save bandwidth by catching some errors before they are sent to the server. However, even if an error is checked with client-side validation, the same error must be re-checked on the server side. The reason for this is that client-side validation is not 100 percent reliable. A user can turn off JavaScript on the browser, thereby making all your client-side code inactive.
0
