Client side Vs Server side Validation
In our recent post Browser side form validation using HTML5, we have discussed how to do client side validation using the latest attributes. But after that I came across a question that, which validations is better or best? Client side or Server side validation? To find the answer I gone through many interesting articles and forum discussions. And finally I came with some points.
What is form validation?
This will be first question which will arise in minds of some readers. So the form validation is a process of testing and ensuring that the user has entered required and properly formatted information through the web form and it also guide the user to fill the proper and valid information which is called as Error recovery process.
There are many methods to perform this form validation and error recovery process. So all the methods can be majorly categorized in two, 1) Client side form validation techniques and 2) Server side form validation techniques.
What is Client side form validation?
In client side form validation method, all the input validations and error recovery process is carried out in the user’s browser itself. It can be done using JavaScript, AJAX (Asynchronous JavaScript And XML), VBScript or HTML5 attributes. Client side validation has some advantages and some disadvantages too.
Advantages
1) Validation can occur as the form elements are completed and before the form data is submitted to the server.
2) Functionality does not require any server-side scripting.
3) Enhance the user experience by responding quickly at the user level.
4) Error recovery mechanism is quite simple as it guide the user while filling up the form and ensures the user has filled the required fields with valid data.
5) A client-side input validation check can improve application performance by catching malformed input on the client and, therefore, saving a round-trip to the server.
Disadvantages
1) User can alter or bypass the client side validation easily.
2) Client side validation cannot protect your application from malicious attacks on your server and database.
3) Do not rely on JavaScript to enforce security decisions as it can be disabled in client’s browser.
4) No Security!
What is Server side validation?
In server side validation, the inputs submitted by the user are analyzed and sanitized at server using some scripting language such as PHP, ASP, Perl, etc. And it respond to the user by redirecting him to the new dynamically generated web page.
Advantages
1) No such scripting language is used which can be disabled in the user’s browser.
2) The complete information can be submitted without interruptions of error recovery warnings and messages.
3) Secure!
Disadvantages
1) Need to validate all form fields in order to limit the number of request-response life-cycles.
2) Server-side processing code needs to re-render the page in order to display the error messages.
3) More response time, therefore poor user experience.
So, which validation technique?
The Web Content Accessibility Guidelines 1.0 state that you should, “ensure that pages are usable when scripts, applets, or other programmatic objects are turned off or not supported.”
So you should not rely on the client side form validation only, as it may use the client side scripting which may be disabled by the user. Many users do so, as it has many reasons. If you want to use the client side validation technique for better user experience, you can. But don’t forget to validate it again on server. The reason is because there is nothing stopping someone re-creating a form from your site, removing the validation, then posting it to your post-back script. Attempting to verify where the form is being posted from doesn’t help either, cos it’s easily spoofed.
However, web developers can utilize the benefits of both server-side and client-side validation and error recovery to ensure that their forms are completed in a usable and accessible manner. To ensure the validity of the information that is submitted, server-side processing should typically be the final mechanism for ensuring that the forms are completed accurately and completely.
Conclusion
As both the validation methods have their own significances, we would like to recommend that you should use both the validation methods to sanitize the data you receive from the web forms.
What you think? Which technique you will use? Mention your opinion by commenting below. And don’t forget to share this post.
I think it necessary to use both of validations in any case because it secure and usable. But problem is the support of validation rules on two sides. I know the PHP framework Yii solves this problem and generate both of validations also it simple to do using nodejs if we talk about web apps. But problem is actual in development of mobile apps developed via native platforms. Rules should be synchronized between development teams in some way.
i ll use both the validation..