Home | All Questions | alt.html FAQ >

Why validate forms on the client?

For maximum security and maximum reliability validation of forms data should always be done on the server. Validation must be performed on the server, because server-side scripts have no control over what happens on the client. JavaScript validation code may or may not get run, so a server side script needs to check that data is strictly validated before it is written to a database or passed on to third parties. With this in mind, why bother with client-side Javascript validation in the first place?

Client-side validation has valid uses. Ensuring data integrity is not one them. From a visitor's perspective client-side validation is good for giving the appearance of a faster response to errors/missing data. It is a convenience to visitors who have javascript enabled in their browser.

The server also benefits from client-side validation since it saves a number of round-trips between the visitor and the server owing to typos and easily spotted mistakes. This advantage doesn't alleviate the neccessity of doing server-side validation.

Recommended Resources

Discussion

Related Questions