View Full Version : clients side and server side form validation in the same form

12-31-2007, 11:22 AM
I just wanted to check if it was possible to do clients side and server side form validation in the same form. I think it should be ok, but it may be a bit complex. The reason it my forms a so big that I want the user experience to be a best as possible. So when all the client side validation is done I wil move on to server side validation.

Is this a good idea?

12-31-2007, 11:29 AM
Ajax ?

12-31-2007, 11:56 AM
That would be good I guess,although I've got a bit of a learning curve there!

12-31-2007, 04:39 PM
mootools has a fairly simple validation script you can use. Here's a nice example to show how easy it is. You should be able to do client side validation on the fields with this and then pass it to the server from there.


12-31-2007, 11:11 PM
You do the client side validation using JavaScript. Ajax is only required if a server side lookup is required as a part of that validation - most of the time it wont be necessary.

The server side validation is then done AFTER the form is submitted.

Each serves a different purpose. The client side validation reports errors to the person filling out the form to allow them to fill it out correctly before they try to submit it. The server side validation is the essential one which makes sure that the form content is valid regardless of whether the person filling it out had JavaScript enabled or not.

You can't do the server side validation via Ajax as that then places it under your visitors control and they can turn it off and submit anything at all in the form.

Make sure that the server side validation is thorough and doesn't allow anything through that is not acceptable data. The client side validation does not need to be as thorough since the server side validation will still catch any errors that the client side missed. Testing client side for situations that will rarely occur and which require a huge amount of code to test will detract from rather than enhance visitor experience.

01-01-2008, 07:55 AM
Some server-side validations like "Check the username/email are already taken" can be done by ajax if there is Javascript support.

01-01-2008, 08:36 AM
No, you cannot trust any data that is submitted to the server. It must be validated after it has been submitted.

A bot script could send http requests that satisfies your AJAX server side script (assuming that your script is keeping track if validation was successful) with a single valid email address and then submit a list of email address or a list containing an html encoded BCC:... to the actual form processing code.

The form processing code is the last and most important line of defense. It must check all input it receives.

01-01-2008, 12:07 PM
OK, ill just keep my server side stuff the way it was then. However even Yahoo registration form looks like it uses ajax for registration

01-01-2008, 06:27 PM
Yahoo has also developed a large library of code called YUI, including Ajax functions. So yes they use Ajax, but they don't abandon server side validation. Its true, if someone doesn't have JS on, Ajax fails and you have to make sure things are validated on the server. You can have a hybrid of a page which when JS is on will do the validation through Ajax while its inputted and when JS is off does it all at the end. Depends on server load and such.

01-01-2008, 07:47 PM
Some server-side validations like "Check the username/email are already taken" can be done by ajax if there is Javascript support.

But you would want to re-run that check on the server once the form has been submitted anyways.