开发者

Validating Form Input Client-side (JS) Vs Server-side

I'm making a form in a server using PHP, but I'm considering on using jQuery for the form submittion.

So, what option is better? A PHP script that takes the form, validating stuff right there and sending messages when somethi开发者_开发百科ng is wrong, or a jQuery script that sends the form without reloading? What are the pros and cons? Thank you beforehand!


You should do both!

Server side validation is always more secure then on client site.

Client site validation is great for the usability because the user will get an instant feedback from the script if something went wrong. And the user don't have to send the data to the server first before he gets some feedback.


I always put the validation on the server-side at a minimum as client-side logic is ultimately unreliable (what happens if someone disables javascript? Opens firebug to change things?). I treat client-side validation as a bonus for UX. That's not to say you can't use something like the jQuery validate plugin to add client-side logic on top of it, but I wouldn't rely only on client-side logic.

I've found myself becoming fond of the MVC famework from Microsoft because version 3 has very nice integration between the server-side validation logic and the jQuery validate plugin. Haven't looked in a while but there might be something like that in a PHP framework?


Never trust the client. Thus, JavaScript form validation can only be a plus, for user convenience, but never be your only validation mechanism. With a bit of webdev knowledge you can work around JavaScript and send forms with data you like.

JavaScript validation with informative messages can be a huge plus for users though, so you should definitely consider it as a user-level validation.

Also, remember there may be users who do not use JavaScript by default.


I use both. For a validation example.. I will have a php function called "saveData()" and it would throw an exception if its missing some form data. On the other hand, if they have javascript enabled, they can submit the form and immediately find out if they are missing data, rather than reloading the page to find out.


Assuming you mean to use javascript to validate and then send it serverside (which, as @pekka says, is a given), then you have as pro/con for jQuery/javascript this

pro:

  • quick and easy validation. You can do this per-field, not everything at once.

con:

  • some people still don't like extra/unneccesairy javascript in their pages. But i don't think that's a big con.


Client side validation has nothing to do with security. Its purpose is only to improve performance to create a better user experience.

Server side validation is all about security.

Any client side validation must be done on the server side (the other way around is not a must).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜