Validating Form Input Client-side (JS) Vs Server-side - php

I'm making a form in a server using PHP, but I'm considering on using jQuery for the form submittion.
So, what option is better? A PHP script that takes the form, validating stuff right there and sending messages when something is wrong, or a jQuery script that sends the form without reloading? What are the pros and cons? Thank you beforehand!

You should do both!
Server side validation is always more secure then on client site.
Client site validation is great for the usability because the user will get an instant feedback from the script if something went wrong. And the user don't have to send the data to the server first before he gets some feedback.

I always put the validation on the server-side at a minimum as client-side logic is ultimately unreliable (what happens if someone disables javascript? Opens firebug to change things?). I treat client-side validation as a bonus for UX. That's not to say you can't use something like the jQuery validate plugin to add client-side logic on top of it, but I wouldn't rely only on client-side logic.
I've found myself becoming fond of the MVC famework from Microsoft because version 3 has very nice integration between the server-side validation logic and the jQuery validate plugin. Haven't looked in a while but there might be something like that in a PHP framework?

Never trust the client. Thus, JavaScript form validation can only be a plus, for user convenience, but never be your only validation mechanism. With a bit of webdev knowledge you can work around JavaScript and send forms with data you like.
JavaScript validation with informative messages can be a huge plus for users though, so you should definitely consider it as a user-level validation.
Also, remember there may be users who do not use JavaScript by default.

I use both. For a validation example.. I will have a php function called "saveData()" and it would throw an exception if its missing some form data. On the other hand, if they have javascript enabled, they can submit the form and immediately find out if they are missing data, rather than reloading the page to find out.

Assuming you mean to use javascript to validate and then send it serverside (which, as #pekka says, is a given), then you have as pro/con for jQuery/javascript this
pro:
quick and easy validation. You can do this per-field, not everything at once.
con:
some people still don't like extra/unneccesairy javascript in their pages. But i don't think that's a big con.

Client side validation has nothing to do with security.
Its purpose is only to improve performance to create a better user experience.
Server side validation is all about security.
Any client side validation must be done on the server side (the other way around is not a must).

Related

Why server-side script is better when making a contact form?

I searched over the web and I found that a lot of people say that server-side script is better when making a contact form for a website... Can someone tell me why, please?
In my little experience I appreciate when a contact form is able to hightlight istantly when I wrote a wrong email, or a field is missing, rather than waiting for the answer of the server after processing the input in a php page. Maybe is better to implement both jquery validating and server-side validating?
They must be talking about the form validation. Client side validation is usually done with JavaScript/jQuery which can be easily manipulated using tools like Firebug. If user disables his JavaScript, the validation will fail and wrong data will be posted, inorder to prevent that, Server Side Validation is used for example, PHP, ASP.
The data is posted to the server, server validates the data, if it's incorrect, it will throw back the error to the user, and the most important is that server side validation cannot be manipulated/modified easily.
Now you may ask why to validate Client Side if it can be modified/broken easily? Well, not everyone is intelligent to fool your validation, home/normal users often forget some fields to fill up which are compulsory, if you do not keep a client side check at all, your server will get more and more requests directly, thus increasing the load, inorder to prevent that, you need to keep a client side check as well, which will prevent the form details to be posted to the server directly, thus decreasing the server load.
Also, it will save the time for your users, JavaScript validations are very quick, the users are responded with the related error messages when they are typing, or they move to the next field or very soon after the submit button is pressed. Where as server validation will make the process lengthy as forms will be submitted first, server will validate, and than it will return the message. Not much friendly for an user huh?
So the bottom line is validate both, Client Side and Server Side, but make sure you DO VALIDATE Server Side.
If you use client side languges like javascript or jquery for validation then modern browsers have the option to turn off or disable javscript and if they do so then validations will not work.But its not applicable in the case of server side validations.You can refer these links for more
http://www.dzyngiri.com/client-side-vs-server-side-validation/
JavaScript: client-side vs. server-side validation
You can perform sending and validating on server side but you can also provide basic validation on client side. Thanks to that you can notify user when something is wrong instantly. But also you will be sure that all data is correct (because of server side validation).

Is there a design pattern in the building of website validation with JS and PHP?

For example, I want avoid errors if someone disables Javascript... I think my JS validation must be called by my PHP code...
I'd like know about design patterns or anti-design patterns.
I should clarify that I must use JS in my project and not tools like jQuery or Dojo
The problem is more often how to keep both validation identical on the client using JS and on the server using PHP. What i often do is i create my validation on the server only using PHP and i send the content through AJAX using jquery.
The server sees that request as an ajax request because i pass it a content-type and then it doesn't process anything, just validates and returns a JSON response saying everything is ok, or it sends back the error messages that jquery will have to show to the user.
Like you asked, it's only a design pattern, a way of doing. Implementing it is another story, there are tons of ways to do it.
Good luck
There are several jQuery plugins that have validation, and some tie it to classes on the fields. This way, you can keep your javascript and your PHP separate.
The important thing is that there needs to be two sides to validation: server-side and client-side. So while you can validate with JavaScript, mainly for usability reasons, you need validation on the server side as well, for reliability reasons. This way if someone has turned validation off, you can still prevent errors that un-validated data may cause.

Form Validation With Js/Jquery & PHP

I'm building up a site that utilizes a lot of forms and before I decide on what 'standard' I want to use for most of my form validation, I would like to know what makes the most sense:
Should I validate forms on the front end with js/jquery?
Should I validate forms on the back end (server side) with Php?
Or should I validate on both sides?
I think validating on both sides makes the most sense in terms of security, but my worry is that the site might not be scalable if I try to process too much validation (e.g. is there such thing as too much redundancy with validation especially if I have pretty complex forms with 20-50 fields?)
Thanks
You should validate on both front end and back end. Front end validation will not affect your sites scalability badly because the processing is done in the client's browser. In fact front end (client side) validation will help in scaling as it saves precious bandwidth and server side processing.
You should never ever leave out server side validation, as client side validation can be tampered by a malicious user.
So you should use both.
I would validate on both ends, javascript/jquery will look nice for the user, but can be turned off, you don't want the user able to turn off all validation, so check it on the back end as well.
I say both sides. Client side so the user doesn't have to refresh/submit the page before knowing something is wrong. But client-side is easy to edit/remove from the page entirely. You should never rely on it and always do server-side validation.
yes i would also recomend both sides to avoid something you don't want

Why I should use JavaScript for page validation, even I can use php for same work?

I m beginner to learn java script and I just read that we use java script for interactive and page validation ...so my question is that
We can validate our page with the help of php then why we should use JavaScript?
Ideally, you should be doing both. But at the least, you should be using server side validation.
The reason you have JS or client side validation is so that
The user gets immediate feedback on errors
Your server is spared the round trip for smaller validation
You should never rely only on JS for validation as this can be easily disabled/circumvented. Always use it as an added layer to your server side validation.
Javascript validation allows a more 'responsive' validation message since it doesn't require a postback.
However you should always include server side validation AS WELL since a user could turn off javascript and bypass the validation.
Javascript vaidation is client side validation. You do it even before your page is submitted to the server. And hence prevent resubmitting your page all again
Javascript is used for browser side validation i.e, client side , But php is used for ser
I guess you mean that you can validate the data entered at the server end in php and you do not see the point in validating at the client side using Javascript.
Javascript runs on the client (i.e. the user's browser), which means the data does not have to make a round trip to the server to be validated. This makes the process faster and reduces load on the server. Imagine someone entering a huge amount of data into a text field that is supposed to accept only 15 characters. If you validate only in the server side, your application stalls while the data is being sent. If you also validate using Javascript, nothing is sent back since it is caught at the user's browser.
That being said, it is a good idea to validate at both the client and the server. This takes care of someone intentionally circumventing your Javascript validation (e.g. by turning off Javascript).
These are the two sides of a coin:
PHP = Server Side vs Javascript = Client Side
Both operate in different mediums on opposite sides of the HTTP fence
You can't really compare them. Normally, you use them both. Javascript for the nice dynamic client side stuff (like hiding a part of the page) and PHP to generate the page. And then there's ajax, which makes both work really great together.
Some more comparision:
In php you can have the remote and local time
In js you can have user time...
In php you can have remote and host address
In js ... i dont know !!
In php the source is not lookable in the source code
In js the source can be see in the source code of the page.
To use php it requires sending a request to the php and getting a response.
Javascript is client-side therefore eliminates the need for the request to be send.
Javascript is a much faster way since you do not need to send a request to the server.
But it depends if you are validating a form with certain data that you need checked.
For example, if you have a form and there is an email input box, you may want to check if that email is already in your database. This would require php.
Otherwise, if you do not need to make a request to your server, javascript would be the better one to use.

form validation with javascript vs php

Why should I bother to use JavaScript for form validation when I still have to use PHP since the user could have JavaScript support turned off.
Isn't it unnecessary?
Update:
Ok thanks for your answers. it sounds like a good idea to have it on the client side too. where can I download good JavaScript validations?
Do you know where I can download a validation script like that one in yahoo when you register an account?
Javascript validation allows your user to be informed of any errors prior to their submitting the form to the server. This saves irritating page-reloads (since on submit the JS catches the event and validates the form, preventing form-submission if errors are found) and minimises the chances of their having to re-enter information again (and again and again...), or leaving prior to completing the form properly. JS validation is not a substitute for server-side validation (since the user can see the JS, and, by saving the page and amending the JS do whatever they want); but it's a convenience for them.
This is simply part of the concept of progressive enhancement, whereby JS provides a mechanism for enhancing the experience for the user, if it's there and turned on, and hopefully makes their interaction with your site pleasant, or, at least, minimally irritating.
Edited in response to OP's question regarding 'where to download a JS validation tool.'
While I can't -necessarily- recommend any one library (I tend to write my own as required, or borrow from previously self-written examples), a Google search threw these options up:
http://www.jsvalidate.com/
Stephen Walther's page, discussing Microsoft's CDN and jQuery-validation, linking to jQuery Validation plug-in:
jQuery.validate (hosted at MS' ajax.microsoft.com subdomain)
jQuery.validate.min
jQuery validate plug-in homepage (bassistance.de).
You should ALWAYS validate in PHP on the SERVER SIDE and validation in JavaScript is CLIENT SIDE validation for user CONVENIENCE. Thanks to validation on client user may find errors in his form without page relodaing. But user may sent form data without data script validation
(for example he may not have JS support in web browser), thus always validate on the server side.
... as courtesy to the users pretty much. Makes life easier for the ordinary users that simply commit human things from time to time.
I recommend you using unified server-side and client-side validation using a framework, since it may avoid confronting the user to data valid on client side but rejected by the server, or the opposite (client side too restrictive).
Following list of framework give information about server/client side validation:
http://en.wikipedia.org/wiki/Comparison_of_web_application_frameworks
It's a matter of whether you want your form (and website as a whole) to be interactive-cum-user-friendly or not. You can just let the server-side do the validations and throw the error back to the users but that would be less interactive and less user-friendly than warning the users before they submit the form (although you still need to validate the inputs on server-side no matter what). Just my 2 cents :P
I recomend to use Javascript for client side and Php for server side
This will make interaction or user friendly site nad reduce reloading page many times in case user submit wrong data
Yes, it is best practice to validate the user input values from both sides client and server side ,
some cases client was disabled javascript or mobile browser that doesn't javascript, remember there is spammers also.
To my mind, only client-side-checking of form input does not work because of security. Imagine you want to check a user password(if "yourpwd" == userinput), with js the user will see the password because it is in the browser-sourcecode .With php, it is not visible because php is for some reason hidden.

Categories