Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I handle html form validation on front or backend? [duplicate]

Just like the title says.. Should I make sure all values are valid before allowing the form to be submitted to the backend?

like image 883
Derek Joseph Olson Avatar asked May 27 '16 21:05

Derek Joseph Olson


People also ask

Where should form validation occur?

Form validation can happen on the client side and the server side. Client side validation occurs using HTML5 attributes and client side JavaScript. You may have noticed that in some forms, as soon as you enter an invalid email address, the form gives an error "Please enter a valid email".

Where should form validation be handled client side or server side?

Your apps should always perform security checks on any form-submitted data on the server-side as well as the client-side, because client-side validation is too easy to bypass, so malicious users can still easily send bad data through to your server.

Why is front-end validation important?

As you know, the front-end is what the user sees and interacts with. That's why a good chunk of validation includes messages you show the user. It's also your first line of defense against bad form data. If you can do a check on the front-end, that's not a bad idea.

Is backend validation necessary?

back end validations are necessary! if the front end uses JavaScript validation, and the user disables the JavaScript in the browser the validation is turned off. So there is need for back-end validation. Save this answer.


1 Answers

Front-end validation (javascript) can easily be bypassed. It should only be used to improve the "user experience" - by providing instant feedback. It also reduces the load on the server.

Back-end validation is a MUST. It has to ensure that the data coming in is indeed valid. Additionally, depending on your architecture, you generally re-use your middle-tier business logic amongst multiple components so you need to ensure the rules that are applied are always consistent - regardless of what the front-end logic enforces.

like image 195
V33R Avatar answered Oct 16 '22 16:10

V33R