Is it smart to do some form validation through Javascript before submitting?

Question

I really like the idea of validating forms client-side before doing so server-side. If the client's validation passes, I can use Javascript to submit the form.

However, I have heard that some specialized browser, like browsers for the visually impaired, don't support Javascript. Therefore, those users won't be able to submit my forms. Should I therefore avoid what I just thought of doing, or is it alright?

EDIT: (In response to answers): I guess I didn't explain that, but I was planning on doing server-side validation in addition to client-side. Sorry!

Thanks

Answer 1

Javascript is a nice touch to validation. It lets the user know right away that something is wrong, plus it minimises potential calls to the database.

If there are browsers out there that disable javascript for accessibility reasons, you shouldn't worry to much. That's what the server-side checking helps with.

So you should use both, and test with javascript turned on or off. NEVER use javascript as a sole validator - you could just turn javascript off in your browser and the POST data would go through!

Answer 2

You should do both client-side validation and server-side validation. Everything you catch with client-side validation is an opportunity to improve the user experience for your users and tell them exactly what is missing or wrong before they submit the form. If, for any reason, javascript is not enabled, you will still validate on the server (as you always should) and can return errors through the form response from the server if you have to.

So, it's always a good idea to use client-side validation if available.

Answer 3

Is client-side validation smart? Yes, clean input is better for performance than input that will error out.

Great UX? Yes, it's important for a user to get quick, relevant feedback.

Safe? No. Not at all. Hackers don't use your interface to hack your site.

More and more browsers can be site-selective about running JS.

Lastly, if you are concerned about equal access, your best bet is to build accessible versions of the site.

Answer 4

Client side validation often improves user experience, as the user can immediately see whether his data is valid or not.

If it is some simple validation, like pattern matching or length checking for passwords, definitely do it. But of course it is not a substitution for server side validation, it is not a security means in any way. Never trust user input.

Integrate the client side validation in an unobtrusive way , so that form submission still works if JS is turned off.

Answer 5

"Both And" is the answer. Validate client side as a convenience and as a way to better the user experience, but you should always validate server side.

Answer 6

Browsers without JavaScript won't execute the JavaScript at all, so they will still be able to submit your form. Don't worry.

Answer 7

Client side validation is done by interceptin the normal submit event and return true or false based on whether the form is valid. In this way, when javascript is not enabled, the submission is not intercepted and proceeds as normal.

It is one of the easiest things to degrade gracefully, fortunately:)

Answer 8

Not sure we can say it's smart to handle form "control" before submitting: this is "only" client comfort, as these controls... are just not valid from the security standpoint. So this is adding coding efforts for no added value from the security prospective. But this is adding effort for client comfort. And THIS is smart.

The simple way: No client-side control at all, only server side. No need that js is enabled on the client-side.
This is the point that shall be always enabled and full security valid.

The intermediate way: Implementing the simple way and adding some javascript "controls" on top, "hand coded" or using js librairies. This is the fastidious way as this is adding a layer on top of the existing server core code, and generally means some server-side code changes or refactoring. So this is the worst way according to me. But this is a good way to learn and understand the client-server exchanges. Painful but useful.

The best way: Base all your efforts on server-side validation but make sure, from the coding starting point, to be able to embed also the "nice to have", eg. the client-side nice "controls". Which means you have to think of your code architecture before starting writing any line. How to do that? use Ajax coded forms on the server side. Which suggests the way of coding ideally with specific php form classes. For example, ZendFramework is providing such kind of possibilities using either dojo or jQuery.

Answer 9

Its always better to have "Cleaner" data passed into the server. Prevents errors and malicous data.