Server-side vs Client-side validation for ASP.NET web applications

What is validation?
In HTML ‘Validation’ is not a process, it is merely a concept. HTML simply offers client-side scripting and form-posting. With the web page disconnected, nothing will happen server side until the form is posted – after that nothing more can happen client side until a new web page (response) is received.
Client-side validation
Client-side scripting must occur before server-side scripting. ‘Validation’ then is a function of our code.
If our code uses client side scripting to validate, it must happen before the form post, if we use server side code to validate it must happen after the form post.
This obviously gives the option of using the client side scripting to cancel the form post if our validation routine is not satisfied.
In .Net Microsoft offered a wizard to generate validation scripts (the validation controls), but this merely generates code as explained above.
Client-side validation is fundamentally flawed in that the ‘client’ which, strictly speaking is outside the applications control, is detailing whether something is acceptable or not. So, for example, the user might have a browser that does not fully support JavaScript and invalid data might be returned as valid. For this reason it is always recommended to use server side validation.
Server-side validation
Server side validation on the other hand can be very frustrating and with unexpected results. A user can submit a form, wait for long time for it to be processed, only to be told that it is invalid. For this reason we add client side validation to check the form before it is submitted, merely to enhance userability.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.