John Vine

Client Side Validation

Est. Reading Time: 3 minutes

Client side form validation is often undervalued despite the benefits it can have both on speed and user experience. The reason it is so undervalued is because it alone isn’t enough to rely on. Any client side validation can be removed, altered, or bypassed by a sufficiently informed individual with intentions of attempting to bypass your security measures so many developers will choose to rely solely on server-side validation which is much more secure from malicious attempts by the user. Since server-side validation is required many developers will solely look to that to alert the user to mistakes in the form be they missing fields or even invalid entries.

One solution in Asp.NET is to use the built in validation controls that validate fields both client and server-side (to avoid client spoofing), but what can we do when we either aren’t in an Asp.NET environment or the built in validation controls can’t process the necessary logic to properly validate inputs?

In classic Asp especially this is a big deal because since developers can’t rely solely on client side validation for security reasons they usually choose not to implement it at all. Where client side validation can really improve your site is in it’s performance. If your form is on a large page or even if the form itself is very large, then relying on server side validation requires a round trip to the server with all fields and values included. If something is amiss, the server has to return you to the page you were on and depending on the build of your site (classic asp or .net) the client and the server have to process either a full or partial post to alert the user to what might have been as simple as a missing checkbox selection. Why go through all that trouble and processing when a simple client side script can perform preliminary or even in some case full form validation without contacting the server? If your user has a slow connection, maybe they are on a mobile device, or perhaps they simply have a slow connection from their provider, they may not realize that when the page begins to reload something has gone wrong. Worst case scenario, they may see the page begin to refresh and assume they’ve finished the process and leave the page entirely. More often than not, they will simply wait for the page to reload, fix any errors they’re alerted to, and re-submit the form, but with client side validation, all that wait time can be avoided. The user doesn’t need to worry about possibly having to wait on a slow connection, they are never given the false hope that they may be done only to have the form pop right back up, and most importantly your network doesn’t have to field and respond to as many incomplete or invalid form submissions meaning your site responds faster for everyone.

As I mentioned before, client side validation cannot take the place of server-side validation because it isn’t as secure, but since the average user isn’t going to maliciously try to bypass your form validation (unless your site caters exclusively to hackers) the duplication of effort on the client side can not only improve the user’s experience on your site, but also cut down on unnecessary traffic through your network and speed up your site’s performance.