[Sigia-l] UI Design Question - Client Versus Server Side Validation
Simon Wistow
simon at thegestalt.org
Tue Feb 25 12:45:08 EST 2003
On Tue, Feb 25, 2003 at 09:18:31AM -0800, Patrick Neeman said:
> Are there any studies out there that show the effectiveness of client
> versus server side validation of web forms?
Speaking as a developer, this isn't an either/or.
You *always* have Server Side Validation. *Always*.
No ifs or buts about that.
At the very least it prevents user tainted data from rampaging unkempt
through my systems. [*]
As a nice benefit it means that whatever you're collecting data for is
guaranteed to be complete whether the user has Javascript turn on or
not.
After that you can add some client side validation if you want, and
that's nice for the user cos it means that they don't have that extra
second of their life wasted whilst the server does its thing but please,
in the name of all that is good and holy, make sure that your Javascript
works in *all* browsers on *all* platforms over *all* versions or, at
the very least, doesn't do anything unless you've got the exact same
user agent as the browser it was tested rigourously on.
...
Sorry, melodrama over.
Simon
[*] If you wonder what I'm talking about here then imagine I'm taking
the user's data without scrubbing it first and sticking it in a database
using SQL.
I input "Simon" and the resulting SQL is
INSERT INTO users ('name') values('simon');
No imagine that JQ WileyHacker puts in this string
"Hacker'); DELETE FROM users where (name like'%"
Now my SQL is
INSERT INTO users ('name') values('Hacker');
DELETE FROM users where (name like'%');
which will delete all your data.
--
the test for truth is still quicker than the addition
More information about the Sigia-l
mailing list