Wow guys, let's all jump on the client side validation
bashing wagon shall we? Amazing how one simple post can generate
such self-righteous responses.
Kronin555: Actually my users can't turn off JavaScript.
You're making a bold assumption given the fact you know nothing
about the environment in which I work and presumably know nothing
about the environment in which the OP is working. Do you
always need to do server side validation? Ever considered
the fact not everyone's requirements are the same as yours?
Ian Skinner: You're also making an assumption that everyone's
appps have the same requirements and priorities as yours. You're
also putting words in my mouth by arguing it "does not replace"
server side validation - did I say it replaced it? No. Could it
replace it in this example? perhaps - but considering we don't know
the context in which it will be used, who knows? I'm pretty sure
what I actually said was "If you can validate the form before its
submitted you'll save yourself a lot of trouble further down the
track" - looking back at the thread I realise the "trouble further
down the track" I referred to is that the OP wouldn't have to come
back to this forum where no-one seems to give you a straight answer
to a simple question.
You then talk about "protecting ones data" ...what the??
Geez, I thought the OP just wanted to ensure users filled in a
field? Did I miss something in that first post?? "I need to insert
a cfif that will ensure that a form field is populated and if it's
not output a message. Any help?" I'm pretty sure I answered the
question.
Lossed: You also appear to be blind to the fact that there
may be some situations where server side validation is not
required. In a similar fashion to the other two, you make the
assumption that all web applications are built to run in an open,
uncontrolled environment. Your closing remark, "It would be crazy
to rely solely on JS validation" shows how simple your world must
be. Crazy? Really? What about if I'm building a search page? Should
I pass a single search field to the server to validate just so it
can say "please enter a search string"??? What about if I'm
building a simple email feedback form - should I pass the email
address back to the server to validate? Where's the sense in that??
My point (in case you missed it in the above rant) is that
every application has its own unique set of requirements and to
make sweeping remarks like the ones from the three posters above is
either arrogant or ignorant, I can't decide.
Yes, server-side validation is important in some
circumstances but its not always necessary. I work mostly with a
large financial application that utilises both server-side and
client-side validation - there is no way it could do what it does
without both, but to suggest that server side validation can never
be replaced by client side validation is just showing your limited
understanding of the many complexities of real world development.
Anyway I've wasted enough time - go ahead, have another go at
me.. ;)