Validation should always be implemented on both the server and client. Server-side validation is needed to sanitize user inputs so that information is safe. Client-side validation provides better user experience by offering immediate feedback that help users correct issues immediately.
- The form information is sent to the server and validated.
- If the validation fails, the response is sent back to the client, the page containing the form is refreshed and feedback shown.
- After correcting errors, the user resends the form to the server for validation.
- Secure validation that can't easily be bypassed by malicious users.
- Easy to provide persistent feedback. For example, a form is submitted to the server and the user navigates to another page before validation is complete. Sever-side validation can allow us to:
- Display a feedback message on the page when the user returns.
- Send an email to the user with validation feedback.
- Users must fill all the information and submit it to the server before they get feedback.
- Server response may delay feedback as the information is being validated.
- The form information is validated on the browser. If validation fails, feedback is shown on the the webpage containing the form.
- After correcting errors, the browser validates the form again. The information gets sent to the server once validation is successful.
- Feedback is provided in near real-time.
- User input can be validated as users types; fixes can be immediate
- Unsecure validation. It's easy to turn off browser scripts and bypass the validation.
- Not valuable when access to the server is needed to validate user's input. For example: checking if a username is already in use requires access to the server.
- Can't provide feedback that persists on the page if the user navigates away.
The above GIF demonstrates combining real-time validation and validation on Submit
Logintriggers validation on Submit, errors are displayed.
- As the user types to correct the errors, real-time validation is triggered with every key-stroke. Once the error is corrected, the error message disappears.
Validation and feedback is provided as users are filling a form field. It can be implemented during typing or after the field loses focuses or both. Typical of client-side validation but can also be used to for server-side validation.
- Immediate feedback is provided to the user.
- Can be distracting if overused, misused or badly implemented.
- Not valuable when validation can take more than 1 second.
Triggered when users hit the form's submit button. The submit button is often
Save but can be something else. Feedback is then returned and displayed to users. If errors exist, they are displayed to the user. Typical of server-side validation but can also be used for client side validation.
- Users are able to fill forms without any interruption.
- Required fields that are empty can be caught.
- Valuable when validation can take more than 1 second.
- Users will be able to fix errors only after they try to submit the form and get the response back from the server.