What is the point in validating your HTML forms using Javascript, if you are always going to need to validate the forms using PHP anyway? I realize that you get a speed boost from this, and its more convenient to the user, but beyond that, is the time spent on it worth it? If anyone has any good evidence on this I would love to hear it.

Thanks for any help!
Metropolis

UPDATE

After receiving numerous answers I would like to change the question a little. We all know that javascript is much more convenient for the user and it gives faster feedback. What I am wondering is: Has anyone ever seen any "evidence" that its worth it? Or do we just do it because it makes things a little better and everyone says we should? The speed difference is not that significant, and as the internet gets faster javascript validation will bee even more obsolete I would think.

I am starting to wonder if the time spent validating a page using javascript could be better spent.

What is the point in validating your HTML forms using Javascript, if you are always going to need to validate the forms using PHP anyway? I realize that you get a speed boost from this, and its more convenient to the user, but beyond that, is the time spent on it worth it? If anyone has any good evidence on this I would love to hear it.

Thanks for any help!
Metropolis

UPDATE

After receiving numerous answers I would like to change the question a little. We all know that javascript is much more convenient for the user and it gives faster feedback. What I am wondering is: Has anyone ever seen any "evidence" that its worth it? Or do we just do it because it makes things a little better and everyone says we should? The speed difference is not that significant, and as the internet gets faster javascript validation will bee even more obsolete I would think.

I am starting to wonder if the time spent validating a page using javascript could be better spent.

• php
• javascript
• validation

• 1 i totally agree with you, i never use JS for validation, only for decoration :) – darma Commented Aug 9, 2010 at 22:01
• 2 By the question we realize that you understand both server-validation and user-validation so the real question here is if the time spent creating a better user experience is wasted or not. It's pretty subjective. – Frankie Commented Aug 9, 2010 at 22:51
• @Frankie Yes you are right.....What im really looking for is good "evidence" that the juice is worth the squeeze. Have there been any studies done on this? Most of the answers I received here already told me what I know. Everyone always says "javascript makes it easier for the user", but does it actually pay off? Or do we just do it because it makes it easier for them and assume that it pays off? – Metropolis Commented Aug 10, 2010 at 13:50
• take Blizzard, for example, they spend a great amount of time making sure the user experience is as polished as it can be (Apple too). Some other panies prefer to release the product sooner. It's subjective and tied up to your business plan. – Frankie Commented Aug 10, 2010 at 16:15
• @Frankie Well im not a huge fan of Blizzard anymore lol. I think they spend a great amount of time because they put 2 people on it forever, and use that time to hype up the game so they can make more money. I think Blizzard is all about the money now and they have lost their fire that used to make them great. Also, I believe javascript improves usability a lot, but the javascript validation does not improve it like great javascript functionality can. It just overlaps the same thing php is already doing for the most part. – Metropolis Commented Aug 10, 2010 at 17:54

9 Answers 9

Ideally, you validate through javascript and (in your case) PHP.

Both validation methods will work in-tandem to ensure you get the most robust and user friendly functionality possible for your end user.

You will use client-side validation to ensure that all fields are filled in, email addresses are valid, etc.. this will provide instant feedback and won't burden your servers or the user's internet connection.

you validate server-side for security. You can control everything on the server and nothing on the client machine. It's here that you ensure that all entered data is non-malicious and correct.

Keep this in mind: if you are only going to go with one type of validation, choose server-side validation because it is more secure. You should never rely on client-side code for any kind of security.

Using both types of validation gives you the best of both worlds (responsiveness and security) while having none of the downsides. Of course, this means you have to write more code, but in my opinion, it's worth it.

EDIT: In response to the ments

Yes, you have to write more code this way... As a rule of thumb, if it's harder for the programmer, it's easier on the user. It might not make sense in some budgets to do both types of validation and that's a call you're going to have to make. Just make sure your server side validation is rock-solid regardless.

Yes, time is money, and time invested in improving the user's experience is time well spent. If you can't afford to do it now (deadlines/schedule/budget) then do it when you can.

It's all about usability. It is much more convenient for the user to read what errors they have made before the page reloads, rather than continuously submit and reload the page. It can also give a nicer look with some AJAX and the likes, rather than a reload of the page and the very ugly looking red error messages, I think. So the advantage? Much more usable than having server side validation alone.

To provide a better user experience.

The feedback on JS validation is faster, and therefore better than server-side validation on form submit.

The main point of JavaScript validation (when available) is that it improves the user experience. A round-trip to the server requires a page load and the associated annoying flicker as it redraws. Validating in JavaScript code allows you to display a message without all that.

That being said, server-side validation is still required since JavaScript isn't always available (NoScript is quite popular) and because a malicious user will bypass the JavaScript.

Particularly for database backed websites, it tends to be that you need to do server side validation anyway. e.g. to make sure you're inputting valid data into a database or other system. Depending on what the website is updating this could be absolutely critical.

However, client side validation can provide a better user experience. It can be used to provide instant feedback. e.g. when you move focus away from a text box a validator can provide instant feedback which is great when you're filling in a long plicated form.

The bottom line is that you will still need to input good data into your database. And the more correct the information stored in there, the less problems with the system you'll have later. You need both.

e.g. What if someone updates the website code in the future and breaks the validation? or someone writes a script to automate inputting data, bypassing your web front end all it's validation?

I'll say it again. You need both.

...i think you're also keeping your karma cleaner, when hundreds or thousands of your users don't wish you burn in hell for making them fill in 5-7 fields (with textarea) to be informed on the next page they mistyped their email so they have to start all over again :D it doesn't eat up much of my time to incorporate javascript, id say 1-2 minutes maximum for 1 form. and it saves lots of nerve cells of my users. be a humanist! love ur neighbour!))

Client-side validation allows for an increased user experience. The feedback you give to the user leads to less frustration, less errors, more conversion, more money. You generally have a better response rate with this kind of validation, which is very valuable.

An high quality software needs this. Users feels happy, and they will spread their joy. A user who has a bad experience won't e came and won't tell his friend.

It's not only decoration when you get to business and sales. ;) The return on investment is worth it.

Easy.

Javascript to help the user enter correctly formatted data. PHP to make sure whatever enters your script gets cleansed before further processing.

Ofcourse you'll have to do both. Users want it, your customers want it and frankly, you think it's fugly getting php errormessages after submit aswell.

I don't think the argument of having to code extra .js which presumably would eat up your time/budget holds any thruth. There's so many libs and scripts outthere, either one will enable you setting up disco validation in no time at all. However, don't get carried away with dealing out eye candy. .js validation is just there to help. Not to impress.

PHP runs serverside, javascript runs clientside. You don't want your server crunching form validation when you can get the clients puter to do so. Plus it saves bandwidth.