Support us .Net Basics C# SQL ASP.NET ADO.NET MVC Slides C# Programs Subscribe Buy DVD

Why do we need both client side and server side validation

Suggested Videos
Part 1 - What is the use of JavaScript in ASP.NET



In this video we will discuss, why we need both client side and server side validation. This is a common interview question as well. This is continuation to Part 1. Please watch Part 1 before proceeding.



Client side validation can be very easily bypassed by disabling JavaScript on a client browser. For example the following are the steps to disable Javascript in Google chrome.
1. Open Google Chrome browser
2. Click on the Customise button on the top right hand corner of the browser
3. Select Settings from the context menu
4. Type Javascript, in the Search Settings textbox
5. Click on "Content Settings" button
6. Under "JavaScript" section select "Do not allow any site to run JavaScript" radio button.
7. Close "Content Settings" window

In the application that we worked with in Part 1, comment the call to ValidatForm() method. This is the server side method that validates form input. At this point the code in btnSubmit_Click() method should be as shown below.
protected void btnSubmit_Click(object sender, EventArgs e)
{
    //if (ValidateForm())
    //{
        SaveData();
    //}
}

So, at the moment
1. We have disabled JavaScript on the client browser
2. We don't have any server side validation

Run the application and click the Submit button, without filling any data. Notice that an empty row is inserted into Users table.
client side validation vs server side validation in asp.net

This is because client side validation is bypassed as we have disabled JavaScript and we also don't have any server side method validating the form. This is one of the reasons why we always want to have both client side and server side validation.

If JavaScript is disabled and if we don't have any server side validation, there could be different threats ranging from storing invalid data to security vulnerabilities.

Client-side validation provides better user experience as it reduces the unnecessary round trips between the client and the server. So client side validation is nice to have. 

However, if JavaScript is disabled or if the user is making a request using tools like fiddler we still want to validate the form before saving data. So, server side validation should always be there irrespective of whether we have client side validation or not.

JavaScript tutorial

5 comments:

  1. Hi Venkat,
    I hava a dobut...Please clarify.
    If we write client side scripting and serverside scripting which code has given priority to execute first?

    ReplyDelete
    Replies
    1. first the client side scripting gets executed,after that the server side will gets executed,first priority will be client side only.

      Delete
  2. Client side always executes first. This can be seen logically when button's onclick and clientClick events exists on the same button. After you click the button, the validation will happen that is on clientClick event and if validated then onClick (code on server side) will be executed and save the entry to the database.

    ReplyDelete
  3. yes,client side will execute first then server side will execute

    ReplyDelete
  4. Client Side validation happends first,because,request initiated from the client side only.

    ReplyDelete

If you like this website, please share with your friends on facebook and Google+ and recommend us on google using the g+1 button on the top right hand corner.