Support us .Net Basics C# SQL ASP.NET Aarvi MVC Slides C# Programs Subscribe Download

Why do we need both client side and server side validation

Suggested Videos
Part 1 - What is the use of JavaScript in ASP.NET



In this video we will discuss, why we need both client side and server side validation. This is a common interview question as well. This is continuation to Part 1. Please watch Part 1 before proceeding.



Client side validation can be very easily bypassed by disabling JavaScript on a client browser. For example the following are the steps to disable Javascript in Google chrome.
1. Open Google Chrome browser
2. Click on the Customise button on the top right hand corner of the browser
3. Select Settings from the context menu
4. Type Javascript, in the Search Settings textbox
5. Click on "Content Settings" button
6. Under "JavaScript" section select "Do not allow any site to run JavaScript" radio button.
7. Close "Content Settings" window

In the application that we worked with in Part 1, comment the call to ValidatForm() method. This is the server side method that validates form input. At this point the code in btnSubmit_Click() method should be as shown below.
protected void btnSubmit_Click(object sender, EventArgs e)
{
    //if (ValidateForm())
    //{
        SaveData();
    //}
}

So, at the moment
1. We have disabled JavaScript on the client browser
2. We don't have any server side validation

Run the application and click the Submit button, without filling any data. Notice that an empty row is inserted into Users table.
client side validation vs server side validation in asp.net

This is because client side validation is bypassed as we have disabled JavaScript and we also don't have any server side method validating the form. This is one of the reasons why we always want to have both client side and server side validation.

If JavaScript is disabled and if we don't have any server side validation, there could be different threats ranging from storing invalid data to security vulnerabilities.

Client-side validation provides better user experience as it reduces the unnecessary round trips between the client and the server. So client side validation is nice to have. 

However, if JavaScript is disabled or if the user is making a request using tools like fiddler we still want to validate the form before saving data. So, server side validation should always be there irrespective of whether we have client side validation or not.

JavaScript tutorial

13 comments:

  1. Hi Venkat,
    I hava a dobut...Please clarify.
    If we write client side scripting and serverside scripting which code has given priority to execute first?

    ReplyDelete
    Replies
    1. first the client side scripting gets executed,after that the server side will gets executed,first priority will be client side only.

      Delete
  2. Client side always executes first. This can be seen logically when button's onclick and clientClick events exists on the same button. After you click the button, the validation will happen that is on clientClick event and if validated then onClick (code on server side) will be executed and save the entry to the database.

    ReplyDelete
  3. yes,client side will execute first then server side will execute

    ReplyDelete
  4. Client Side validation happends first,because,request initiated from the client side only.

    ReplyDelete
  5. Is it possible if only client side validation is present I.e.,JavaScript and no server side validation

    ReplyDelete
  6. Hi All, If we write both Client side & server side validations, then both will execute one after another if javaScript is enabled in browser. How to solve this issue? Please reply.

    ReplyDelete
  7. if client side validation and server side validation happens then what is need of client side validation anyway server side validation is going to happen. please provide a solution

    ReplyDelete
    Replies
    1. We can reduce server calls

      Delete
    2. To reduce the burden of client server round trips

      Delete
  8. I just want to know if client side and server side both execute one by one than how we could save round trip

    ReplyDelete
  9. Before request reaching to server , validation will happen in Client site first

    ReplyDelete
  10. I am creating website with HTML, CSS, Bootstrap & JavaScript. Can you please tell me how to add navigation bar to all the webpages instead of repeating my code. I have put all the code for navigation bar into navigation.html but don’t know how to include it in all web pages. I googled and got few suggestions which didn’t worked.
    Your help will be much appreciated.

    ReplyDelete

It would be great if you can help share these free resources