Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Lorenzo Minto
Lorenzo Minto
13,898 Points

Shouldn't empty fields submit be prevented directly by the Javascript?

Wouldn't it be easier and more time-efficient, also for user experience?

4 Answers

Petros Sordinas
Petros Sordinas
16,181 Points

Hi Lorenzo,

Yes and no. As most things, it depends.

You can prevent empty fields with javascript, either when the user tabs to the next field or on form submit. With HTML5, you can even do this:

<input type="text" name="username" required>

But even if you do this, you still have to validate your input on the server side. In the future, you might want to change your HTML files and might forget the client side validation. Then you will get an empty field in the database which may either break your business rules, or even worse, break a database rule and break your app.

So, the short answer is yes, you can but server side validation must always be performed.

Very good point as well. You should always validate both client and server.

Yes you are correct, it makes more sense to do validation on the client side because it improves the UX drastically. There are numerous ways to do that either in plain JS like this:

function validateForm() {
    var x = document.forms["myForm"]["fname"].value;
    if (x == null || x == "") {
        alert("Name must be filled out");
        return false;
    }
}

or using numerous libraries like Parsley (which is helpful for complex data). http://parsleyjs.org/. In my opinion the best way to validate a form is to actively check what the user is typing and make sure it meets the requirements, so for example as they are typing an email the box won't show a checkmark beside it until the .com or whatever is at the end is put in. You've probably seen this on password forms so that the user can see if they have met the minimum requirements.

Edit: As Petros mentioned, you should always double check the data server side as well because the javascript can be modified so that the form can still submit even with incorrect data but at least from a usability perspective doing it client side should be done as well as server side.

Yes, you can do it, but it's not safe and pretty useless.

JS could be used for a 1st step check only, and just for improve the user experience. After that you should use a server side validation.

This is simply because the user can see, modify and ignore everything you code in JS. This code is passed to the browser (clearly) and is the browser that elaborate this code and make things append (like animations ecc...)

On the other hand everything you code in php is not visible for the user. They don't know what you coded, consequently they don't know how to (and actually they can't) avoid your validation on the server side. This is because the server elaborate the code and send to the browser an "answer". So, if the browser with JS have the duty of run a code to find a solution, in PHP a server already run the code, and provide the solution to the browser. The user can modify the code you wrote in JS, but can't modify something that is on your server.

I think that the question was more about if it made sense to do validation from a usability/ux perspective, which it does. Yes the user can change the JS, sure they can bypass things, but the point is that you can save the user a lot of headache by checking their input realtime/pre-post.

+1 for ALWAYS VALIDATE SERVER SIDE.