views:

86

answers:

5

Concerning validation,

  1. Are javascript and ASP.NET validation used for the same purpose?

  2. If yes, which one do you recommend? Please provide a simple explanation.

Thanks

+14  A: 

Always validate on the server. Client-side validation is only to make the user experience more pleasant. Which is important, but only important as far as the experience goes. Validation on the client is not important at all for the purposes of validation, because anything running on the client machine can be compromised or bypassed by the same client.

Rex M
+1. I could not have said it better myself.
Sune Rasmussen
+1  A: 

You should ALWAYS have server side validation. Javascript validation is nice, but it is not the same as server-side. You should always assume that the client will be able to send you malformed data.

webdestroya
HAHA we wrote the same answer at the same time! :)
Jacob Relkin
@Jacob - I was about to say the same thing :)
webdestroya
+3  A: 

ASP.NET validation controls are the way to go if your using Webforms. It automatically does client side and server side validation. If you go with vanilla javascript you will be missing the most important part of the validation process which is server side validation.

Validation server side is really the only validation that you can perform reliably to ensure you have good data. Client side is there just to make the process a little more user friendly only.

There are so many built in validation controls in ASP.NET Webforms that it makes validation a lot easier and if you run into a case where you need something specific, just use an CustomValidator.

Kelsey
+1, this goes to the crux of it. Link: http://msdn.microsoft.com/en-us/library/yb52a4x0.aspx
T.J. Crowder
A: 

I'm in...

You should ALWAYS validate on the server!

Will Hartung
A: 

Do both

If you want something to 'happen' when the user does something 'valid' then validate it using some javascript before making a request back to the server (don't make a request unless it's needed).

Once the user has done something 'valid' then perform the request where you validate again on the server side since you 'never trust anyone'.

Justin