Validate form client-side, server-side or both in Ajax form?

Question

I'm developing this app which as a very basic Ajax form and I'm currently validating the form input through jQuery with it's default validation plugin.

I'm wondering if I should also do server-side validation after submitting the form or just ignore and assume everything is right since the client-side validation was successful?

There's two things to keep in mind though:

1) Although the form is capable of being submitted without JavaScript, the server-side script will not handle this behavior. I mean, the data will be processed and inserted into the database but it won't return anything, so the user would see an empty page after submitting the form. And besides, this application is strong on JavaScript and won't work without it (it's a Facebook application by the way).

2) Right now the application is very simple and there's only 2 options on that form. One is a textbox and it's the only thing being validated (it's required and must be only digits). The other option is a set of radio buttons which by default will have one of them selected, so even if the user forgets about this option, something will be selected. It's basically the default value for this option (there can be no default for the textbox though).

Answer 1

Always validate server side! Besides the security issues, that may not play a big role here, there are other things to adhere:

• What happens when I submit something like "q8" in the "two digits" field (bypassing the client side validation)?
• It's not really user friendly to just set a default option, if nothing is selected by the user.

Furthermore, if there are only two fields in the form, I think, there's not that much of an effort to implement server-side validation...

Answer 2

Server-side: Necessary. Always do this.

Client-side: Nice. Makes your app more responsive. Optional.