hi, i really love the jquery validation plugins, look neat stylish and accessible, but as you know JavaScript can be turned off and boom your user can enter what ever he wants, therefore you should validate on server too, so what is the best approach here ?
do double validation one with jquery and one on server side or is there a better solid secure way ?
The only way to go is to validate with jQuery and then do the same validation again on the server side.
Client side validation is only for making your application more user friendly. So validate the fields that will save the user some round-trips to the server and that will contribute to a better user experience.
Always validate on the server side. This protects you from attacks to your application. It also helps from feeding erroneous input to your code.
Well double validation is probably the only way to go - if the user disables javascript, then no validation will be executed on the client side, therefore you MUST have server side validation. On the other hand - for the convenience of most users - there should be a client side validation mechanism so that round-trips to the server are minimized.
That's why I still use the Asp.Net validation. Because, with a minimal effort your data will be validated on the client and server.
You should always validate your data server side, jQuery or not, never trust incoming data.