Is just client-side validation enough? HTML and JavaScript validation

April 12, 2022

Is just client-side validation enough? HTML and JavaScript validation

In this article, we will learn if client-side validation is enough – when we only use HTML and JavaScript to verify the input data

client-side validation thumb

Hey you programmer, is everything ok? Let’s learn more about client-side validation!

Answering the question: No, client side or client side validation shouldn’t be the only one on your system

This is because it can be easily tricked.

Client side issues

In HTML we can manually change the validation attributes of the inputs, making them accept any type of data

Also some validations may not be done correctly, such as required for example, which can be removed

JavaScript can be easily disabled, and then your validations will not take effect either.

Finally: you never trust anything that is sent by the client

We may have problems such as: incorrect data, poorly formatted and unforeseen system problems

That’s why you should always have the validation backend layer as the most secure source

The front-end should not be considered as a validation, but as a ‘guide’ of what the customer must fill in

The only case that maybe only the front-end was needed is when the data is not of much use in the project, of course it’s rare, but it can happen

Backend Validation

On the server side we can have the help of more tools to create our validations

Even the errors generated by languages ​​such as PHP and MySQL can be used

An exception when a data has been submitted wrongly

But the best thing to do is to clear all the sent fields, taking out special characters and blank spaces

Anyway, all the garbage that we won’t use for anything

And this interval between data processing and the database is where the customer has no control, as he does not have access to the code or the possibility to change it.

That’s why we should focus our greatest efforts on validating on the server side, that is, the application backend.


In this article we learned if client-side validation is enough

Several reasons were discussed discouraging the practice, as it can be easily circumvented by invaders

The back end tends to be more difficult, as there is no code control and no possibility for hackers to see it.

So we can make several deals in order to protect the software, so the server side (back-end) is the most suitable

Do you wanna learn more about front-end? Click here!

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x