I am doing project in php and use codeigniter. i have to be done validation of form in that and i am confuse to use either serverside validation or client side validation.??
what is good for social networking site either server side validation or clientside validation.??
is anybody know what strategy is used by facebook and twitter for validation??
Both, but if you had to choose one, server-side.
Client-side validation will make your form more accessible and user-friendly. You won't waste your user's time by refreshing the page just to let you know that there's an error.
Client-side technology, mainly JavaScript, can be disabled, leaving no validation at all.
I would always suggest both.
If you're using jQuery, this is my (and a popular) favorite: http://bassistance.de/jquery-plugins/jquery-plugin-validation/
CodeIgniter has it's own form validation library, but if you're looking for an alternative, check out the PHP jQuery Validation plugin class. It mimics the jQuery plugin I just mentioned... only in PHP.
you should always user serverside validation, no matter if you use client side validation too. everything you get from client side should not be trusted.
Clientside validation is useful for good user-experience only. It cannot be trusted. The http request can be easily modified by commonly found browser tools to bypass all client validation.
Serverside validation is a must.
Really depends on what you want to validate. If validating requires data from the database, in that sense you will only be able to use "server-side" validation, or at least, server assisted.
However, these are not precise terms, and these days, validation is usually done with Ajax, which LOOKS client-side, even when using server-side data, that is the current trend.
For Social networking sites you have to split your validations in two parts (i.e. client side and server side) because there are two issues with social networking sites one is the user friendliness and the second is security of user informations.
For things which have no issues with security and privacy you can use client side validation (like email-id syntax or date of birth syntax validation) and for other stuffs (like to check weather an email id really exists or not and other password related validations) should be on the server side.
The point is that any one can edit the client side scripts and submit the form to the server which is bad practice.
So After client side validation its good practice to have (in-fact necessary) server side validation.
Server Side Validation is a must because that is what you can control altogether. I mean you are already ready from your side to defend unwanted and illegal data entry etc. Client side too are written already by you but they can be turned off as javascript is by default turned of in IE. Hence it leaves a risk that the incoming data might not be validated at all.
Having a server side validation can always defend this....
Hence Server side authentication can be tweaked as such as it comes into play only if a disabled javascript is detected hence giving a 2 way protection!!!
Even I would recommend both as essential in fact server side more essential, (If you would be able to use automatic triggers in SQL/ACCESS/ORACLE they would lessen your need for server side scripting considerably) Happy pogramming!!! :)
