Why is client-side validation not enough?

validation server-side client-side-validation
Misha Moroshko picture Misha Moroshko · Aug 14, 2010 · Viewed 11.1k times · Source

I saw here that:

As you probably already know, relying on client-side validation alone is a very bad idea. Always perform appropriate server-side validation as well.

Could you explain why server-side validation is a must?

Answer

Pekka picture Pekka · Aug 14, 2010

Client-side validation - I assume you are talking about web pages here - relies on JavaScript.

JavaScript powered validation can be turned off in the user's browser, fail due to a scripting error, or be maliciously circumvented without much effort.

Also, the whole process of form submission can be faked.

Therefore, there is never a guarantee that what arrives server side, is clean and safe data.

Related questions

How to validate an email address in JavaScript

Is there a regular expression to validate an email address in JavaScript?

Read More
How to allow only numeric (0-9) in HTML inputbox using jQuery?

I am creating a web page where I have an input text field in which I want to allow only numeric characters like (0,1,2,3,4,5...9) 0-9. How can I do this using jQuery?

Read More
Validate decimal numbers in JavaScript - IsNumeric()

What's the cleanest, most effective way to validate decimal numbers in JavaScript? Bonus points for: Clarity. Solution should be clean and simple. Cross-platform. Test cases: 01. IsNumeric('-1') => true 02. IsNumeric('-1.5') => true 03. IsNumeric('0') => true 04. …

Read More