What is the point of client side form validation?


I’m reading Simply JavaScript and have come to the bit about client side form validation.
Supposing I have a form where the user can submit their name and email address. If I check that the user input is correct using JavaScript and someone comes along with JavaScript turned off, they can effectively submit whatever they like.
This is acknowledged in Simply JavaScript, where the author states that server side validation is in fact a must.
So my question, what is the point of client side form validation if you have to do the same work again on the server?
Am I missing something?
Are there any cases where client side validation is the preferred choice (apart from speed)?

Performance. Catching errors client-side will be much more efficient, since it doesn’t require a round trip to the server. Less server load, faster feedback to the user.

It doesn’t replace server-side validation, of course, but it enhances the user experience.

Server side validation is for the site owner. It makes sure everything has been entered correctly.

Client side validation using JavaScript is to make things more convenient for the person filling out the form. It tells them if they entered something wrong before they fill out and submit the whole form so that they can fix it before submitting it to the server.

Visitors with JavaScript disabled can still submit the form but they have to wait until after they fill it out and submit it to find out if they got anything wrong.

Thanks for the replies.
So, if I understand things correctly then, client side validation is a nice-to-have enhancement of the user’s experience of your site, but can never be relied on if you have to be absolutely sure that certain fields have been filled out.

Do you know if many people bother to have both client side and server side validation?

You always have server side validation.
I often use that code to shape any client side validation, so it’s not really two completely different sets of code to come up with.

You can also track server validation errors-
Figure what causes the user mistakes and you can improve the layout and instructions on the form to mitigate them.

Got it in one, well done. That is the fundamental dichotomy of JavaScript. It’s great to use, but you cannot rely on it actually being used.

Many people don’t use both client-side and server-side, but then many people didn’t believe that the earth revolves around the sun.

You can guarantee that people without server-side validation are at immediate risk of security breaches.

Anyone wanting to ensure that the entered info is valid will have server side validation.

Anyone wanting to try to make things easier for their visitors will have client side validation.

The only people who will not include both are those who have yet to learn what you have just learnt by asking the question in this thread.

Thanks for the replies.

A dichotomy indeed. The more I read about it, the more I see what it can do, and the more it causes me headaches (by having to ensure that everything degrades gracefully).

It’s also annoying spending (not inconsiderable) time working on something that the client doesn’t see or sometimes really appreciate (aforementioned graceful degradation).

After giving graceful degradation a go, web developers discovered more successful approach called progressive enhancement.

You start with just the basic HTML/CSS and get things working that way. It’s always possible to get things working, using forms and buttons.

Then, you apply a layer of JavaScript over the top of that, where the script takes over the form submissions and does the work itself.

Then you end up with a page that works in both scripted and non-scripted environments, and it’s a lot easier to create by building forward in such a manner.

Everyone except rank amateurs, I should think. :slight_smile: