User:Sandeep pilania/sandbox

Form Validation is a process of validating the inputs on web forms. Often the correctness of the values entered by the users in the web forms, are need to be checked on the fly. This is called "form validation". Form validations are typically performed before saving the data into databases or processing it for the further web-based application.

Client side and Server side validation
Form validations check can be done on both the server side as well as on the client side. Server Side Validation happens on user input during postback session when the user input requires server resources for validation whereas Client Side Validation takes place on web browser itself without requiring a postback session. .

Typically, client-side validations are more vulnerable to malicious attacks as compared to server side validations, a part of the reason is that some browsers don't have restrictions to allow operations without any client side scripting. Also, there are ways like ActiveX which can bypass the web browser's restriction to allow access beyond browser application. Although Server side validations are more secure, client-side validation has its own significance. Since a server source is not required for a client-side validation, the validation can be performed at the browser level. It helps to make the validations faster by saving on the round trip to and from the server and making applications more user friendly. The client side validation make use of front-end web development and thus, programming languages used are HTML,CSS and Javascript.

Validation Support
Data validation is a widespread practice and form validation draw significant similarities with that. Web forms, being a more specific and commonly used type of data validation, have attracted the development of a number of APIs and tools to expedite the validation. The tool used for implementation of validation depends on the platform if the validation is performed on the client side or on the server side. For example, Ruby on rails is a web application framework supported by custom gems and it supports client-side validation through built in Active Record Validation helpers. The typically known front end web development language HTML can make use of JavaScript for form validation. JavaScript is the most commonly used language for front-end or client side development with Dynamic HTML and browsers can run JavaScript locally which provides ease for validating at the client side, however, it is possible for users to switch off or bypass the JavaScript functionality in browser and bypass the validation and other features. Better practice is to validate on both server and client side as it will reduce the risk of bypassing the JavaScript functionality and will make it more efficient and faster.

Common Validations
Form Validations varies from environment to environment for example Ruby on Rails has different built in validation methods (termed as Validation Helpers) as compared to JavaScript built in methods.

Active Record Validation Helpers accept an arbitrary number of attributes, which helps it validate multiple attributes in one instance and on each failure of validation it appends an error message to object’s error collection.

Example:

Ruby on Rails:

In above code, format is an active record validation which matches the given attribute with a regular expression. Here, format checks whether attribute: test_code have small case letters only and in the case of failure it generates the error message: “only allows small case letters”. See more

JavaScript :

Above code is an example of HTML form validation in javascript, where name field value of myTestForm is being tested to be not null. So, if its null is generates an alert message “Name must be filled out”.