I was talking to a co-worker and we had a discussion on client side validation.
Which validation method is better (javascript/asp.net validation)?
I know when javascript is disabled on the browser then validation would be disabled but with asp.net validation control, you can just call the method page.validate() to do validation even though javascript is disabled.
You should always do server-side validation or you risk injection attacks.
JavaScript validation is nice-to-have and prevents unnecessary round-trips to the server, but it can be disabled like you point out.
Use server side validation for data integrity and security. Use client side validation for usability. Server side should always be used. But client side validation should be used as a way to enhance value to users. I make a dumb typo I want the app to be smart enough to catch my mistake. If you expect your users to always do the most unexpected things you will have a good strategy. Although there are many smart people using the web. If you start with the assumption that it mostly just monkeys typing random stuff into the computer then your code and project will be more robust. And when it comes to publicly facing websites and bot nets, the monkey analogy is not that far off. It really is just random stuff entering through your forms.
Do both.
JavaScript gives near immediate results.
ASP.NET validation is the solution for bullet-proofing/fool-proofing/spoof-proofing. It is a must to have.
You have to do server side validation. Imagine your user has js disabled, it could mess up your database. You also risk all kind of injection attacks.
That said, in some cases inline validation is nice because it gives the user an immediate feedback, improving the usability.
