May i use JavaScript for Validation? Is this best practice in CI?

[eluser]raiser[/eluser]
Now i m using JavaScript for all kind of field validations.. I dont know whether this is the best practice in CI?

You people, please suggest am i doing correctly? If no, then what is the best approach for Validation?

[eluser]Atharva[/eluser]
You can use javascript validation in addition with CI's server side validation, but you should never trust on only client side (javascript) validations. It can never be trusted.

[eluser]raiser[/eluser]
Thanks Atharva for replying... I cant understand why u r saying not to trust on client side validations. Because i am using JavaScript only for client side scripting like Registration, Enquiry etc...

Kindly explain me little more clear..

[eluser]Atharva[/eluser]
Have you ever heard of 'Tamper Data' addon of firefox? It let's you (the user) tamper the HTTP/HTTPS headers and post parameters. So imagine you having a e-commerce website , user are choosing plans and paying for it. User selects plan x for amount y, which passes through javascript validation. Now user is smart, so he activates the tamper data plugin, which lets him tamper the $ amount for your product which is being sent via post method after submitting the form. He changes the amount from $100 to $1. You are a kind of developer who only relies on client side validation, so you do not bother to check in your php script that the amount is actually $100. You pass the tampered value $1 to paypal, and considering you are again too lazy to validate the paypal response in your ipn, the user succeeds in purchasing the item for just $1.

This is just a little example which shows what can be done if you lack server side validation.

[eluser]raiser[/eluser]
Thanks Atharva.. Let me follow this for Server side scripting.....

[eluser]Jaketoolson[/eluser]
I use javascript validation to enhance the user experience (fancy methods for validation). But I still rely on PHP to ensure the data being submitted is 'clean' and valid and meets the same requirements that I set in javascript.

[eluser]CroNiX[/eluser]
It is extremely poor practice to only use JS for validation. All one has to do is turn it off in their browser and bypass whatever controls you have in place.

Your site should be 100% functional without javascript. You use javascript to enhance things AFTER they work normally. Besides, not everyone will have javascript enabled (look at your stats). How will your site look/work for them?

[eluser]Jaketoolson[/eluser]
Infact, I usually setup server-side validation checks first. Once these are working properly, only then do I replicate them in javascript, again, still using BOTH.