D For A Web Developer

via Digitalmars-d digitalmars-d at puremagic.com
Thu May 1 10:56:54 PDT 2014 

On Thursday, 1 May 2014 at 15:11:07 UTC, Nick Sabalausky wrote:
> On Thursday, 1 May 2014 at 13:33:50 UTC, Marc Schütz wrote:
>>
>> IMO the client shouldn't do any validation, unless you can 
>> really, really trust it. That's why I like to do things the 
>> following way:
>>
>> 1. user input on the client
>> 2. post using ajax
>> 3. server validates and stores the data
>> 4a. if transaction or data is invalid fails, send errors to 
>> the client
>> 4b. if everything's ok, tell the client to redirect to the 
>> next page
>> 5. on the client, add error CSS classes to the relevant 
>> fields, or execute the redirect
>>
>
> That's a lot of unnecessary back and forth to the server for a
> JS-based design. Plus it avoids some of the nicer UX 
> enhancements
> JS can enable, like validate-as-you-type, and does so without 
> the
> benefit of not requiring JS. Kind of a worst of both worlds (no
> offence).

Well, naturally I disagree :-)

It's exactly two requests to the server, same as for a normal 
form submission without JS:
- one for the actual submission
   => server responds either with the errors, or with a redirect 
URL
- and another one for requesting the next page (only if 
everything was ok)

Technically, you could already send the contents of the new page 
with the server response, but this has several drawbacks (doesn't 
change the URL, double POST on reload, etc.), so a redirect is 
pretty much standard.

I don't see how you could improve on that in respect to the 
number of requests...

It also degrades gracefully if JS is not enabled: In this case, 
the form submission will not be intercepted by the JS and 
therefore won't be turned into an AJAX request. The server 
notices that it's not an XHR request, and automatically responds 
by rerendering the form view with all the CSS classes and error 
messages in place. (This requires a bit more work on the server 
side, but not a lot.)

>
> Naturally, the server needs to do validation no matter what. But
> there's nothing wrong with doing an optional preliminary
> validation on the client side first.

Exactly. I just feel that client-side validation is unnecessary 
duplication in most cases. But sure, it can be used where it 
makes sense.

More information about the Digitalmars-d mailing list