Re: Server-side Form Validation (Perl)

by "Srinivasan Ramakrishnan" <srinivar(at)md3.vsnl.net.in>

 Date:  Fri, 14 Jul 2000 00:17:32 +0530
 To:  <hwg-languages(at)hwg.org>
 References:  yahoo
  todo: View Thread, Original
I know this doesn't answer your question, but here's a question I was asked
on another forum, and my answer.

Question:

>hi guys,i seem to have a real problem.till today i firmly
believed that JavaScript is used for client side validation
.But the BIG SHOCK is that top sites (yahoo ,hotmail) are
not doing Clientside validation but Are doing SErver side
validatation..CAN ANY BODY EXPLAIN THE REASON.

>Answer:
Your question is profound in the sense that it crosses the realms of being a
 purely technical question into also one of practical business sense. There
is no
 single answer, but I will present here some of the reasons why JS
validation is
 shunned.

To answer your question you have to go into the shoes of the website owner.

Answer these questions:
1) How mission critical is your website?
2) How much of server side programming ability do you have, or rather how
 sophisticated are your server side programs?
3) What is your budget?

If your website is mission critical, or you are not the type who takes a
 chance then you don't rely only on JS for validation. Since not all users
have JS
 capable browsers the website has to invariably spend on creating a server
side
 validation routine. And all said and done, nothing beats a server side
routine in
 maintaining the integrity of the data entered.

Let us say you are signing up for an email account with a portal, there
exists
 atleast one form field which cannot be determined to be correct on the
client
 side, and that is the username, since the website records have to be
checked,
 which becomes a server side process. Now since a trip is anyway going to be
made to
 the server, you may as well do all the validation on the server side.

JS based validation usually lacks visual appeal since the common way to show
 an input error is through an alert box, which disturbs the visual appeal of
the
 website. Ofcourse using DHTML I could maintain the visual integrity of the
 design, but the amount of work involved would be very high considering that
DHTML
 aware browsers are not a majority.

On the other hand a server side validation will output the result into a
 template designed for your browser. Clean, safe, cheap and simple.

Sites like Yahoo like to promote a lightweight look, and they achieve that
by
 sticking to the lowest common denominator technology. That is if plain HTML
and
 server side can do the job don't tamper with it since it is bound to be the
 lightest.

In the end it all adds up to
a) Are you willing to spend on DHTML for a small segment of your users?
b) Are your users willing to take up the additional technology jump?
c) What is your design strategy? Is the cost of an additional trip to the
 server acceptable to the user?



----- Original Message -----
From: Quackamoe <quackamoe(at)yahoo.com>
To: <hwg-languages(at)hwg.org>
Sent: Thursday, July 13, 2000 10:21 PM
Subject: Server-side Form Validation (Perl)


| All the examples of form validation* I can find
| use JavaScript. I'd like to use Perl instead so
| I don't have to worry about somebody having JS
| turned off. (And because I know Perl a bit more
| than JS.) ;) Even Lincoln Stein's book uses
| JS for this.
|
| I'm guessing I don't have to reinvent this
| particular wheel. Any thoughts? Pointers? Tips?
| URLs? Funny stories? Choice bits of gossip?
|
| TIA,
|
| Terry Fowler
|
| * like checking for a valid phone number, email
|   address, ensuring there's no hostile code
|   included, etc.
|
| __________________________________________________
| Do You Yahoo!?
| Get Yahoo! Mail - Free email you can access from anywhere!
| http://mail.yahoo.com/
|

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA