Data Validation in Web Applications

In web applications, data validation is handled on the server although some validation can also occur on the client before data is submitted to the server. When data is submitted from the browser to the server, occurrences on the web page are reconnected to the database, and the normal validation triggers are fired.

Server-Side Validation

Validation takes place during execution of the ProcScript statements webload and reconnect (for DSPs) and webget (for USPs). Data validation errors may result from, for example:

  • Field syntax errors, such as a mandatory field having no value
  • Data formatting errors, such as a value with four decimals in a field that only accepts two decimals
  • Values that do not meet validation constraints, such as a value of one field being dependent on the value of another
  • Database occurrences that are no longer present in the database
  • Duplicated keys
  • Exceptional I/O errors

If errors are encountered, the field and occurrence error triggers are fired after the complete input stream is processed, for each occurrence that could not be connected to the database.

For more information, see Data Error Handling in Web Applications.

Client-Side Validation

It is possible to have the browser perform some field syntax checks so that the user can correct data entry mistakes before the data is submitted to the server, but this does not replace server-side validation. For more information, see Syntax Checking in Web Applications.

In dynamic server pages, it is also possible to implement validation logic on the client using JavaScript in an OnChange trigger. This should only be done to provide the user with immediate feedback when entering data, and not to replace server-side validation.

The stateless nature of web applications means that the server has no knowledge of client-side validation. When data is submitted from the browser, the validation triggers (which are only available on the server) are fired. If you use client-side validation, you need to ensure that the validation triggers also validate the data.

It is possible to reuse the server-side logic by activating a server side operation in the OnChange trigger. The advantage is that you only need to put validation logic in one place. The disadvantage is that it requires a trip to the server every time the OnChange trigger is fired. For a commercial internet application, this may be undesirable because it increases network traffic and slows response time.

Related Topics