First of all, you should have a clear idea of what happens when a user submits a form that has a JavaScript validation script.
The form is checked by a JavaScript like the one described below. If the script finds a mistake the submission is halted here. The user sees an alert and is asked to re-enter some data.
If nothing is wrong—or if JavaScript is disabled—the form is sent to the server and is processed by a CGI script. If the CGI script finds a mistake it generates some HTML with an error message and sends it back to the user. In this case the user has to go back to the form, re-enter some values and again submit it. If no mistakes are found, the CGI script does whatever it has to do with the data and directs the user to a Thank You page.
As you see, the form is checked for mistakes twice: by the JavaScript and by the CGI script. The CGI check always works, since CGI is server side. The JavaScript check only works when the user has JavaScript enabled. It follows that the CGI check is the most reliable: it always works regardless of what browser is used. Then why use a JavaScript check too? The JavaScript check is very useful in addition to the CGI check because it can catch mistakes before the form is actually sent to the server. Thus the user doesn’t have to use his back button to return to the form, something that may cause confusion, and then search for the incorrect form field, which may cause even more confusion. Therefore the JavaScript check is more user friendly than the CGI check.
In addition, when you use JavaScript the server doesn’t need to spend quite so much time in error handling and is thus a little quicker. This only matters if you have lots and lots of forms, but it’s good to keep it in mind.
So, JavaScript is not a fail-safe method of catching mistakes, but it is very useful as an addition to CGI checks since it lightens the load on the server and is more user friendly.
Therefore I recommend using both JavaScript form checks and CGI form checks. This
way, you get both user friendliness and security.
