Form Validations: which is the best way- client side or server side?

I am trying to find the best method to perform the form validations - The forum proposed two options before me - either to do the validation on server side that is the traditional way, or to do them on the client side, which is the reactive way. Which one is the most beneficial one?

Standard application development pattern recommends the validations to be implemented on the server side to maintain data integrity & security. But having that logic on the server side will impact the performance of the application. So, what is your best pick? 

Olá Saurabh,

Acho que essa pergunta responde às suas dúvidas.

Validações | OutSystems 


Jorge Rodrigues

Hey Jorge, 

Thanks for your reply. I will check the mentioned post!

The correct answer is really both.

As a standard security/integrity measure, you want to make sure the system is as robust as possible, so it makes sense to have validations in as many places as possible; in this case both client-side and server-side.

Beyond blindly following my advice or the documentation's, it helps to know some of the specific benefits that each one brings.

Client-side: validate fields and potentially give the user more of a "real-time" feedback (e.g. right after they finish typing one of the fields by using the OnChange event), without the need of an additional request to the server/database.

Server-side: enforce data integrity & security for every single request, even after they go through client-side logic. Somebody with enough expertise of JS and advanced browser developer tools might be able to deliberately bypass the security/integrity checks that you define exclusively in the client-side; the same isn't true for server-side logic since it runs in the server. 

In that regard, I would call server-side validations the "must-have", but you should also leverage the client-side logic as much as you can just to make your applications more robust and, at the same time, provide a better experience for your end user. The only "downside" is that you will very likely find some duplication for the checks in your Server/Client logic, but for most cases it should be fairly straightforward and easy to manage/update, as you can even copy/paste most Basic data type operations between Client Actions and Server Actions.

Hello @Francisco Calderón 

Thank you so much for this in-depth answer. This definitely resolves the confusion I was in.  


In short, client-side validations can always be by-passed by someone with enough JavaScript knowledge. So though they are helpful in offering a quick response, be sure to perform server-side validations also. Also note that client-side validations are also available in Traditional Web, but they are a slightly different concept in that case.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.