Published in
4 min readMay 24, 2017


If you undervalue the form validation, you might be wrong. It is absolutely required in order to prevent a web site abuse by malicious users or manipulative provided information.

Validation of form data is the major reason for security vulnerabilities. It exposes your project to many attacks: cross-site scripting, automated input, SQL injections, hidden field manipulation, header injections and buffer overflows.

But wait… what actually is data validation?

Form validation is a simple thing: it is the process of ensuring that user input is correct, clean and useful. W3 Schools are providing examples of typical validation tasks: has the user filled in all required fields; has the user entered a valid date; has the user entered text in a numeric field. In a nutshell: the main purpose of data validation is to ensure correct user input.

Validation can be defined by many different methods and deployed in many different ways. We can isolate two sides of the data validation: server and client side. Server side validation is performed by the server, after input has been sent to the server, client side validation is performed by the browser, before input is sent to the web server.

How it works? According to Designmodo, “when the user provides all the data and submits the form, usually by hitting the button, the information is sent to the server and validated. The response of the “validator” is sent back to the user’s computer and it’s visualized as either a confirmation message (“everything went fine!”) or a set of error messages.”

Correct form
Incorrect form

Client-side or server-side verification?

It is important to know that only client-side verification is not safe. You should always validate your data on the server side, after the form has been submitted. Client-side validation and AJAX validation before submitting the form are only enhancing the UX and providing quicker feedback on invalid data without reloading the page.

Validation types

Validation types available on App Connect Validation Form

In JavaScript the most used validation format is so called ‘inline validation’ when the page is not reloading to show the error. Here is an opinion on Twitter’s form validation:

The discrete charm of well-designed form validation in Twitter’s forms was absolutely seductive. Informative error messages popped out right when I’d made an error, immediately eliminating irritation. “Inline validation” helped me understand what was going on right away. I could feel that this simple form was trying to have an actual conversation with me. That was a revelation! At the end, I didn’t have to wait for a reload of the whole page to check if the form was filled in with the right data.

There are several types of input validation: text inputs with a pattern defined, date and time, e-mail, bank details, IP address, upload fields. You can validate absolutely every input on your page. And you have to!

How to prevent your input forms from data breaking?

You can use JavaScript, PHP or just the easiest way: Dreamweaver App Connect Form Validator. In a nutshell, it is fully customizable input validation. Now you can have Twitter-alike form validation without any coding knowledge. And even more features:

· If you don’t like the default error styling and you don’t use Bootstrap 3, then you can choose to use your own custom CSS styling.

· You can use the form validation on any HTML5 Form, but also integrate it with dynamic App Connect and Server Connect bound forms.

· 39 validation types available — all the HTML5 standard validations are in, extended with many more to serve all your needs.

· When the form is submitted an additional server side validation is done by Server Connect against the same rules — so your form data is always validated.

You can learn how to protect your data on a low price and find dozens of free Dreamweaver extensions on