Soft and hard validation policies

Practically every website contains web forms, whether it's a simple feedback form or a new user registration process. To ensure that the data sent by the user is correctly received and processed, it's necessary to check that the web form is filled out correctly. This is done through validation. Valid data can be sent to the server and stored in the database. In case the user has made a mistake when filling out the form (intentionally or not), the data should not be saved to the database.

According to the international standard ISO 9000, validation is a confirmation that the requirements set out for a specific use have been met. Validation should answer the question «Are we making the right product?». 

There are two types of form validation from a technical point of view:

• client-side validation;
• server-side validation.

The difference between client-side and server-side verification

Client-side validation is an instant data check directly in the browser, in other words, before the data is sent to the server. It is much more convenient than server-side validation, as client-side input validation provides a quick response. 

There are two main methods of implementation:

• using JavaScript – very flexible and fully customizable;
• using HTML5 – has better performance, but is limited in its customization compared to JavaScript.

Server-side validation is performed on the server after the data has been sent. This is less convenient than checking directly in the browser, as the user will not receive feedback until the entire form is submitted. An exception to this is validation using Ajax – Ajax-calls to the server can be validated as they are entered and provide immediate feedback (for example, checking a new username for availability during registration). Server-side validation is the final defense against invalid or even malicious data. This method is safe because attackers cannot easily bypass it, and it can be used even if JavaScript is disabled in the browser. Today, all popular server-side frameworks have data validation functions.

The main disadvantage of client-side validation is the fact that it is based on JavaScript. If users disable JavaScript, they can easily bypass the validation. Hence, validation should always be performed on both the client and the server. By combining both server-side and client-side methods, we can have the best of both worlds: faster response, more reliable validation, and a better user experience (UX).

In general, there is a distinction between hard and soft validation.

By default, the validation rules are strict, meaning that the user must correct errors before sending data to the server. Strict validations guarantee high-quality customer data with minimal errors. However, the problem with strict validation of forms is that it effectively blocks the user's work. This is, of course, its purpose, but if the validation rules cannot be applied flawlessly, users may end up facing obstacles. For example, users with unusual (but real and fully valid) email addresses are blocked by email validation means, resulting in the user being unable to complete the checkout. In such cases, a new email account may even be created just to shop on that site.

By excluding strict checks, it is possible to implement soft validation rules that can be ignored by the user. If the data entered does not meet certain requirements, the user will see a warning about it. At the same time, users will be able to continue working and even save their data by sending it to the server.

Validation is meant to alert users that they need to re-examine the entered data without preventing them from continuing their work. The user should be warned of the potential consequences of incorrect input and offered to proceed at their own risk.